[cas-user] CAS 3.4.10 - CustomPasswordAuthenticationHandler - RESTFul API issue
Pietro
I've installed CAS 3.4.10 and restlet integration.
When "serviceRegistryDao" is "InMemoryServiceRegistryDaoImpl" the authentication process from Java HttpClient Class works fine, when I switch to my CustomPasswordAuthenticationHandler the Authentication process, via Browser, works fine
but if I execute Authentication process from Java HttpClient Class I got Exception... If I try to work with RESTful Api I have to change TicketResource default class with my custom implementation or is there the best way to get CAS Restful Api get work?
Thanks in advance.
--
You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Pietro
2011-10-11 10:48:27,109 ERROR [org.jasig.cas.integration.restlet.TicketResource] - <error.authentication.credentials.bad>
org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody10(CentralAuthenticationServiceImpl.java:423)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:44)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
Kirk, Matt
Are you sure you have successfully authenticated using the Rest API? The log you attached shows the following entry before the exception showing an authentication failure:
2011-10-11 10:48:27,109 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: mypackage.cas.authhandler.CustomPasswordAuthenticationHandler failed to authenticate the user which provided the following credentials: [username: admin]>
2011-10-11 10:48:27,109 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: supplied credentials: [username: admin]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Oct 11 10:48:27 CEST 2011
CLIENT IP ADDRESS: 192.168.1.122
SERVER IP ADDRESS: 192.168.1.27
=============================================================
>
2011-10-11 10:48:27,109 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: error.authentication.credentials.bad
ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
APPLICATION: CAS
WHEN: Tue Oct 11 10:48:27 CEST 2011
CLIENT IP ADDRESS: 192.168.1.122
SERVER IP ADDRESS: 192.168.1.27
=============================================================
Regards,
Matt
________________________________________
From: Pietro [pietr...@gmail.com]
Sent: 11 October 2011 09:58
To: cas-...@lists.jasig.org
Subject: re:[cas-user] CAS 3.4.10 - CustomPasswordAuthenticationHandler - RESTFul API issue
I have made further test and from Java HttpClient I have got TicketGrantingTicket but when I've tried get service ticket I get this exception (for details, I've attched error file):
2011-10-11 10:48:27,109 ERROR [org.jasig.cas.integration.restlet.TicketResource] - <error.authentication.credentials.bad>
org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody10(CentralAuthenticationServiceImpl.java:423)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:44)
at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:1)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
--
You are currently subscribed to cas-...@lists.jasig.org as: Matt...@bskyb.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trade marks of British Sky Broadcasting Group plc and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky Interactive Limited (Registration No. 3554332), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
Pietro
I'm using this Java HttpClient (from: https://wiki.jasig.org/display/CASUM/RESTful+API) in Debug mode on Eclipse and I've got, without error, TGT-ticket from method getTicketGrantingTicket(server, username, password).
But when jumped into method getServiceTicket(final String server, final String ticketGrantingTicket, final String service) I've got HTTP ERROR 400 and Exception in log file.
Thanks in advance.
Pietro.
From the Head of log file:
Hibernate: select allowedatt0_.RegisteredServiceImpl_id as Register1_0_0_, allowedatt0_.a_name as a2_0_, allowedatt0_.a_id as a3_0_ from rs_attributes allowedatt0_ where allowedatt0_.RegisteredServiceImpl_id=?
2011-10-11 10:48:10,760 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.>
2011-10-11 10:48:16,657 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: mypackage.cas.authhandler.CustomPasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: admin]>
2011-10-11 10:48:16,657 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Resolved principal admin>
2011-10-11 10:48:16,657 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <Principal found: admin>
2011-10-11 10:48:16,672 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: supplied credentials: [username: admin]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Oct 11 10:48:16 CEST 2011
CLIENT IP ADDRESS: 192.168.1.122
SERVER IP ADDRESS: 192.168.1.27
=============================================================
>
2011-10-11 10:48:16,672 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: admin]
WHAT: TGT-4-XyDtrzfO5OeRgBUxCsfbehLgzOeUvfVAKgvckdCI6HgbsQiNjk-elrond
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Oct 11 10:48:16 CEST 2011
CLIENT IP ADDRESS: 192.168.1.122
SERVER IP ADDRESS: 192.168.1.27
=============================================================
Kirk, Matt
Hmmm, seems strange. The exception being logged is happening when CAS is trying to create a TGT - which you already have. Have you change any other config? Ticket expiration policies perhaps which might have caused the original TGT to become invalid? I'm just guessing really.
Regards,
Matt
________________________________________
From: Pietro [pietr...@gmail.com]
Sent: 11 October 2011 10:30
To: cas-...@lists.jasig.org
Subject: RE:[cas-user] re:CAS 3.4.10 - CustomPasswordAuthenticationHandler - RESTFul API issue
Thanks in advance.
Pietro.
You are currently subscribed to cas-...@lists.jasig.org as: Matt...@bskyb.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Information in this email including any attachments may be privileged, confidential and is intended exclusively for the addressee. The views expressed may not be official policy, but the personal views of the originator. If you have received it in error, please notify the sender by return e-mail and delete it from your system. You should not reproduce, distribute, store, retransmit, use or disclose its contents to anyone. Please note we reserve the right to monitor all e-mail communication through our internal and external networks. SKY and the SKY marks are trade marks of British Sky Broadcasting Group plc and are used under licence. British Sky Broadcasting Limited (Registration No. 2906991), Sky Interactive Limited (Registration No. 3554332), Sky-In-Home Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) are direct or indirect subsidiaries of British Sky Broadcasting Group plc (Registration No. 2247735). All of the companies mentioned in this paragraph are incorporated in England and Wales and share the same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
--
Marvin Addison
I'd like to determine whether this is a problem with the client script
or something in your CAS server environment. Please try the following
Python script which I use regularly and is known to work:
https://svn.middleware.vt.edu/svn/middleware/cas/scripts/cas-restful-test.py
Usage example:
cas-restful-test.py cas.example.com /cas/v1 someuser
https://some-cas-protected-service.example.com
M