[cas-user] The supplied service xxxxx is not authorized to use CAS proxy authentication.

[Jahid Shohel]

Hi,

I am working on cas client. I get below given exception -

org.jasig.cas.client.validation.TicketValidationException: 
            The supplied service 'https://localhost:8441/hello-world-webapp/' is not authorized to use CAS proxy authentication.
    
	at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:84)
	at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:201)
	at org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204)
	at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1332)
	at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:477)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119)
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
	at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
	at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031)
	at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406)
	at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186)
	at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965)
	at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
	at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
	at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149)
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111)
	at org.eclipse.jetty.server.Server.handle(Server.java:348)
	at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:452)
	at org.eclipse.jetty.server.BlockingHttpConnection.handleRequest(BlockingHttpConnection.java:47)
	at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:884)
	at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:938)
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:630)
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java

On server side, registered service list is like-

<util:list id="registeredServicesList">
    <bean class="org.jasig.cas.services.RegexRegisteredService"
          p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"
          p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" />
</util:list>

Anyone knows why I am getting this exception?

Thanks in advance.

//Jahid

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

[Ray Bon]

Is hello-world-webapp allowed to proxy in service registry?

Ray

[Jahid Shohel]

Hi Ray,

I just posted what all i have. How do i add hello-world-webapp to service registry?

[Ray Bon]

You can access with https://localhost:8441/cas/services

All services served by CAS must be in the registry.

Ray

[Jahid Shohel]

Hi Ray,

Actually I can't see anything when I browse to "https://localhost:8443/cas/services". Just as a side note, my configuration is like below -

CAS: Running on "https://localhost:8443" through maven jetty

Client: Running on "https://localhost:8441" through maven jetty. 

CAS and Client are two different JVM process. Now when I try to browse "https:localhost:8443/cas/services", I see nothing. First time it asked me to login, and then when I logged in, it just keep saying "you are logged in".

[Vincent Repain]

Hi,
add p:allowedToProxy="true" in your RegexRegisteredService bean

--

Vincent REPAIN
Centre de ressources informatiques
Tél. : +33 (0)2 23 23 83 31

20 avenue des Buttes de Coësmes
CS 70839 - 35 708 RENNES Cedex 7

www.insa-rennes.fr

[Jahid Shohel]

Hi Vincent,

I added p:allowedToProxy="true" -

<util:list id="registeredServicesList">
    <bean class="org.jasig.cas.services.RegexRegisteredService"
          p:id="0" p:name="HTTP and IMAP" p:description="Allows HTTP(S) and IMAP(S) protocols"

          p:serviceId="^(https?|imaps?)://.*" p:evaluationOrder="10000001" p:allowedToProxy="true"/>
</util:list>

But then it throws an exception. Seems like there is no property named "allowedToProxy" -

STDERR] org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.jasig.cas.services.RegexRegisteredService#4930539b' defined in ServletContext resource [/WEB-INF/deployerConfigContext.xml]: Error setting property values; nested exception is org.springframework.beans.NotWritablePropertyException: Invalid property 'allowedToProxy' of bean class [org.jasig.cas.services.RegexRegisteredService]: Bean property 'allowedToProxy' is not writable or has an invalid setter method. Does the parameter type of the setter match the return type of the getter?

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1512)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:299)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:122)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)

[STDERR] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1475)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1220)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)

[STDERR] at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)

[STDERR] at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)

[STDERR] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)

[STDERR] at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:648)

[STDERR] at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)

[STDERR] at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1137)

[Dmitriy Kopylenko]

It’d be always useful to provide what exact version of CAS being used when asking questions. For CAS 4.1+ (4.1 and greater), please consult the following guide on proxying config options: https://jasig.github.io/cas/4.2.x/installation/Configuring-Service-Proxy-Policy.html

Best,

Dmitriy.