Hello, I'm migrating from Cas 3 to Cas 5.1.2. So far I have been succesful with everything up to the point of the proxy policy. I'm getting the following error.
[org.apereo.cas.web.AbstractServiceValidateController] - <Failed to authenticate service credential [http://localhost:8080/bind/j_ spring_cas_security_proxyreceptor] Here are the last few lines of my cas server output. 2017-08-04 08:03:03,590 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: CLYTLE WHAT: TGT-********************************************** ofMbwcwxY3-W000008983 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Aug 04 08:03:03 MDT 2017 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > [ INFO] [04 Aug 2017 08:03:03,678] USER: (UNAUTHENTICATED); METHOD: (com....); ARGS(s): clytle; returned value(s): [email protected] in 84 msecs [LoggingAspect:77] [ INFO] [04 Aug 2017 08:03:04,270] USER: (UNAUTHENTICATED); METHOD: (com....); ARGS(s): clytle; returned value(s): false in 587 msecs [LoggingAspect:77] 2017-08-04 08:03:04,306 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: CLYTLE WHAT: ST-1-QAuzbUq0cPRqpyE0WaDc-W000008983 for http://localhost:8080/bind/j_ spring_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Aug 04 08:03:04 MDT 2017 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2017-08-04 08:03:04,362 WARN [org.apereo.cas.authentication.handler.support. HttpBasedServiceCredentialsAuthenticationHandler] - <Proxy policy for service [^http://localhost:8080/bind/j_spring_cas_security_check] cannot authorize the requested callback url [http://localhost:8080/bind/j_ spring_cas_security_proxyreceptor].> 2017-08-04 08:03:04,363 WARN [org.apereo.cas.authentication. PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [ http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type [HttpBasedServiceCredential], which suggests a configuration problem.> 2017-08-04 08:03:04,366 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: http://localhost:8080/bind/j_spring_cas_security_proxyreceptor WHAT: Supplied credentials: [http://localhost:8080/bind/j_ spring_cas_security_proxyreceptor] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Fri Aug 04 08:03:04 MDT 2017 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= The client is still using Cas version 3 and I'm wondering if that is the problem. My client is configured as follows, and I'm not sure if this has something to do with the Cas20ServiceTicketValidator (seeing as it no longer exists in Cas 5.1.2) or something else. Any help would be greatly appreciated. <!-- Handles the CAS ticket processing. --> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <beans:property name="authenticationUserDetailsService"> <beans:bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <beans:constructor-arg ref="userService" /> </beans:bean> </beans:property> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="${system.casServerUrl}/cas" /> <beans:property name="proxyCallbackUrl" value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" /> <beans:property name="proxyGrantingTicketStorage" ref="pgtStorage" /> </beans:bean> </beans:property> <beans:property name="key" value="bind_auth_provider"/> </beans:bean> Thanks Matt -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACZukkCigOEE7xPcaTi3rQ%3DsVrtkFA32DbEMeGb-Szw8_%3DK%3Dvw%40mail.gmail.com.
