I switched the client to use https, but get the same error. Using the
debugger I've tracked down where it makes the call to the client with the
/j_spring_cas_security_proxyreceptor and it comes back with a 404.
My client side configuration is done with cas 3.2 and has the following in
the context.xml file.
<beans:bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<beans:property name="authenticationUserDetailsService">
<beans:bean
class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<beans:constructor-arg ref="userService" />
</beans:bean>
</beans:property>
<beans:property name="serviceProperties" ref="serviceProperties" />
<beans:property name="ticketValidator">
<beans:bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<beans:constructor-arg index="0" value="${system.casServerUrl}/cas" />
<beans:property name="proxyCallbackUrl"
value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" />
<beans:property name="proxyGrantingTicketStorage" ref="pgtStorage" />
</beans:bean>
</beans:property>
<beans:property name="key"
value="bind_auth_provider"/>
</beans:bean>
On Friday, August 4, 2017 at 9:33:17 AM UTC-6, rbon wrote:
>
> This line
>
> <Authentication has failed. Credentials may be incorrect or CAS cannot
> find authentication handler that supports [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type
>
>
> CAS expects the proxy callback to be https (at least by default). Change
> client to use https.
>
> Ray
>
> On Fri, 2017-08-04 at 08:39 -0600, Matt Stacey wrote:
>
> Hello,
>
> I'm migrating from Cas 3 to Cas 5.1.2. So far I have been succesful with
> everything up to the point of the proxy policy. I'm getting the following
> error.
>
> [org.apereo.cas.web.AbstractServiceValidateController] - <Failed to
> authenticate service credential [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
>
> Here are the last few lines of my cas server output.
>
> 2017-08-04 08:03:03,590 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: CLYTLE
> WHAT:
> TGT-**********************************************ofMbwcwxY3-W000008983
> ACTION: TICKET_GRANTING_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:03 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> >
> [ INFO] [04 Aug 2017 08:03:03,678] USER: (UNAUTHENTICATED); METHOD:
> (com....); ARGS(s): clytle; returned value(s): [email protected]
> <javascript:> in 84 msecs [LoggingAspect:77]
> [ INFO] [04 Aug 2017 08:03:04,270] USER: (UNAUTHENTICATED); METHOD:
> (com....); ARGS(s): clytle; returned value(s): false in 587 msecs
> [LoggingAspect:77]
> 2017-08-04 08:03:04,306 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: CLYTLE
> WHAT: ST-1-QAuzbUq0cPRqpyE0WaDc-W000008983 for
> http://localhost:8080/bind/j_spring_cas_security_check
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:04 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> >
> 2017-08-04 08:03:04,362 WARN
> [org.apereo.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
>
> - <Proxy policy for service [^
> http://localhost:8080/bind/j_spring_cas_security_check] cannot authorize
> the requested callback url [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor].>
> 2017-08-04 08:03:04,363 WARN
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor] of type
> [HttpBasedServiceCredential], which suggests a configuration problem.>
> 2017-08-04 08:03:04,366 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: http://localhost:8080/bind/j_spring_cas_security_proxyreceptor
> WHAT: Supplied credentials: [
> http://localhost:8080/bind/j_spring_cas_security_proxyreceptor]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Fri Aug 04 08:03:04 MDT 2017
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
>
> The client is still using Cas version 3 and I'm wondering if that is the
> problem. My client is configured as follows, and I'm not sure if this has
> something to do with the Cas20ServiceTicketValidator (seeing as it no
> longer exists in Cas 5.1.2) or something else. Any help would be greatly
> appreciated.
>
>
> <!-- Handles the CAS ticket processing. -->
> <beans:bean id="casAuthenticationProvider"
>
> class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
> <beans:property name="authenticationUserDetailsService">
> <beans:bean
>
> class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
> <beans:constructor-arg ref="userService" />
> </beans:bean>
> </beans:property>
> <beans:property name="serviceProperties" ref="serviceProperties" />
> <beans:property name="ticketValidator">
> <beans:bean
> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
> <beans:constructor-arg index="0" value="${system.casServerUrl}/cas"
> />
> <beans:property name="proxyCallbackUrl"
> value="${system.serverUrl}/bind/j_spring_cas_security_proxyreceptor" />
> <beans:property name="proxyGrantingTicketStorage" ref="pgtStorage"
> />
> </beans:bean>
> </beans:property>
> <beans:property name="key"
> value="bind_auth_provider"/>
> </beans:bean>
>
>
>
> Thanks
> Matt
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 023 | [email protected] <javascript:>
>
>
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/d18fc7cb-1cd2-4bed-aad7-a2f717000863%40apereo.org.
