I posted this to the uportal list, but they recommended I look here for
my answer.
I getting a 505 error when trying to use cas to authenticate against my
ldap server.
I am using the org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler
bean and connecting to my global catalog server on port 3268 with ldap
not ldaps.
<bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
>
<property name="filter" value="sAMAccountName=%u" />
<property name="searchBase" value="dc=edu" />
<property name="contextSource" ref="contextSource" /> </bean>
I am doing an initial bind with the account defined in the contextSource
bean to do a search on the passed user.
In my
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials
AuthenticationHandler bean I am telling it that requireSecure is false.
I am getting errors, and most of what I have been able to find on the
subject points to an issue with the cert in the java key store. I am
not sure that makes sense for me since I a using ldaps. A packet
sniffer on the dc/gc sees the initial ldap bind, the search, and the
success return, so this is something failing in CAS before it hands me
back off to uportal, not the ldap connection. I have had to explicitly
define the urls to point to my server (otherwise it spits out
localhost), but they are on the same server, and I am front ending my
tomcat install with apache.
Just to see. I did try switching the ldap connection to point to ldaps
and setting requireSecure to true, but I got the exact same error
message.
Any help would be appreciated.
This is the error (sanitized) I am getting:
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[my
server] proxyCallbackUrl=[my server]
ticket=[ST-1-kbJ1CqFnqKWzkUAnEzEV-cas] service=[my server]
renew=false]]]
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidate
Filter.java:345)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[my
server] proxyCallbackUrl=[my server]
ticket=[ST-1-kbJ1CqFnqKWzkUAnEzEV-cas] service=[my server]
renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:54)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser
(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidate
Filter.java:342)
root cause
java.net.SocketException: Connection reset
java.net.SocketInputStream.read(SocketInputStream.java:168)
com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:789)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.
java:746)
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
java.io.BufferedInputStream.read1(BufferedInputStream.java:258)
java.io.BufferedInputStream.read(BufferedInputStream.java:317)
sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:687)
sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:632)
sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:652)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec
tion.java:1049)
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.ge
tInputStream(HttpsURLConnectionOldImpl.java:204)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:91)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket
Validator.java:218)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser
(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidate
Filter.java:342)
______________________
Perry B. Koob
Computer Programmer/Analyst, Missouri S&T IT
(573) 341-6276 / [email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
