Announcement Announcement Module
Collapse
No announcement yet.
Acegi with CAS Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Acegi with CAS

    I am trying to integrate Acegi with CAS -- is there any sample app which does that ?

  • #2
    Where can I find contacts-cas.war file ? in the sample applications director ?

    Can some one give me the location url

    Comment


    • #3
      The sample application should be included with the release I believe. Otherwise it can be retrieved from the SVN.

      Comment


      • #4
        Thank you . I have followed the instructions as in

        http://forum.springframework.org/showthread.php?t=12811

        when I click on the protected url , I am sent to the CAS login page . I put in the correct username , password , Eg: marissa;koala

        I am sent to this page

        http://localhost:8080/contacts-cas/casfailed.jsp ( which is the authentication failed page for contacts-cas app)

        The logs are as follows

        2006-10-30 09:26:28,611 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
        <Granted service ticket [ST-32-AZ1TbilqW5KYAhvQlMMt3z2qLIl9cr6drFg-20] for servi
        ce [https://localhost:8443/contacts-cas/...ecurity_check] for user [ma
        rissa]>


        I have a feeling that CAS is authenticating the user properly , but contacts-cas is not able to authenticate

        Did anyone face this problem ? If not what could be the reason ? I am not able to figure out
        Last edited by reddy; Oct 30th, 2006, 12:33 PM.

        Comment


        • #5
          Try turning on debug level logging in the application to see if anything comes up.

          Comment


          • #6
            please see this

            09:10:12,003 DEBUG ExceptionTranslationFilter,http-8443-Processor25:195 - Authentication entry point being called; SavedRequest added to Session: SavedRequest[https://localhost:8443/contacts-cas/secure/index.htm]
            09:10:12,003 DEBUG ExceptionTranslationFilter,http-8443-Processor25:195 - Authentication entry point being called; SavedRequest added to Session: SavedRequest[https://localhost:8443/contacts-cas/secure/index.htm]
            09:10:12,003 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:255 - SecurityContextHolder set to new context, as request processing completed
            09:10:12,003 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:255 - SecurityContextHolder set to new context, as request processing completed
            09:10:51,824 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor25:100 - Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to: '/j_acegi_cas_security_check'
            09:10:51,824 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor25:100 - Converted URL to lowercase, from: '/j_acegi_cas_security_check'; to: '/j_acegi_cas_security_check'
            09:10:51,824 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor25:112 - Candidate is: '/j_acegi_cas_security_check'; pattern is /**; matched=true
            09:10:51,824 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor25:112 - Candidate is: '/j_acegi_cas_security_check'; pattern is /**; matched=true
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'channelProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'channelProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'httpSessionContextIntegrationFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'httpSessionContextIntegrationFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'logoutFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'logoutFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'casProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'casProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'basicProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'basicProcessingFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'exceptionTranslationFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'exceptionTranslationFilter'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'filterInvocationInterceptor'
            09:10:51,824 DEBUG DefaultListableBeanFactory,http-8443-Processor25:189 - Returning cached instance of singleton bean 'filterInvocationInterceptor'
            09:10:51,824 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessing Filter@3aabc1'
            09:10:51,824 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessing Filter@3aabc1'
            09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:107 - Converted URL to lowercase, from: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; to: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'
            09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:107 - Converted URL to lowercase, from: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; to: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'

            Comment


            • #7
              additional

              09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:117 - Candidate is: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; pattern is \A/secure/.*\Z; matched=false
              09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:117 - Candidate is: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; pattern is \A/secure/.*\Z; matched=false
              09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:117 - Candidate is: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
              09:10:51,824 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor25:117 - Candidate is: '/j_acegi_cas_security_check?ticket=st-2-mlntrilaozav1pdtukoulsd5nh4mjzsjzfb-20'; pattern is \A/j_acegi_cas_security_check.*\Z; matched=true
              09:10:51,824 DEBUG ChannelProcessingFilter,http-8443-Processor25:128 - Request: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
              09:10:51,824 DEBUG ChannelProcessingFilter,http-8443-Processor25:128 - Request: FilterInvocation: URL: /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@17e982f'
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 2 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@17e982f'
              09:10:51,840 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:169 - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
              09:10:51,840 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:169 - HttpSession returned null object for ACEGI_SECURITY_CONTEXT - new SecurityContext instance associated with SecurityContextHolder
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@453c47'
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 3 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.logout.LogoutFilter@453c47'
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.cas.CasProcessingFilter@1787 005'
              09:10:51,840 DEBUG FilterChainProxy,http-8443-Processor25:269 - /j_acegi_cas_security_check?ticket=ST-2-mlnTrilaozAv1pDtUkoUlSd5NH4mJZSJZFB-20 at position 4 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.ui.cas.CasProcessingFilter@1787 005'
              09:10:51,840 DEBUG CasProcessingFilter,http-8443-Processor25:192 - Request is to process authentication
              09:10:51,840 DEBUG CasProcessingFilter,http-8443-Processor25:192 - Request is to process authentication
              09:10:51,840 DEBUG ProviderManager,http-8443-Processor25:183 - Authentication attempt using org.acegisecurity.providers.cas.CasAuthenticationP rovider
              09:10:51,840 DEBUG ProviderManager,http-8443-Processor25:183 - Authentication attempt using org.acegisecurity.providers.cas.CasAuthenticationP rovider
              09:10:51,902 DEBUG XmlWebApplicationContext,http-8443-Processor25:215 - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.Authenticat ionFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswor dAuthenticationToken@98684bb3: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: E5D64A8FF06923C4FD14AFDF5A11506E; Not granted any authorities]
              09:10:51,902 DEBUG XmlWebApplicationContext,http-8443-Processor25:215 - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.Authenticat ionFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswor dAuthenticationToken@98684bb3: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@fffc 7f0c: RemoteIpAddress: 127.0.0.1; SessionId: E5D64A8FF06923C4FD14AFDF5A11506E; Not granted any authorities]
              09:10:51,902 DEBUG CasProcessingFilter,http-8443-Processor25:412 - Updated SecurityContextHolder to contain null Authentication
              09:10:51,902 DEBUG CasProcessingFilter,http-8443-Processor25:412 - Updated SecurityContextHolder to contain null Authentication
              09:10:51,902 DEBUG CasProcessingFilter,http-8443-Processor25:418 - Authentication request failed: org.acegisecurity.AuthenticationServiceException: HTTPS hostname wrong: should be <localhost>
              09:10:51,902 DEBUG CasProcessingFilter,http-8443-Processor25:418 - Authentication request failed: org.acegisecurity.AuthenticationServiceException: HTTPS hostname wrong: should be <localhost>
              09:10:51,902 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:255 - SecurityContextHolder set to new context, as request processing completed
              09:10:51,902 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor25:255 - SecurityContextHolder set to new context, as request processing completed
              09:10:51,918 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor24:100 - Converted URL to lowercase, from: '/casfailed.jsp'; to: '/casfailed.jsp'

              Comment


              • #8
                Update --

                I regenerated the cert using CN= localhost

                Now the error log is


                09:49:30,035 DEBUG CasProcessingFilter,http-8443-Processor22:192 - Request is to process authentication
                09:49:30,035 DEBUG CasProcessingFilter,http-8443-Processor22:192 - Request is to process authentication
                09:49:30,035 DEBUG ProviderManager,http-8443-Processor22:183 - Authentication attempt using org.acegisecurity.providers.cas.CasAuthenticationP rovider
                09:49:30,035 DEBUG ProviderManager,http-8443-Processor22:183 - Authentication attempt using org.acegisecurity.providers.cas.CasAuthenticationP rovider
                09:49:30,051 DEBUG XmlWebApplicationContext,http-8443-Processor22:215 - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.Authenticat ionFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswor dAuthenticationToken@2adc5980: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@12af c: RemoteIpAddress: 127.0.0.1; SessionId: 9F0C9D0532C7A518CE25DEF95C3161CF; Not granted any authorities]
                09:49:30,051 DEBUG XmlWebApplicationContext,http-8443-Processor22:215 - Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.Authenticat ionFailureServiceExceptionEvent[source=org.acegisecurity.providers.UsernamePasswor dAuthenticationToken@2adc5980: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@12af c: RemoteIpAddress: 127.0.0.1; SessionId: 9F0C9D0532C7A518CE25DEF95C3161CF; Not granted any authorities]
                09:49:30,051 DEBUG CasProcessingFilter,http-8443-Processor22:412 - Updated SecurityContextHolder to contain null Authentication
                09:49:30,051 DEBUG CasProcessingFilter,http-8443-Processor22:412 - Updated SecurityContextHolder to contain null Authentication
                09:49:30,051 DEBUG CasProcessingFilter,http-8443-Processor22:418 - Authentication request failed: org.acegisecurity.AuthenticationServiceException: sun.security.validator.ValidatorException: No trusted certificate found
                09:49:30,051 DEBUG CasProcessingFilter,http-8443-Processor22:418 - Authentication request failed: org.acegisecurity.AuthenticationServiceException: sun.security.validator.ValidatorException: No trusted certificate found
                09:49:30,051 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor22:255 - SecurityContextHolder set to new context, as request processing completed
                09:49:30,051 DEBUG HttpSessionContextIntegrationFilter,http-8443-Processor22:255 - SecurityContextHolder set to new context, as request processing completed
                09:49:30,051 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor24:100 - Converted URL to lowercase, from: '/casfailed.jsp'; to: '/casfailed.jsp'
                09:49:30,051 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor24:100 - Converted URL to lowercase, from: '/casfailed.jsp'; to: '/casfailed.jsp'
                09:49:30,051 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor24:112 - Candidate is: '/casfailed.jsp'; pattern is /**; matched=true
                09:49:30,051 DEBUG PathBasedFilterInvocationDefinitionMap,http-8443-Processor24:112 - Candidate is: '/casfailed.jsp'; pattern is /**; matched=true
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'channelProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'channelProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'httpSessionContextIntegrationFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'httpSessionContextIntegrationFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'logoutFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'logoutFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'casProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'casProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'basicProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'basicProcessingFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'exceptionTranslationFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'exceptionTranslationFilter'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'filterInvocationInterceptor'
                09:49:30,051 DEBUG DefaultListableBeanFactory,http-8443-Processor24:189 - Returning cached instance of singleton bean 'filterInvocationInterceptor'
                09:49:30,051 DEBUG FilterChainProxy,http-8443-Processor24:269 - /casfailed.jsp at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessing Filter@14bcae9'
                09:49:30,051 DEBUG FilterChainProxy,http-8443-Processor24:269 - /casfailed.jsp at position 1 of 7 in additional filter chain; firing Filter: 'org.acegisecurity.securechannel.ChannelProcessing Filter@14bcae9'
                09:49:30,051 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24:107 - Converted URL to lowercase, from: '/casfailed.jsp'; to: '/casfailed.jsp'
                09:49:30,051 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24:107 - Converted URL to lowercase, from: '/casfailed.jsp'; to: '/casfailed.jsp'
                09:49:30,051 DEBUG RegExpBasedFilterInvocationDefinitionMap,http-8443-Processor24:117 - Candidate is: '/casfailed.jsp'; pattern is \A/secure/.*\Z; matched=false

                Comment


                • #9
                  I have the same problem. Did you solve it?

                  I suppose that this problem with a key store. But it different for different servers. I'm using WebSphere. May be anyone had the same problem. Plz, answer.

                  Comment


                  • #10
                    actually I removed the SSL dependency from both the cas client and the configuration file in cas server . I am using simple http

                    Comment


                    • #11
                      If you're not using SSL then you should not see a trusted certificate error.

                      Comment


                      • #12
                        This variant doesn't suit me. I really need to use https. But.... thanks anyway.

                        Comment


                        • #13
                          Originally posted by reddy View Post
                          actually I removed the SSL dependency from both the cas client and the configuration file in cas server . I am using simple http
                          I was curious if these were configuration changes or did you edit the source?

                          Thanks
                          -Jeff

                          Comment


                          • #14
                            I ask because I'm having similar issues whereby the CasProcessingFilter attempts to validate the ticket, but generates an error indicating "HTTPS hostname wrong: should be <127.0.0.1>".

                            I am able to manually make a request to the proxyValidate url and I get back a response with my username indicating the auth is valid (based on what I've read in the docs).

                            I'm using a self signed cert with CN=127.0.0.1

                            I have the CasProxyTicketValidator.trustStore property set to my keystore, which is the same one I'm using with Jetty.

                            Code:
                            ....
                            2007-01-03 21:49:40,248 DEBUG [org.acegisecurity.ui.cas.CasProcessingFilter] - <Request is to process authentication>
                            2007-01-03 21:49:40,248 DEBUG [org.acegisecurity.providers.ProviderManager] - <Authentication attempt using org.acegisecurity.providers.cas.CasAuthenticationProvider>
                            2007-01-03 21:49:40,272 DEBUG [edu.yale.its.tp.cas.util.SecureURL] - <entering retrieve(https://127.0.0.1:8443/cas/proxyValidate?service=https://127.0.0.1:8443/j_acegi_cas_security_check&ticket=ST-2-eKeT5uOkkdqYkeZfWNWaQRDEOdwFgJDjeK2-20&pgtUrl=https://127.0.0.1:8443/cas/proxy/receptor)>
                            2007-01-03 21:49:40,756 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [Root WebApplicationContext]: org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent[source=[email protected]6a37ff9: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 1dna8dk1khek; Not granted any authorities]>
                            2007-01-03 21:49:40,756 WARN [org.acegisecurity.event.authentication.LoggerListener] - <Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: org.acegisecurity.ui.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 1dna8dk1khek; exception: HTTPS hostname wrong:  should be <127.0.0.1>>
                            2007-01-03 21:49:40,756 DEBUG [org.springframework.context.support.FileSystemXmlApplicationContext] - <Publishing event in context [org.springframework.context.support.FileSystemXmlApplicationContext;hashCode=17689439]: org.acegisecurity.event.authentication.AuthenticationFailureServiceExceptionEvent[source=[email protected]6a37ff9: Username: _cas_stateful_; Password: [PROTECTED]; Authenticated: false; Details: org.acegisecurity.ui.WebAuthenticationDetails@ffff6a82: RemoteIpAddress: 127.0.0.1; SessionId: 1dna8dk1khek; Not granted any authorities]>
                            2007-01-03 21:49:40,756 DEBUG [org.acegisecurity.ui.cas.CasProcessingFilter] - <Updated SecurityContextHolder to contain null Authentication>
                            2007-01-03 21:49:40,756 DEBUG [org.acegisecurity.ui.cas.CasProcessingFilter] - <Authentication request failed: org.acegisecurity.AuthenticationServiceException: HTTPS hostname wrong:  should be <127.0.0.1>>
                            2007-01-03 21:49:40,756 DEBUG [org.acegisecurity.context.HttpSessionContextIntegrationFilter] - <SecurityContextHolder set to new context, as request processing completed>
                            2007-01-03 21:49:40,864 DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Converted URL to lowercase, from: '/casfailed.html'; to: '/casfailed.html'>
                            2007-01-03 21:49:40,864 DEBUG [org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] - <Candidate is: '/casfailed.html'; pattern is /**; matched=true>
                            ...
                            Any ideas? It has to be something screwy with my self signed certs... I've tried several permutation of changing the urls/certs between localhost and 127.0.0.1, but get a similar error.

                            Thanks,
                            -Jeff

                            Comment


                            • #15
                              I figured out how to fix it, in a different way. I added an alias in /etc/hosts for 127.0.0.1 as 'blah'. Then changed all references in my applicationContext-acegi.xml conf that used to refer to '127.0.0.1' (or localhost - neither permutation worked) to 'blah'. Regnerated my self-signed cert with CN=blah and it all works.

                              -Jeff

                              Comment

                              Working...
                              X