6 Replies Latest reply on Jan 7, 2013 8:35 PM by net huang

    cas gatein3.5 help

    net huang Newbie

      Hello All,

       

      I  installation document profile (https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+Service+(CAS))Step-by-step,

      Now, Cas can works,and use root/gtn passed,when  the cas senddiect to http://localhost:8080/portal/initiatessologin ,the portal has errors:

       

      org.apache.catalina.realm.JAASRealm authenticate

      Login exception authenticating username "root"

      javax.security.auth.login.LoginException: Login failed for root

              at org.exoplatform.services.security.jaas.DefaultLoginModule.login(Defau

      ltLoginModule.java:140)

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.

      java:39)

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces

      sorImpl.java:25)

              at java.lang.reflect.Method.invoke(Method.java:597)

              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1

      86)

              at org.gatein.wci.tomcat.TC7ServletContainerContext.login(TC7ServletCont

      ainerContext.java:136)

              at org.gatein.wci.ServletContainer.login(ServletContainer.java:171)

              at org.exoplatform.web.login.LoginServlet.doGet(LoginServlet.java:127)

              at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

              at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractH

      ttpServlet.java:183)

              at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHtt

      pServlet.java:132)

       

       

      I edited the  DefaultLoginModule.java  :

                  Callback[] callbacks = new Callback[2];

                  callbacks[0] = new NameCallback("Username");

                  callbacks[1] = new PasswordCallback("Password", false);

                  callbackHandler.handle(callbacks);

                  System.out.println("-------------------callbackHandler----"+callbackHandler);

                  String username = ((NameCallback)callbacks[0]).getName();

                  String password = new String(((PasswordCallback)callbacks[1]).getPassword());

                  password="gtn";

                  System.out.println("-------------------Username11------"+username);

                  System.out.println("-------------------password11------"+password);

       

       

      Out: -------------------Username11------root

              -------------------password11------23C754409AB6AD205B98EB29DB764B0C_1357532611796

       

      So,it failed. Why? Why the password have changed?

       

      Please Help Me !  Thanks.

        • 1. Re: cas gatein3.5 help
          Marek Posolda Apprentice

          Hello,

           

          which versions exactly are you using? Did you try with latest GateIn 3.5 and with latest SSO 1.3.0.Final from https://repository.jboss.org/nexus/content/groups/public/org/gatein/sso/sso-packaging/1.3.0.Final/sso-packaging-1.3.0.Final.zip ? According to your log, it seems that you are using GateIn 3.5 on Tomcat7. Did you add ServletAccessValve which is needed step for Tomcat7 integration? See https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+Service+%28CAS%29 the very last part of the page (Setup with portal on Tomcat).

           

          Hope this helps,

          Marek

          • 2. Re: cas gatein3.5 help
            net huang Newbie

            Thanks !

             

                 yes,  I using GateIn3.5 On Tomcat7 (GateIn-3.5.0.Final-tomcat7), my config:

             

            1、configuration.properties

             

            # SSO  ${gatein.sso.enabled}

            gatein.sso.enabled=true

            gatein.sso.callback.enabled=true

            gatein.sso.login.module.enabled=true

            gatein.sso.login.module.class=org.gatein.sso.agent.login.SSOLoginModule

            gatein.sso.server.url=http://192.168.1.135:8081/cas

            gatein.sso.portal.url=http://192.168.1.135:8080

            gatein.sso.filter.logout.class=org.gatein.sso.agent.filter.CASLogoutFilter

            gatein.sso.filter.logout.url=${gatein.sso.server.url}/logout

            gatein.sso.filter.login.sso.url=${gatein.sso.server.url}/login?service=${gatein.sso.portal.url}/@@portal.container.name@@/initiatessologin

             

            2、server.xml

            <Host name="localhost"  appBase="webapps"

                        unpackWARs="false" autoDeploy="false">

                                <Valve className="org.apache.catalina.authenticator.SingleSignOn"/>

                    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" 

                           prefix="localhost_access_log." suffix=".txt"

                           pattern="%h %l %u %t &quot;%r&quot; %s %b" resolveHosts="false"/>

                  </Host>

             

            But it  can't work. Please help me. Best wishes for you.

            • 3. Re: cas gatein3.5 help
              Marek Posolda Apprentice

              Could you add also

              <Valve className="org.gatein.sso.agent.tomcat.ServletAccessValve" />

              to your server.xml as suggested in https://docs.jboss.org/author/display/GTNPORTAL35/Central+Authentication+Service+%28CAS%29 in section "Setup with portal on Tomcat" ?

               

              This step is needed for GateIn on Tomcat7. If you have GateIn on JBoss7 you need to edit only configuration.properties and you are done.

               

              Hope this helps,

              Marek

              1 of 1 people found this helpful
              • 4. Re: cas gatein3.5 help
                net huang Newbie

                Thank you very much!   This problem has been solved, Now I can login with cas success 。

                 

                But the new problem is out when i sign out  as user "root":

                 

                78594 ["http-bio-8080"-exec-6] WARN org.gatein.sso.agent.login.SSOLoginModule - SSOLogin Failed. Credential Not Found!!

                2013-1-7 18:33:06 org.apache.catalina.realm.JAASRealm authenticate

                警告: Login exception authenticating username "96952E168AE6CC8985DA7B3E51FB22CD_1357554786687"

                javax.security.auth.login.LoginException: Login failed for 96952E168AE6CC8985DA7B3E51FB22CD_1357554786687

                          at org.exoplatform.services.security.jaas.DefaultLoginModule.login(DefaultLoginModule.java:136)

                          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                          at java.lang.reflect.Method.invoke(Method.java:597)

                          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

                          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

                          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

                          at java.security.AccessController.doPrivileged(Native Method)

                          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

                          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

                          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:411)

                          at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:334)

                          at org.apache.catalina.authenticator.AuthenticatorBase.doLogin(AuthenticatorBase.java:788)

                          at org.apache.catalina.authenticator.AuthenticatorBase.login(AuthenticatorBase.java:770)

                          at org.apache.catalina.connector.Request.login(Request.java:2550)

                          at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1066)

                          at javax.servlet.http.HttpServletRequestWrapper.login(HttpServletRequestWrapper.java:295)

                          at org.gatein.wci.tomcat.TC7ServletContainerContext.login(TC7ServletContainerContext.java:136)

                          at org.gatein.wci.ServletContainer.login(ServletContainer.java:171)

                          at org.exoplatform.web.login.LoginServlet.doGet(LoginServlet.java:127)

                          at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)

                          at org.exoplatform.container.web.AbstractHttpServlet.onService(AbstractHttpServlet.java:183)

                          at org.exoplatform.container.web.AbstractHttpServlet.service(AbstractHttpServlet.java:132)

                          at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)

                          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)

                          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

                          at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)

                          at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471)

                          at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402)

                          at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)

                          at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:383)

                          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:267)

                          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:535)

                          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)

                          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)

                          at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563)

                          at org.gatein.sso.agent.tomcat.ServletAccessValve.invoke(ServletAccessValve.java:55)

                          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

                          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403)

                          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:301)

                          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:162)

                          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:140)

                          at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)

                          at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

                          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

                          at java.lang.Thread.run(Thread.java:662)

                • 5. Re: cas gatein3.5 help
                  Marek Posolda Apprentice

                  Unfortunately this looks like a bug. JIRA is created here https://issues.jboss.org/browse/GTNSSO-22 and it will be fixed in next sso version. Note that this does not affect functionality, you can still use CAS integration and login/logout as you want. Only problem is this disturbing exception in server log. You can disable logging for the SSOLoginModule or JAASRealm class to get rid of it.

                   

                  Thanks!

                  Marek

                  1 of 1 people found this helpful
                  • 6. Re: cas gatein3.5 help
                    net huang Newbie

                    Thanks for your help.