What it means is: - Your CAS server is consuming service defns from some sort of registry. - You are using a separate UI to manage entries in that registry. - So, your other UI and your CAS sever must share the same registry.
The certificate you used to secure 8443 is not issued to localhost. -- Misagh From: Sami Ghayeni <[email protected]> Reply: Sami Ghayeni <[email protected]> Date: July 20, 2016 at 3:19:02 AM To: CAS Community <[email protected]> Cc: [email protected] <[email protected]> Subject: Re: [cas-user] after i log in to cas, the cas management web app returns 404 changing cas-management to cas-services solved the 404 issue. but... to be honest, i didn't understand the meaning of the word "configuration" in this context(in the yellow box, it says the configuration of cas and services management webapp should be the same, what does it mean? the .properties files?). actually i'm a beginner in Tomcat and i don't know very little about java and i know nothing about the spring framework. now, when i log in to /cas-services, it redirects me to https://localhost:8443/cas-services/callback?client_name=CasClient&ticket=ST-2-MhpXYeLdWMisJZ264n4a-cas01.example.org it shows me the page with the text "services management" on top so i am inside the services management app but this page says: The CAS management webapp is unavailable. There was an error trying to complete your request. Please notify your support desk or try again. also the logs shows there is a problem with the 'localhost' word somewhere, what does it mean and in which file should i find it? my whole project(except the database for authentication) is on localhost. ============================================================= WHO: hihello WHAT: Supplied credentials: [hihello] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Wed Jul 20 14:42:18 IRDT 2016 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2016-07-20 14:42:18,465 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-**********************************************cVJklQWh16-cas01.example.org ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jul 20 14:42:18 IRDT 2016 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2016-07-20 14:42:18,472 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-2-MhpXYeLdWMisJZ264n4a-cas01.example.org] for service [https://localhost:8443/cas-services/callback?client_name=CasClient] and principal [hihello]> 2016-07-20 14:42:18,474 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: hihello WHAT: ST-2-MhpXYeLdWMisJZ264n4a-cas01.example.org for https://localhost:8443/cas-services/callback?client_name=CasClient ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Jul 20 14:42:18 IRDT 2016 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2016-07-20 14:42:18,588 ERROR [org.jasig.cas.client.util.CommonUtils] - <java.security.cert.CertificateException: No name matching localhost found javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1904) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:279) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) at sun.security.ssl.Handshaker.process_record(Handshaker.java:837) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1023) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1359) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1343) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1301) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) at org.pac4j.cas.client.CasClient.retrieveUserProfile(CasClient.java:320) at org.pac4j.cas.client.CasClient.retrieveUserProfile(CasClient.java:83) at org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:99) at org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:48) at org.pac4j.springframework.web.CallbackController.callback(CallbackController.java:81) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) at javax.servlet.http.HttpServlet.service(HttpServlet.java:624) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:218) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:442) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1082) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:623) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.cert.CertificateException: No name matching localhost found at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:208) at sun.security.util.HostnameChecker.match(HostnameChecker.java:93) at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:203) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428) ... 65 more > 2016-07-20 14:42:22,938 INFO [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Beginning ticket cleanup...> 2016-07-20 14:42:22,938 INFO [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <0 expired tickets found and removed.> 2016-07-20 14:43:12,616 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2016-07-20 14:43:12,621 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 3 services from JsonServiceRegistryDao.> thanks again. i appreciate your time. On Wednesday, July 20, 2016 at 1:59:45 PM UTC+4:30, Misagh Moayyed wrote: There is no such thing as cas-management in your configuration. You are deploying the app under cas-services. So adjust accordingly. Also see the big yellow box here; that might help: https://apereo.github.io/cas/4.2.x/installation/Installing-ServicesMgmt-Webapp.html -- Misagh From: Sami Ghayeni <[email protected]> Reply: Sami Ghayeni <[email protected]> Date: July 20, 2016 at 2:08:45 AM To: CAS Community <[email protected]> Subject: [cas-user] after i log in to cas, the cas management web app returns 404 what i did: 1-build the below cas-management-webapp/pom.xml file using the mvn clean package command: <?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupId>net.unicon</groupId> <artifactId>cas4-svc-mgmt-overlay</artifactId> <packaging>war</packaging> <version>1.0</version> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <warName>cas-services</warName> <overlays> <overlay> <groupId>org.jasig.cas</groupId> <artifactId>cas-management-webapp</artifactId> </overlay> </overlays> </configuration> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.3</version> <configuration> <source>${maven.compiler.source}</source> <target>${maven.compiler.target}</target> </configuration> </plugin> <plugin> <groupId>com.rimerosolutions.maven.plugins</groupId> <artifactId>wrapper-maven-plugin</artifactId> <version>0.0.4</version> </plugin> </plugins> <finalName>cas-services</finalName> </build> <dependencies> <dependency> <groupId>org.jasig.cas</groupId> <artifactId>cas-management-webapp</artifactId> <version>${cas.version}</version> <type>war</type> <scope>runtime</scope> </dependency> </dependencies> <properties> <cas.version>4.2.1</cas.version> <maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.target>1.7</maven.compiler.target> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> </project> 2- deploy cas-services.war to Tomcat 3- in the Tomcat Manager WebApp there is a /cas-services link. clicking on it says "Application Not Authorized to use CAS", also it's http not https. so i should add cas-services as a service, to cas. 4- the /webapps/cas-services/WEB-INF/classes/services directory has a file which is missing inside the /webapps/cas/WEB-INF/classes/services directory, the rest is the same. the name of this file is ServicesManagementWebApplication-52497044623301.json , i copied it so now cas/..../services directory contains this json too.(why there is two services directories?) 5- the /webapps/cas/WEB-INF/classes/services/ServicesManagementWebApplication-52497044623301.json file now contains this content: { "@class" : "org.jasig.cas.services.RegexRegisteredService", "serviceId" : "http://localhost:8080/cas-management/callback";, "name" : "Services Management Web Application", "id" : 52497044623301, "description" : "Services Management Web Application", "proxyPolicy" : { "@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy" }, "evaluationOrder" : 2, "usernameAttributeProvider" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider" }, "logoutType" : "BACK_CHANNEL", "attributeReleasePolicy" : { "@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository" }, "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : false }, "accessStrategy" : { "@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled" : true, "ssoEnabled" : true } } i changed the value of serviceId from this "serviceId" : "http://localhost:8080/cas-management/callback"; to this "serviceId" : "https://localhost8443/cas-management/callback.*"; so it uses the https protocol, it's port is 8443 and also it accepts urls that have characters after the 'callback' word. 6- now i go to https:localhost:8443/cas-services , it redirects me to the cas login page. 7- after i login, although the logs says AUTHENTICATION_SUCCESS, TICKET_GRANTING_TICKET_CREATED and SERVICE_TICKET_CREATED but after cas redirects me to https://localhost:8443/cas-management/callback?client_name=CasClient&ticket=ST-4-U9f3KcWa6llcVbe3mCiV-cas01.example.org i see a 404 page which says: HTTP Status 404 - /cas-management/callback type Status report message /cas-management/callback description The requested resource is not available. and is there documentation related to this i missed? did i do something wrong? thanks in advance. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/976edbea-969e-4b8a-a66e-65f04022857b%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f496e316-e34e-44fc-9479-30926be38ec7%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.578f55cc.65ed1299.2d8f%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
