Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

I'm trying to implement SSO in my app and as for now, I've faced the next problem:

HTTP Status 401 - Authentication Failed: Failed to provide a CAS service ticket to validate
type Status report
message Authentication Failed: Failed to provide a CAS service ticket to validate
description This request requires HTTP authentication (Authentication Failed: Failed to provide a CAS service ticket to validate).
I start my cas server on a different tomcat, login there and when I go to login pageat my app, then:
1. then is no autologin
2. when i enter credentials, I see the stacktrace shown above
I took an example from this site .
here is my spring security context:
<security:global-method-security  pre-post-annotations="enabled" />
    <security:http use-expressions="true" auto-config="true"
        entry-point-ref="casAuthenticationEntryPoint" >
    <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"></security:custom-filter>
        <security:access-denied-handler  ref="accessDeniedHandler" />
        <security:form-login login-page="/login.html"
            authentication-failure-url="/login.html?login_error=1"
            default-target-url="/index.html" 
            always-use-default-target="false"
            login-processing-url="/j_spring_security_check"
            authentication-failure-handler-ref="failureHandler"
            authentication-success-handler-ref="successHandler" />
        <security:logout logout-url="/logout" logout-success-url="/login.html" />
        <security:intercept-url pattern="/member/**" access="hasRole('viewer')" />
        <security:intercept-url pattern="/admin/**" access="hasRole('SiteAdmin')" />
        <security:intercept-url pattern="/admin/**" access="hasRole('SystemAdmin')" />
        <security:remember-me />
    </security:http>
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="myUserDetailsService" />
        <security:authentication-provider ref="casAuthenticationProvider"></security:authentication-provider>
    </security:authentication-manager>
    <bean id="myUserDetailsService"
        class="com.mypackage.MyUserDetailsService">
    </bean>
    <bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <property name="loginFormUrl" value="/login.html" />
        <property name="forceHttps" value="false" />
    </bean>
    <bean id="successHandler"
        class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/member/index.html" />
    </bean>
    <bean id="failureHandler"
        class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/login.html?error=auth_fail" />
    </bean>
    <bean id="bannedHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <property name="defaultFailureUrl" value="/login.html?error=banned" />
    </bean>
    <bean id="accessDeniedHandler"
        class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
        <property name="errorPage" value="/403.jsp"></property>
    </bean>
    <bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
        <property name="service" value="http://localhost:8080/spring-security-cas/j_spring_cas_security_check"></property>
        <property name="sendRenew" value="false"></property>
    </bean> 
    <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager"></property>
    </bean>
    <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
        <property name="loginUrl" value="http://localhost:9080/cas-server-webapp-3.4.10/login"></property>
        <property name="serviceProperties" ref="serviceProperties"></property>
    </bean>
    <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
        <property name="userDetailsService" ref="myUserDetailsService"></property>
        <property name="serviceProperties" ref="serviceProperties"></property>
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0" value="http://localhost:9080/cas-server-webapp-3.4.10"></constructor-arg>
            </bean>
        </property>
        <property name="key" value="cas"></property>
    </bean>
in web.xml, I've includede spring security context and set the appropriate listeners and etc.
in pom(I use maven) I've added the required dependencies, described in the article. 
But the problem stays.
I'd be glad any pieces of advice
                Well, I used the examples from springsource: link and started their CAS-Server using the command: mvn jetty:run-war. I just found a note that might be of more help to you: import server certificate to the local keystore command keytool.exe -importkeystore -srckeystore "spring-security-samples\certificates\server.jks" -destkeystore "%JAVA_HOME%\jre\security\cacerts"
– Andy
                Sep 28, 2012 at 12:57
                As stated before, does your server require an authentication? When you directly navigate your browser to it (with a fresh session), does it ask for authentication before you see the CAS login-page?
– Andy
                Sep 28, 2012 at 16:55
                I don't exactly understand what you mean, but I'll try to explain what I currently have. On the first tomcat I started CAS-server(I can login there and I see what ticket it gives me in console) and on the second tomcat I start my app, where I want to have SSO(single sign-on), thus I won't login, it should use the ticket, BUT it requires credentials, and after I put them in, I see the stacktrace above. So what steps I should perform?
– John Smith
                Oct 1, 2012 at 8:57
        
Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.