spring-security - ServiceValidateController [エラー] のチケットを生成する TicketException

Question

ログインしようとするとCasでエラーが発生します。エラーからのログは次のとおりです。自己署名証明書があり、これらをキーストアに追加し、キーストアをcacerts thxに追加して助けを求めています

これらはCASからのログです

ServiceValidateController [ERROR] TicketException generating ticket for: [callbackUrl: https://localhost:8443/receptor]
org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad
    at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:291)
    at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126)
    at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
    at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:807)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
    at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:602)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
    at java.lang.Thread.run(Thread.java:722)
Caused by: error.authentication.credentials.bad
    at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25)
    at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:113)
    at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:262)
    ... 26 more

これらは LDAP からのログです

geobolivia slapd[3024]: conn=1003 op=3 SRCH base="ou=users,dc=geobolivia,dc=gob,dc=bo" scope=2 deref=3 filter="(uid=geobolivia)"
geobolivia slapd[3024]: conn=1003 op=3 SEARCH RESULT tag=101 err=0 nentries=0 text=
geobolivia slapd[3024]: conn=1003 op=4 SRCH base="ou=users,dc=geobolivia,dc=gob,dc=bo" scope=2 deref=3 filter="(uid=_cas_stateful_)"
geobolivia slapd[3024]: conn=1003 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text=

これらは Security-proxy からのログです

ProxyGrantingTicketStorageImpl [INFO] No Proxy Ticket found for 
FilterBasedLdapUserSearch [DEBUG] Searching for user 'geobolivia', with user search [ searchFilter: '(uid={0})', searchBase: 'ou=users', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
AbstractContextSource [DEBUG] Got Ldap context on server 'ldap://localhost:389/dc=geobolivia,dc=gob,dc=bo'
SpringSecurityLdapTemplate [DEBUG] Searching for entry in under DN 'dc=geobolivia,dc=gob,dc=bo', base = 'ou=users', filter = '(uid={0})'
ProviderManager [DEBUG] Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
LdapAuthenticationProvider [DEBUG] Processing authentication request for user: _cas_stateful_
FilterBasedLdapUserSearch [DEBUG] Searching for user '_cas_stateful_', with user search [ searchFilter: '(uid={0})', searchBase: 'ou=users', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
AbstractContextSource [DEBUG] Got Ldap context on server 'ldap://localhost:389/dc=geobolivia,dc=gob,dc=bo'
SpringSecurityLdapTemplate [DEBUG] Searching for entry in under DN 'dc=geobolivia,dc=gob,dc=bo', base = 'ou=users', filter = '(uid={0})'
2013-08-29 18:29:15 CasAuthenticationFilter [DEBUG] Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-08-29 18:29:15 CasAuthenticationFilter [DEBUG] Updated SecurityContextHolder to contain null Authentication
CasAuthenticationFilter [DEBUG] Delegating to authentication failure handlerorg.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@1e6ba8ee
SimpleUrlAuthenticationFailureHandler [DEBUG] No failure URL set, sending 401 Unauthorized error
HttpSessionSecurityContextRepository [DEBUG] SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
SecurityContextPersistenceFilter [DEBUG] SecurityContextHolder now cleared, as request processing completed

Answer 1

これは非常によく似ています: CAS 資格情報が正しくありません

基本的に、CAS は PGT を配信しようとしているためにクライアント アプリを呼び出そうとしていますが、クライアント アプリはコールバック URL に応答していません。