Looks like you authenticated successfully, but CAS is unable to authorize you to use the service. Not sure how it works in CAS4, but in 3.x you have to specifically configure a list of admin users.
Thanks, Carl Waldbieser ITS Systems Programmer Lafayette College ----- Original Message ----- From: "Patrick Coleman" <[email protected]> To: "cas-user" <[email protected]> Sent: Monday, October 26, 2015 11:18:42 AM Subject: [cas-user] Access Denied, cas-management Hi, I’m new to CAS and have set up CAS using direction and samples from these pages. https://github.com/UniconLabs/simple-cas4-overlay-template <https://github.com/UniconLabs/simple-cas4-overlay-template> When I bring up the cas server it asks for username/login and when entered says I’m successful! And see this in my catalina.out file. 2015-10-26 11:09:01,271 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <AcceptUsersAuthenticationHandler successfully authenticated casuser+password> 2015-10-26 11:09:01,283 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated casuser with credentials [casuser+password].> 2015-10-26 11:09:01,289 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: casuser+password WHAT: supplied credentials: [casuser+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Mon Oct 26 11:09:01 EDT 2015 CLIENT IP ADDRESS: 10.0.1.143 SERVER IP ADDRESS: 207.188.245.154 ============================================================= > 2015-10-26 11:09:01,299 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: casuser+password WHAT: TGT-**********************************************77ngRT5fqO-pat-test.chs.harvard.edu <http://77ngrt5fqo-pat-test.chs.harvard.edu/> ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Mon Oct 26 11:09:01 EDT 2015 CLIENT IP ADDRESS: 10.0.1.143 SERVER IP ADDRESS: 207.188.245.154 ============================================================= When I go to the cas-management page I also get asked for the login but when I enter the username and login I get... Access Denied You are not authorized to access this resource. Contact your CAS administrator for more info. and see this is my catalina.out file. 2015-10-26 11:11:40,975 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Examining language bundle [classpath:messages_en_US] for the code [AbstractAccessDecisionManager.accessDenied]> 2015-10-26 11:11:40,975 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en_US] - neither plain properties nor XML> 2015-10-26 11:11:40,975 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <The code [AbstractAccessDecisionManager.accessDenied] cannot be found in the language bundle for the locale [en_US]> 2015-10-26 11:11:40,976 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML> 2015-10-26 11:11:40,976 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML> 2015-10-26 11:11:40,977 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML> 2015-10-26 11:11:40,977 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Loading properties [messages.properties] with encoding 'UTF-8'> 2015-10-26 11:11:41,041 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-1-GNe4MUdFGjz6jf7cNmI2-pat-test.chs.harvard.edu <http://st-1-gne4mudfgjz6jf7cnmi2-pat-test.chs.harvard.edu/>] for service [https://pat-test.chs.harvard.edu:8443/cas-management/login/cas] for user [casuser <https://pat-test.chs.harvard.edu:8443/cas-management/login/cas]%20for%20user%20[casuser>]> 2015-10-26 11:11:41,044 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: casuser WHAT: ST-1-GNe4MUdFGjz6jf7cNmI2-pat-test.chs.harvard.edu <http://st-1-gne4mudfgjz6jf7cnmi2-pat-test.chs.harvard.edu/> for https://pat-test.chs.harvard.edu:8443/cas-management/login/cas <https://pat-test.chs.harvard.edu:8443/cas-management/login/cas> ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Mon Oct 26 11:11:41 EDT 2015 CLIENT IP ADDRESS: 10.0.1.143 SERVER IP ADDRESS: 207.188.245.154 ============================================================= > 2015-10-26 11:11:41,058 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Placing URL parameters in map.> 2015-10-26 11:11:41,058 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Calling template URL attribute map.> 2015-10-26 11:11:41,058 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Loading custom parameters from configuration.> 2015-10-26 11:11:41,058 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Constructing validation url: https://pat-test.chs.harvard.edu:8443/cas/serviceValidate?ticket=ST-1-GNe4MUdFGjz6jf7cNmI2-pat-test.chs.harvard.edu&service=https%3A%2F%2Fpat-test.chs.harvard.edu%3A8443%2Fcas-management%2Flogin%2Fcas <https://pat-test.chs.harvard.edu:8443/cas/serviceValidate?ticket=ST-1-GNe4MUdFGjz6jf7cNmI2-pat-test.chs.harvard.edu&service=https%3A%2F%2Fpat-test.chs.harvard.edu%3A8443%2Fcas-management%2Flogin%2Fcas>> 2015-10-26 11:11:41,059 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Retrieving response from server.> 2015-10-26 11:11:41,166 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-1-GNe4MUdFGjz6jf7cNmI2-pat-test.chs.harvard.edu <http://st-1-gne4mudfgjz6jf7cnmi2-pat-test.chs.harvard.edu/> ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Mon Oct 26 11:11:41 EDT 2015 CLIENT IP ADDRESS: 207.188.245.154 SERVER IP ADDRESS: 207.188.245.154 ============================================================= > 2015-10-26 11:11:41,187 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] - <Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas'>> <cas:authenticationSuccess> <cas:user>casuser</cas:user> </cas:authenticationSuccess> </cas:serviceResponse> Can anyone tell me what the problem is? Thanks. Pat. Patrick Coleman [email protected] <mailto:[email protected]> 301-651-9573 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
