Acegi follows the correct behavior of appending a jsessionid to the service url. CAS 3.0.5 will correctly remove the jsessionid if it exists (older versions did not).
-Scott upasana immidi wrote: > I am using CAS and acegisecurity for validation of my webapp. > When I login for the first time. The app asks for the login credientials > but > fails with following error. But when go to the same login page again it > lets > me through with out any problem. > Error: > Your CAS credentials were rejected. > Reason: org.acegisecurity.BadCredentialsException: INVALID_SERVICE: Ticket > 'ST-24868-Sum9eE9afPjdv1nlO1WQ6IMwOFmeFhOuc4s-20' does not match supplied > service at > > org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator.validateNow > (CasProxyTicketValidator.java:107) at > > org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator.confirmTicketValid > (CasProxyTicketValidator.java:65) at > org.acegisecurity.providers.cas.CasAuthenticationProvider.authenticateNow( > CasAuthenticationProvider.java:136) at > org.acegisecurity.providers.cas.CasAuthenticationProvider.authenticate( > CasAuthenticationProvider.java:122) at > org.acegisecurity.providers.ProviderManager.doAuthentication( > > - Ignored: > ProviderManager.java:183) at > org.acegisecurity.AbstractAuthenticationManager.authenticate( > AbstractAuthenticationManager.java:45) at > org.acegisecurity.ui.cas.CasProcessingFilter.attemptAuthentication( > CasProcessingFilter.java:76) at > org.acegisecurity.ui.AbstractProcessingFilter.doFilter( > AbstractProcessingFilter.java:198) at > org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter( > FilterChainProxy.java:274) at > org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter( > HttpSessionContextIntegrationFilter.java:195) at > org.acegisecurity.util.FilterChainProxy$VirtualFilterChain.doFilter( > FilterChainProxy.java:274) at > org.acegisecurity.util.FilterChainProxy.doFilter(FilterChainProxy.java:148) > at > org.acegisecurity.util.FilterToBeanProxy.doFilter(FilterToBeanProxy.java:90) > at > weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42) > at > weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run( > WebAppServletContext.java:3151) at > weblogic.security.acl.internal.AuthenticatedSubject.doAs( > AuthenticatedSubject.java:321) at > weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) > at > weblogic.servlet.internal.WebAppServletContext.securedExecute( > WebAppServletContext.java:1973) at > weblogic.servlet.internal.WebAppServletContext.execute( > WebAppServletContext.java:1880) at > > weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1310) > at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207) at > weblogic.work.ExecuteThread.run(ExecuteThread.java:179) > > I am using the following versions > CAS Server: 3.04, > CAS client : 2.1.1 > acegisecurity 1.0.0 or 1.0.2 > > I look at the Spring Security Jira error Key SEC-306, which suggests > moving > to version 3.0.5. > > Can I make it work with some other version of CAS client or AcegiSecurity? > > On the CAS front > > I followed the Proxy CAS Walkthrough ( > http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough) > > step one:To start with, log in to CAS with some invented service: > https://websso-ho01/websso/login?service=http://localhost:7001/jss > I get the same error as above > > Step two:So, playing the role of the first application (not a proxying > application at this stage - lets just see if we can get our application > authenticated without proxying for now), you need to take the ticket and > turn it into a username: > > https://websso-ho01/websso/serviceValidate?ticket=ST-24868-Sum9eE9afPjdv1nlO1WQ6IMwOFmeFhOuc4s-20&http://localhost:7001/jss > > > > I get the error message: > > Ticket 'ST-24868-Sum9eE9afPjdv1nlO1WQ6IMwOFmeFhOuc4s-20' not recognized > > > Regards, > Upasana (Anna) > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Home: http://acegisecurity.org > Acegisecurity-developer mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer > ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Home: http://acegisecurity.org Acegisecurity-developer mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
