Re:[cas-dev] Clearpass DotNetCasClient - ticket does not match supplied service

Fri, 14 May 2010 14:19:07 -0700 

Thanks for your help.  It is working now.

For the record, here is the working code & web.config file

    <casClientConfig
        casServerLoginUrl="https://cas.pepperdine.edu:8443/cas/login";
        serverName="https://sbolan1.pepperdine.edu";
        casServerUrlPrefix="https://cas.pepperdine.edu:8443/cas";
        redirectAfterValidation="true"
        gateway="true"
        renew="false"
        ticketValidatorName="Cas20"
        ticketTimeTolerance="5000"
        singleSignOut="false"
        proxyTicketManager="CacheProxyTicketManager"
        serviceTicketManager="CacheServiceTicketManager"
        gatewayStatusCookieName="CasGatewayStatus"
    />
 


   protected void Page_Load(object sender, EventArgs e)
    {
        if (!Page.IsPostBack)
        {
            //Uri ClearPassUri = new
Uri(ConfigurationSettings.AppSettings["clearpass.URL"]);
            Uri ClearPassUri = new
Uri(@"https://cas.pepperdine.edu:8443/cas/clearPass";);
            FormsAuthenticationTicket formsAuthTicket =
CasAuthentication.GetFormsAuthenticationTicket();
            CasAuthenticationTicket casTicket =
CasAuthentication.ServiceTicketManager.GetTicket(formsAuthTicket.UserData);

            string validateUrl =
EnhancedUriBuilder.Combine(CasAuthentication.CasServerUrlPrefix,
"proxyValidate");
            string proxyGrantingTicket = casTicket.ProxyGrantingTicket;
            string proxyUrl =
UrlUtil.ConstructProxyTicketRequestUrl(casTicket.ProxyGrantingTicket,
ClearPassUri.AbsoluteUri);
            string proxyTicket;

            try
            {
                proxyTicket =
CasAuthentication.GetProxyTicketIdFor(ClearPassUri.AbsoluteUri);
            }
            catch (InvalidOperationException ioe)
            {
                proxyTicket = "Invalid Request: " + ioe.Message;
            }
            catch (TicketValidationException tve)
            {
                proxyTicket = "Ticket Exception: " + tve.Message;
            }

            string clickOnceValidation = validateUrl + "?service=" +
Server.UrlEncode(ClearPassUri.AbsoluteUri) + "&proxyTicket=" + proxyTicket;

            string appUrl = new UriBuilder(Request.Url.Scheme,
Request.Url.DnsSafeHost, Request.Url.Port, ResolveUrl("Default.aspx"),
"?proxyTicket=" + proxyTicket + "&verifyUrl=" +
Server.UrlEncode(validateUrl)).Uri.AbsoluteUri;

            string ArtifactParameterName = "ticket";
            string ServiceParameterName = "service";

            string clearPassRequest = ClearPassUri.AbsoluteUri + "?" +
ArtifactParameterName + "=" + proxyTicket + "&" + ServiceParameterName + "="
+ Server.UrlEncode(ClearPassUri.AbsoluteUri);

            string clearPassResponse;
            StreamReader reader = null;
            try
            {
                reader = new StreamReader(new
WebClient().OpenRead(clearPassRequest));
                clearPassResponse = reader.ReadToEnd();
            }
            catch (Exception ex)
            {
                throw new HttpException(500, "Error getting response from
clearPass at URL: " + clearPassRequest + ". " + ex.Message, ex);
            }
            finally
            {
                if (reader != null)
                {
                    reader.Close();
                }
            }

            StringBuilder debugText = new StringBuilder();

            debugText.AppendLine("Your PGT");
            debugText.AppendLine(proxyGrantingTicket);
            debugText.AppendLine();

            debugText.AppendLine("Target Service URL");
            debugText.AppendLine(ClearPassUri.AbsoluteUri);
           
//debugText.AppendLine(Server.UrlEncode((ClearPassUri.AbsoluteUri)));
            debugText.AppendLine();

            debugText.AppendLine("Proxy Ticket URL");
            debugText.AppendLine(proxyUrl);
            debugText.AppendLine();

            debugText.AppendLine("Proxy Ticket");
            debugText.AppendLine(proxyTicket);
            debugText.AppendLine();

            debugText.AppendLine("Validate URL");
            debugText.AppendLine(validateUrl);
            debugText.AppendLine();

            debugText.AppendLine("ClickOnce URL");
            debugText.AppendLine(appUrl);
            debugText.AppendLine();

            debugText.AppendLine("ClickOnce Validation");
            debugText.AppendLine(clickOnceValidation);
            debugText.AppendLine();

            debugText.AppendLine("Clearpass URL");
            debugText.AppendLine(ClearPassUri.AbsoluteUri);
            debugText.AppendLine();

            debugText.AppendLine("clearPassRequest");
            debugText.AppendLine(clearPassRequest);
            debugText.AppendLine();

            debugText.AppendLine("clearPassResponse");
            debugText.AppendLine(clearPassResponse);
            debugText.AppendLine(GetPassword(clearPassResponse));
            debugText.AppendLine();

            DebugField.Text = debugText.ToString();
            ClickOnceUrl.Text = appUrl;
        }
    }

    private string GetPassword(string clearPassResponse)
    {
        string retVal = "";

        XmlDocument xDoc = new XmlDocument();
        xDoc.LoadXml(clearPassResponse);

        try
        {
            retVal =
xDoc.GetElementsByTagName("cas:credentials")[0].InnerText;
        }
        catch
        {
            retVal = "";
        }

        return retVal;
    }
-- 
View this message in context: 
http://jasig.275507.n4.nabble.com/Clearpass-DotNetCasClient-ticket-does-not-match-supplied-service-tp2215801p2217251.html
Sent from the CAS Developers mailing list archive at Nabble.com.

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to