On Mon, Aug 9, 2010 at 3:00 PM, Scott Battaglia
<scott.battag...@gmail.com>wrote:
> For the authentication filter, are you setting the correct parameters?
>
> It looks like our example might be slightly off.
>
> These would need to be set on the AuthenticationFilter I believe:
>
> setArtifactParameterName("SAMLart");
> setServiceParameterName("TARGET");
>
> Let me know if that helps and we'll update the documentation.
>
No luck I am afraid using the following Spring configuration:
<bean name="authenticationFilter"
class="org.jasig.cas.client.authentication.AuthenticationFilter">
<property name="casServerLoginUrl" value="${cas.loginUrl}" />
<property name="serverName" value="${cas.serverName}" />
<property name="artifactParameterName" value="SAMLart" />
<property name="serviceParameterName" value="TARGET" />
</bean>
<bean name="ticketValidationFilter"
class="org.jasig.cas.client.validation.Saml11TicketValidationFilter">
<property name="serverName" value="${cas.serverName}" />
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Saml11TicketValidator">
<constructor-arg index="0" value="${cas.url}" />
</bean>
</property>
</bean>
Setting those properties in the AuthenticationFilter Spring bean returned
the following error when logging in:
org.opensaml.artifact.InvalidArgumentException: Unexpected length: 22
(expected 20)
org.opensaml.artifact.SAMLArtifact.checkHandleArg(Unknown Source)
org.opensaml.artifact.SAMLArtifactType0001.<init>(Unknown Source)
org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId_aroundBody0(SamlCompliantUniqueTicketIdGenerator.java:46)
org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId_aroundBody1$advice(SamlCompliantUniqueTicketIdGenerator.java:44)
org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId(SamlCompliantUniqueTicketIdGenerator.java:1)
....
The web.xml filter configuration below works fine with SAML authentication,
so I don't think there's a problem with the uniqueId generator configuration
(i.e. testing on https://localhost:8443).
At the moment I am using this web.xml filter configuration with SAML without
any issues (CAS server 3.4.2 with the Java CAS client 3.1.10):
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://localhost:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://localhost:8443</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
</filter>
David
> On Sun, Aug 8, 2010 at 6:04 PM, David Harrison <
> david.harri...@stress-free.co.nz> wrote:
>
>> Hi,
>> I am testing SAML 1.1 ticket validation with the help of this introductory
>> example:
>>
>> https://wiki.jasig.org/display/CASC/JASIG+Client+SAML+Saml11TicketValidationFilter+Example
>>
>> This works correctly, but I cannot get this to work with a Spring-based
>> DelegatingFilterProxy configuration.
>> e.g. web.xml snippet:
>>
>> <filter>
>> <filter-name>CAS Authentication Filter</filter-name>
>>
>>
>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>> <init-param>
>> <param-name>targetBeanName</param-name>
>> <param-value>authenticationFilter</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>CAS Validation Filter</filter-name>
>>
>>
>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>> <init-param>
>> <param-name>targetBeanName</param-name>
>> <param-value>ticketValidationFilter</param-value>
>> </init-param>
>> </filter>
>> <filter>
>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
>>
>>
>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
>> </filter>
>>
>>
>> Spring configuration snippet:
>>
>> <bean name="authenticationFilter"
>>
>> class="org.jasig.cas.client.authentication.AuthenticationFilter">
>> <property name="casServerLoginUrl" value="${cas.loginUrl}" />
>> <property name="serverName" value="${cas.serverName}" />
>> </bean>
>>
>> <bean name="ticketValidationFilter"
>>
>> class="org.jasig.cas.client.validation.Saml11TicketValidationFilter">
>>
>> <property name="serverName" value="${cas.serverName}" />
>> <property name="redirectAfterValidation" value="true" />
>> <property name="ticketValidator">
>> <bean
>> class="org.jasig.cas.client.validation.Saml11TicketValidator">
>> <constructor-arg index="0" value="${cas.url}" />
>> </bean>
>> </property>
>> </bean>
>>
>>
>> Note: I've been using a similar configuration for the last few years with
>> CAS tickets without issue.
>>
>> I have tested the configuration example listed here with no effect:
>>
>> https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+using+Spring
>>
>>
>> The authenticationFilter bean is working correctly, the problem seems to
>> be the ticketValidationFilter configuration.
>> I've enabled debug logging on the client, but there seems to be very
>> little output.
>> i.e. It is almost like the ticketValidationFilter is not even
>> being engaged.
>>
>>
>> Could anyone provide a Spring configuration that matches (or is similar
>> to) the initial SAML example that I initially referenced?
>>
>> e.g. The Spring DelegatingFilterProxy equivalent of:
>>
>> <filter>
>> <filter-name>CAS Validation Filter</filter-name>
>>
>>
>> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class>
>> <init-param>
>> <param-name>casServerUrlPrefix</param-name>
>> <param-value>https://cas.mydomain.com/cas</param-value>
>> </init-param>
>> <init-param>
>> <param-name>serverName</param-name>
>> <param-value>http://localhost:8084</param-value>
>> </init-param>
>> <init-param>
>> <param-name>redirectAfterValidation</param-name>
>> <param-value>true</param-value>
>> </init-param>
>> </filter>
>>
>>
>> David
>>
>> --
>> You are currently subscribed to cas-dev@lists.jasig.org as:
>> scott.battag...@gmail.com
>>
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>>
>>
> --
> You are currently subscribed to cas-dev@lists.jasig.org as:
> david.harri...@stress-free.co.nz
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
