On Tue, Aug 10, 2010 at 2:54 PM, Scott Battaglia <scott.battag...@gmail.com>wrote:
> The parameters were fine. You're hitting this bug: > https://issues.jasig.org/browse/CAS-817 > > If you swap the parameters in the filter, you may as well just use the CAS2 > Filters. > I'm using SAML to pass user attributes along the wire, which it is currently doing very well. David > On Mon, Aug 9, 2010 at 12:17 AM, David Harrison < > david.harri...@stress-free.co.nz> wrote: > >> On Mon, Aug 9, 2010 at 3:00 PM, Scott Battaglia < >> scott.battag...@gmail.com> wrote: >> >>> For the authentication filter, are you setting the correct parameters? >>> >>> It looks like our example might be slightly off. >>> >>> These would need to be set on the AuthenticationFilter I believe: >>> >>> setArtifactParameterName("SAMLart"); >>> setServiceParameterName("TARGET"); >>> >>> Let me know if that helps and we'll update the documentation. >>> >> >> >> No luck I am afraid using the following Spring configuration: >> >> <bean name="authenticationFilter" >> >> class="org.jasig.cas.client.authentication.AuthenticationFilter"> >> <property name="casServerLoginUrl" value="${cas.loginUrl}" /> >> <property name="serverName" value="${cas.serverName}" /> >> <property name="artifactParameterName" value="SAMLart" /> >> <property name="serviceParameterName" value="TARGET" /> >> </bean> >> >> <bean name="ticketValidationFilter" >> >> class="org.jasig.cas.client.validation.Saml11TicketValidationFilter"> >> >> <property name="serverName" value="${cas.serverName}" /> >> <property name="ticketValidator"> >> <bean >> class="org.jasig.cas.client.validation.Saml11TicketValidator"> >> <constructor-arg index="0" value="${cas.url}" /> >> </bean> >> </property> >> </bean> >> >> >> Setting those properties in the AuthenticationFilter Spring bean returned >> the following error when logging in: >> >> org.opensaml.artifact.InvalidArgumentException: Unexpected length: 22 >> (expected 20) >> org.opensaml.artifact.SAMLArtifact.checkHandleArg(Unknown Source) >> org.opensaml.artifact.SAMLArtifactType0001.<init>(Unknown Source) >> >> org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId_aroundBody0(SamlCompliantUniqueTicketIdGenerator.java:46) >> >> org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId_aroundBody1$advice(SamlCompliantUniqueTicketIdGenerator.java:44) >> >> org.jasig.cas.util.SamlCompliantUniqueTicketIdGenerator.getNewTicketId(SamlCompliantUniqueTicketIdGenerator.java:1) >> .... >> >> >> The web.xml filter configuration below works fine with SAML >> authentication, so I don't think there's a problem with the uniqueId >> generator configuration (i.e. testing on https://localhost:8443). >> >> At the moment I am using this web.xml filter configuration with SAML >> without any issues (CAS server 3.4.2 with the Java CAS client 3.1.10): >> >> <filter> >> <filter-name>CAS Authentication Filter</filter-name> >> >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value>https://localhost:8443/cas/login</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>https://localhost:8443</param-value> >> </init-param> >> </filter> >> <filter> >> <filter-name>CAS Validation Filter</filter-name> >> >> >> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://localhost:8443/cas</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>https://localhost:8443</param-value> >> </init-param> >> <init-param> >> <param-name>redirectAfterValidation</param-name> >> <param-value>true</param-value> >> </init-param> >> </filter> >> >> >> >> David >> >> >> >>> On Sun, Aug 8, 2010 at 6:04 PM, David Harrison < >>> david.harri...@stress-free.co.nz> wrote: >>> >>>> Hi, >>>> I am testing SAML 1.1 ticket validation with the help of this >>>> introductory example: >>>> >>>> https://wiki.jasig.org/display/CASC/JASIG+Client+SAML+Saml11TicketValidationFilter+Example >>>> >>>> This works correctly, but I cannot get this to work with a Spring-based >>>> DelegatingFilterProxy configuration. >>>> e.g. web.xml snippet: >>>> >>>> <filter> >>>> <filter-name>CAS Authentication Filter</filter-name> >>>> >>>> >>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>> <init-param> >>>> <param-name>targetBeanName</param-name> >>>> <param-value>authenticationFilter</param-value> >>>> </init-param> >>>> </filter> >>>> <filter> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> >>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>> <init-param> >>>> <param-name>targetBeanName</param-name> >>>> <param-value>ticketValidationFilter</param-value> >>>> </init-param> >>>> </filter> >>>> <filter> >>>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>>> </filter> >>>> >>>> >>>> Spring configuration snippet: >>>> >>>> <bean name="authenticationFilter" >>>> >>>> class="org.jasig.cas.client.authentication.AuthenticationFilter"> >>>> <property name="casServerLoginUrl" value="${cas.loginUrl}" >>>> /> >>>> <property name="serverName" value="${cas.serverName}" /> >>>> </bean> >>>> >>>> <bean name="ticketValidationFilter" >>>> >>>> class="org.jasig.cas.client.validation.Saml11TicketValidationFilter"> >>>> >>>> <property name="serverName" value="${cas.serverName}" /> >>>> <property name="redirectAfterValidation" value="true" /> >>>> <property name="ticketValidator"> >>>> <bean >>>> class="org.jasig.cas.client.validation.Saml11TicketValidator"> >>>> <constructor-arg index="0" value="${cas.url}" /> >>>> </bean> >>>> </property> >>>> </bean> >>>> >>>> >>>> Note: I've been using a similar configuration for the last few years >>>> with CAS tickets without issue. >>>> >>>> I have tested the configuration example listed here with no effect: >>>> >>>> https://wiki.jasig.org/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+using+Spring >>>> >>>> >>>> The authenticationFilter bean is working correctly, the problem seems to >>>> be the ticketValidationFilter configuration. >>>> I've enabled debug logging on the client, but there seems to be very >>>> little output. >>>> i.e. It is almost like the ticketValidationFilter is not even >>>> being engaged. >>>> >>>> >>>> Could anyone provide a Spring configuration that matches (or is similar >>>> to) the initial SAML example that I initially referenced? >>>> >>>> e.g. The Spring DelegatingFilterProxy equivalent of: >>>> >>>> <filter> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> >>>> <filter-class>org.jasig.cas.client.validation.Saml11TicketValidationFilter</filter-class> >>>> <init-param> >>>> <param-name>casServerUrlPrefix</param-name> >>>> <param-value>https://cas.mydomain.com/cas</param-value> >>>> </init-param> >>>> <init-param> >>>> <param-name>serverName</param-name> >>>> <param-value>http://localhost:8084</param-value> >>>> </init-param> >>>> <init-param> >>>> <param-name>redirectAfterValidation</param-name> >>>> <param-value>true</param-value> >>>> </init-param> >>>> </filter> >>>> >>>> >>>> David >>>> >>>> -- >>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>> scott.battag...@gmail.com >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>> >>>> >>> -- >>> You are currently subscribed to cas-dev@lists.jasig.org as: >>> david.harri...@stress-free.co.nz >>> >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >>> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> scott.battag...@gmail.com >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > david.harri...@stress-free.co.nz > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
