Hi all ! Here is what is happening. I successfully setup a cas server, and a webapplication using it to authentify users, with spring security 3. I also setup another security mode allowing users to be authentified with their openid (it works perfectly, tested with my google openid and an open id created at myopenid).
I'm trying now to configure cas as an Openid OP, and use the openid security mode of my webapp to authentify users through cas, using an openid. This is where problems begin. I followed the user guide located at https://wiki.jasig.org/display/CASUM/OpenID. But i have a few questions, the guide being not really clear. First, the guide says : "You'll need to set up a local mechanism for generating URIs for your users based on their username (i.e. http://openid.rutgers.edu/battags)". I'm not sure what this mean. Actually i'm trying to use a fake openid, composed of my cas server "endpoint" address (more about this later). The openid i use in my webapp is then : http://localhost:8080/cas/phoenix (phoenix is my username, and my endpoint page is a file called phoenix). Is this correct (even it's obviously just a test mode, should it work)? And i'd like to have more details about the "local mechanism for generating uris for users). Should it be something developped in the cas server, or in my webapp ? Second, what exactly is the endpoint page? Should it be located in my cas webapp or in my application using cas? I put in my endpoint the link to my "openid server (ie cas)" this way : openid.server : https://localhost:8443/cas/login. Correct ? Next, using this configuration, i sometime get a half process working (my openid request is sent to cas, it uses the last string after / (phoenix here), and set it as my username in the login form. After entering my password, authentication in cas is sucessful. But then, things go wrong. In my webapp logs, i see that openid handlers receive cas response, then try to verify it, calling again localhost:8443/cas/login. Then i have a nasty error, because the openid handler in my webapp is expecting a key-value pair containing (i guess) the openid parameters, but instead, cas sends the login page (casLoginView.jsp). So of course it fails. I think it fails because i get an error in the OpenIdSingleSignOnAction when the verification takes place (or sometimes also at first request (yes, weird)). It's because i have no ticketGrantingId in the request scope or the flow scope. So sometimes it just fails (flow goes to error), or i get a nasty NPE when the ticket is not expected to be null. In this case, the error in cas webflow should in my opinion redirect to the login form, which would explain why i get the login page instead of openid info. I'm really lost, and google does not provide me with any help, only casum and two messages here with no information helpful. Any idea what i done wrong ? Also for your information, the cas documentation is outdated, when showing how to change the flow-login.Xml, the <action-state id="initialFlowSetup"> does not exist anymore, now it's in on-start, and i can't add a transition there. Anyway it seems to go through the selectFirstAction anyway, but it's confusing. I'd really appreciate help, and if someone had a working sample cas-server-webapp with openid enable, i would be soooo grateful ! I don't know where to look at. -- View this message in context: http://jasig.275507.n4.nabble.com/CAS-openid-mode-setup-help-needed-tp4265327p4265327.html Sent from the CAS Developers mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
