You might want to set debug or trace level logging on cas client to get some insights on what it’s doing.
D. On Tue, Nov 26, 2024 at 12:07 Colin Ryan <[email protected]> wrote: > Ray, > > That's what I had originally. It all works if my filter is applied to "/*" > but if I use subpath for the webapp installed in tomcat "/ldapconn/*" > > it appears to not get invoked/triggered etc. > > I will sanity check my eyes again today. > > C > On 2024-11-25 3:42 PM, Ray Bon wrote: > > Colin, > > I have this filter order (I should have included this earlier): > > Authentication > Validation > Wrapper > > Filters are applied in the order they are listed in web.xml. There is no > mechanism to skip nor go backwards. > One must authenticate before validate. > > Note: if you want to use a logout filter, it would precede authenticate. > > Ray > > On Mon, 2024-11-25 at 14:38 -0500, Colin Ryan wrote: > > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > Ray, > > Changed to the following: > > > <filter-mapping> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> > <url-pattern>/ldapconn/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>CAS Authentication Filter</filter-name> > <url-pattern>/ldapconn/*</url-pattern> > </filter-mapping> > > > Same issue > > Thanks > > On 2024-11-25 1:55 PM, Ray Bon wrote: > > Colin, > > The filters are ordered. Authentication filter must be listed before > validation filter. > > Ray > > On Fri, 2024-11-22 at 13:40 -0500, Colin Ryan wrote: > > [You don't often get email from [email protected]. Learn why this is > important at https://aka.ms/LearnAboutSenderIdentification ] > > Folks, > > CAS Client 3.6.4 > > Filter is starting in the logs, but I only want CAS to be in play for 1 > specific WebApp installed on this Tomcat 9 instance. > > If I change the url-patterns in the web.xml file to "/*" everything > works, but if I try to scope CAS down to the specific App the filter's > appear to never be "invoked". I have a simple .jsp file in > /ldapconn/casverify.jsp for confirming CAS. If I in a freshly started > browser go to > > /ldapconn/casverify.jsp I do not get redirected to CAS for > authentication and get errors obviously in my JSP. > > Even if I go to CAS directly and login and then go to > /ldapconn/casverify.jsp I get the same error. > > If I change the url-patterns to just "/*" it all works as expected. > > > Here is my web.xml > > > <!-- CAS Validation Filter --> > <filter> > <filter-name>CAS Validation Filter</filter-name> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>Warning this link may be malicious, it actually goes to the > site "ssoservice.mydomain.net" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376066536%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OfsE9HMJzlE4fkcoP83ShfURURxqDMcJ6wksYw%2Ft7wk%3D&reserved=0 > <https://ssoservice.mydomain.net/cas></param-value> > </init-param> > <init-param> > <param-name>serverName</param-name> > <param-value>Warning this link may be malicious, it actually goes to the > site "ldapconn.mydomain.net:8080" while displaying: > https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376086761%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pChxlFSf6aasE1D4Lq037Rv6nzPIU4WHqjPAtS0i%2FdE%3D&reserved=0 > <http://ldapconn.mydomain.net:8080/></param-value> > </init-param> > </filter> > > <!-- Cas Filter/Wrapper --> > > <filter> > <filter-name>CAS Authentication Filter</filter-name> > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>Warning this link may be malicious, it actually goes to the > site "ssoservice.mydomain.net" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376097782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=XS%2BgBACgj1tp16bY3db3ohSw94WajWupQnxRXB3ehEs%3D&reserved=0 > <https://ssoservice.mydomain.net/cas></param-value> > </init-param> > <init-param> > <param-name>serverName</param-name> > <param-value>Warning this link may be malicious, it actually goes to the > site "ldapconn.mydomain.net:8080" while displaying: > https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376110255%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=adVzJR7CAYa7QVdyIIey%2B3iJNmJVikxwj5%2Bn%2BpNMPCc%3D&reserved=0 > <http://ldapconn.mydomain.net:8080/></param-value> > </init-param> > </filter> > > <!-- CAS Wrapper --> > > <filter> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>CAS Authentication Filter</filter-name> > <url-pattern>/ldapconn/*</url-pattern> > </filter-mapping> > > > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> > <url-pattern>/ldapconn/*</url-pattern> > </filter-mapping> > > > > <filter-mapping> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > <url-pattern>/ldapconn/*</url-pattern> > </filter-mapping> > > > -- > - Website: Warning this link may be malicious, it actually goes to the > site "apereo.github.io" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376121285%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xuxlHxU%2BKrXYJA3i%2BlDGbDBY0DqpnwpnRqDfbUTwzz4%3D&reserved=0 > <https://apereo.github.io/cas> > - List Guidelines: Warning this link may be malicious, it actually goes > to the site "goo.gl" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376132089%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ghQQ69ubKIsO564UuW8kOjc44w0pEuvhW8tSD98monc%3D&reserved=0 > <https://goo.gl/1VRrw7> > - Contributions: Warning this link may be malicious, it actually goes to > the site "goo.gl" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376142745%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ZEJVa97c2Fq1tA7WrXU2p5whAp%2B6TVkp%2BBWUJ8avVnQ%3D&reserved=0 > <https://goo.gl/mh7qDG> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email [email protected]. > To view this discussion visit Warning this link may be malicious, it > actually goes to the site "groups.google.com" while displaying: > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fc9057747-931f-4578-9459-e049e5c80ff2%2540caveo.ca&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376153359%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7QMR5RrzsGcphF8UDr9VjHGc8sQ6p2ggdX6S15%2BrUWM%3D&reserved=0 > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9057747-931f-4578-9459-e049e5c80ff2%40caveo.ca> > . > > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/752e1e5b-fcdb-4dc9-aec8-87172a0edee7%40caveo.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/752e1e5b-fcdb-4dc9-aec8-87172a0edee7%40caveo.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMpiYKj4GuPRvR4cn70uF%2BmJwJAozkHsnLMMcp8cfS3j1eizug%40mail.gmail.com.
