I'm guessing I have a small error somewhere, but I don't see it. Here's the web.xml edited with "theCASserver" and "theAPP" as the two hosts (otherwise all is the same). What I see is this:
1) First request gets forwarded to CAS for login 1a) << successful login happens >> 1b) redirect to app: http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas 2) every subsequent request redirects to the the CAS server and gets bounced back to the the theAPP with a new ticket: http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas some web.xml snippets: <context-param> <param-name>serverName</param-name> <param-value>http://theAPP:8080</param-value> </context-param> <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://theCASserver:8443/cas/login</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/num/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/num/*</url-pattern> </filter-mapping> I originally had the CAS validation Filter setup in "theAPP" as well, but I took it out thinking that should actually be running on "theCASserver" so I took it out. <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> It's a bit confusing following the example web.xml since the CAS server and the secured app are the same host and it's not entirely clear which filters and config params belong to which "app" (I'm running on two different hosts). Any help would be greatly appreciated. -Sam --- On Wed, 2/11/09, Scott Battaglia <[email protected]> wrote: From: Scott Battaglia <[email protected]> Subject: Re: [cas-user] Basic CAS question - auths every request? To: [email protected] Date: Wednesday, February 11, 2009, 9:10 PM You've probably misconfigured the client or disabled sessions. That example Tomcat 5.5 Tomcat Manager web.xml should work fine and only go to CAS once. -Scott On Wed, Feb 11, 2009 at 5:26 PM, Sam <[email protected]> wrote: I have configured CAS and a single client app (configure being used rather loosely, as I didn't configure much). What I did was setup the client app similar to http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager (I am running tomcat 5.5 as well). CAS is running on a separate server with a valid cert (this is dev environment). I created my own password validator that seems to be working just fine. I have the app running under HTTP for now and I have noticed that it sends a request to CAS with every request to the server. It gets a new ticket to validate and calls the CAS validation service (and succeeds without a problem). The first request through it presents a login screen - subsequent requests simply validate the new ticket. My question is this: Should the app be sending a request to CAS with every request it gets? This is what seems to be happening and is very noticeable because it switches back and forth between HTTP & HTTPS because I'm running the app under HTTP. It seems a bit inefficient to validate the user with every request and I'm wondering if I've misconfigured something (I'm using the CAS 3 client and associated filters). -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
