Please follow this example which is for the web application and what I directed you to before: http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager
This works. If you choose to ignore it and remove validation filters, then its not going to work. -Scott On Thu, Feb 12, 2009 at 11:37 AM, schneisc <[email protected]> wrote: > I'm guessing I have a small error somewhere, but I don't see it. Here's > the web.xml edited with "theCASserver" and "theAPP" as the two hosts > (otherwise all is the same). What I see is this: > > 1) First request gets forwarded to CAS for login > 1a) << successful login happens >> > 1b) redirect to app: > > http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas > > 2) every subsequent request redirects to the the CAS server and gets > bounced back to the the theAPP with a new ticket: > > http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas > > some web.xml snippets: > > <context-param> > <param-name>serverName</param-name> > <param-value>http://theAPP:8080</param-value> > </context-param> > > <filter> > <filter-name>CAS Authentication Filter</filter-name> > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > > <init-param> > <param-name>casServerLoginUrl</param-name> > <param-value>https://theCASserver:8443/cas/login</param-value> > > </init-param> > </filter> > > <filter> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> > </filter> > > <filter-mapping> > <filter-name>CAS Authentication Filter</filter-name> > <url-pattern>/num/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > <url-pattern>/num/*</url-pattern> > </filter-mapping> > > > I originally had the CAS validation Filter setup in "theAPP" as well, but I > took it out thinking that should actually be running on "theCASserver" so I > took it out. > > <filter-name>CAS Validation Filter</filter-name> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > > It's a bit confusing following the example web.xml since the CAS server and > the secured app are the same host and it's not entirely clear which filters > and config params belong to which "app" (I'm running on two different > hosts). Any help would be greatly appreciated. > > -Sam > > --- On *Wed, 2/11/09, Scott Battaglia <[email protected]>* wrote: > > From: Scott Battaglia <[email protected]> > Subject: Re: [cas-user] Basic CAS question - auths every request? > To: [email protected] > Date: Wednesday, February 11, 2009, 9:10 PM > > You've probably misconfigured the client or disabled sessions. That > example Tomcat 5.5 Tomcat Manager web.xml should work fine and only go to > CAS once. > > -Scott > > > On Wed, Feb 11, 2009 at 5:26 PM, Sam <[email protected]> wrote: > >> I have configured CAS and a single client app (configure being used rather >> loosely, as I didn't configure much). What I did was setup the client app >> similar to >> http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager(I >> am running tomcat 5.5 as well). CAS is running on a separate server with >> a valid cert (this is dev environment). I created my own password validator >> that seems to be working just fine. >> >> I have the app running under HTTP for now and I have noticed that it sends >> a request to CAS with every request to the server. It gets a new ticket to >> validate and calls the CAS validation service (and succeeds without a >> problem). The first request through it presents a login screen - subsequent >> requests simply validate the new ticket. >> >> My question is this: >> >> Should the app be sending a request to CAS with every request it gets? >> This is what seems to be happening and is very noticeable because it >> switches back and forth between HTTP & HTTPS because I'm running the app >> under HTTP. It seems a bit inefficient to validate the user with every >> request and I'm wondering if I've misconfigured something (I'm using the CAS >> 3 client and associated filters). >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
