Do you have your certificates set up correctly so that the application trusts the CAS cert?
On Thu, Feb 12, 2009 at 2:18 PM, schneisc <[email protected]> wrote: > The article that you reference is what I started working from, but I'm > still having difficulties. When I have the validation filter enabled, I get > this exception: > > javax.servlet.ServletException: The > CAS server returned no response. > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155) > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > > *root cause* > > org.jasig.cas.client.validation.TicketValidationException: The CAS server > returned no response. > > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181) > > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132) > > org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111) > > > This is the entry in web.xml that I removed for my previous post: > > <filter> > <filter-name>CAS Validation Filter</filter-name> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>https://theCASserver:8443/cas</param-value> > </init-param> > </filter> > > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> > <url-pattern>/num/*</url-pattern> > </filter-mapping> > > Any ideas on what the config should look like if my app needs this > validation filter setup? > > Thanks, > Sam > > --- On *Thu, 2/12/09, Scott Battaglia <[email protected]>* wrote: > > From: Scott Battaglia <[email protected]> > Subject: Re: [cas-user] Basic CAS question - auths every request? > To: [email protected] > Date: Thursday, February 12, 2009, 10:45 AM > > > Please follow this example which is for the web application and what I > directed you to before: > > http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager > > This works. If you choose to ignore it and remove validation filters, then > its not going to work. > > -Scott > > > On Thu, Feb 12, 2009 at 11:37 AM, schneisc <[email protected]> wrote: > >> I'm guessing I have a small error somewhere, but I don't see it. Here's >> the web.xml edited with "theCASserver" and "theAPP" as the two hosts >> (otherwise all is the same). What I see is this: >> >> 1) First request gets forwarded to CAS for login >> 1a) << successful login happens >> >> 1b) redirect to app: >> >> http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas >> >> 2) every subsequent request redirects to the the CAS server and gets >> bounced back to the the theAPP with a new ticket: >> >> http://theAPP:8080/jsp-examples/num/numguess.jsp?ticket=ST-6-LQm9NC4DQMTbbNOGbTBx-cas >> >> some web.xml snippets: >> >> <context-param> >> <param-name>serverName</param-name> >> <param-value>http://theAPP:8080</param-value> >> </context-param> >> >> <filter> >> <filter-name>CAS Authentication Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value>https://theCASserver:8443/cas/login</param-value> >> >> </init-param> >> </filter> >> >> <filter> >> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >> </filter> >> >> <filter-mapping> >> <filter-name>CAS Authentication Filter</filter-name> >> <url-pattern>/num/*</url-pattern> >> </filter-mapping> >> >> <filter-mapping> >> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >> <url-pattern>/num/*</url-pattern> >> </filter-mapping> >> >> >> I originally had the CAS validation Filter setup in "theAPP" as well, but >> I took it out thinking that should actually be running on "theCASserver" so >> I took it out. >> >> <filter-name>CAS Validation Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> >> It's a bit confusing following the example web.xml since the CAS server >> and the secured app are the same host and it's not entirely clear which >> filters and config params belong to which "app" (I'm running on two >> different hosts). Any help would be greatly appreciated. >> >> -Sam >> >> --- On *Wed, 2/11/09, Scott Battaglia <[email protected]>* wrote: >> >> From: Scott Battaglia <[email protected]> >> Subject: Re: [cas-user] Basic CAS question - auths every request? >> To: [email protected] >> Date: Wednesday, February 11, 2009, 9:10 PM >> >> You've probably misconfigured the client or disabled sessions. That >> example Tomcat 5.5 Tomcat Manager web.xml should work fine and only go to >> CAS once. >> >> -Scott >> >> >> On Wed, Feb 11, 2009 at 5:26 PM, Sam <[email protected]> wrote: >> >>> I have configured CAS and a single client app (configure being used >>> rather loosely, as I didn't configure much). What I did was setup the >>> client app similar to >>> http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager(I >>> am running tomcat 5.5 as well). CAS is running on a separate server with >>> a valid cert (this is dev environment). I created my own password validator >>> that seems to be working just fine. >>> >>> I have the app running under HTTP for now and I have noticed that it >>> sends a request to CAS with every request to the server. It gets a new >>> ticket to validate and calls the CAS validation service (and succeeds >>> without a problem). The first request through it presents a login screen - >>> subsequent requests simply validate the new ticket. >>> >>> My question is this: >>> >>> Should the app be sending a request to CAS with every request it gets? >>> This is what seems to be happening and is very noticeable because it >>> switches back and forth between HTTP & HTTPS because I'm running the app >>> under HTTP. It seems a bit inefficient to validate the user with every >>> request and I'm wondering if I've misconfigured something (I'm using the CAS >>> 3 client and associated filters). >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
