Hi,
In my mind you aren't understood how it should works. First you need to
go to the cas/login url to connect (if not already done), cas will
transmit a ticket to the service which requested a connection, after
only you application will make a request to cas/samlValidate with the
ticket given by CAS, and only after validation of the ticket from cas
you will get informations...
So on your side you should have configured filters in your web.xml.
You can find an exemple here :
http://www.middleware.vt.edu/doku.php?do=export_html&id=middleware:cas:client
Else when i see that :
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_REQUEST'>
'service' and 'ticket' parameters are both
required
</cas:authenticationFailure>
</cas:serviceResponse>
It didn't tell that your cas work...
So if you want to check if your login works you should try that (under
firefox) :
- first go on you CAS login :
https://your.domain.org/cas/login?service=http://localhost/foo
- cas should redirect you on your fake url with a ticket in the url,
something like that :
http://localhost/foo?ticket=ST-158-cuhLZGC43dWFf4VsbJ1r
- so now go again on cas with your url returned modified like that :
https://your.domain.org/cas/serviceValidate?service=http://localhost/foo&ticket=ST-158-cuhLZGC43dWFf4VsbJ1r
don't forget to modify the '?' by a '&' and Cas should give you a ticket
with your user id, and a message success...
- If it's succeed you can try to validate the ticket with the
samlService with an url like that :
https://your.domain.org/cas/samlValidate?TARGET=http://localhost/foo&ticket=ST-158-cuhLZGC43dWFf4VsbJ1r
and you will obtain your saml.
Juste one thing, the ticket ST is valide only for one validation, and
the saml returned by CAS doesn't contains attributes with this checking
process described.
Julien G.
Unai Rodriguez a écrit :
Dear All,
I have the following CAS setup:
- Debian Linux 5.0
- Tomcat 5.5.23
- Java 1.5.0_08
- CAS 3.3.1
I need to integrate an application with CAS using SAML 1.1 protocol.
Using the CAS protocol, things work fine through the URL:
/cas/serviceValidate
Now the issue is that when I try to connect using a browser to what I think
(not sure yet) is the SAML validation URL:
/cas/samlValidate
then CAS displays the following exception:
http://pastebin.ca/1352524
I have been researching online for a while but I am still a bit lost.
I am not yet sure to which URL the application should be connecting. From
this response it seems that it should be /login --
http://tp.its.yale.edu/pipermail/cas/2007-October/006307.html -- while from
another entry it seems that the URL should be /samlValidate (sorry, do not
have the link it is a recent post from this week, not sure how to link
responses from the new archive). Which one should it be?
Also, I am not sure if the error that I am getting while taking my browser
to /cas/samlValidate means that my CAS is not properly installed. I
understood on the CAS mailing list
(http://www.mail-archive.com/[email protected]/msg03391.html) that CAS
shows the error because the browser is not sending CAS proper SAML 1.1. In
the other hand, if I connect to the CAS protocol service validation URL
'/cas/serviceValidate' I get this output (i.e. CAS does not throw an
exception):
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_REQUEST'>
'service' and 'ticket' parameters are both
required
</cas:authenticationFailure>
</cas:serviceResponse>
I have been trying to test that SAML is properly setup, I found this couple
of links but I am not able to open them:
http://www.ja-sig.org/wiki/display/CASC/JASIG+Client+SAML+Saml11TicketValidationFilter+Example
xxxx (Oops.. I cannot connect to the WIKI at all right now
(http://www.ja-sig.org/wiki/display/CASUM/Home)... It might be down, I will
try later.)
Would anyone post a link/document with some information on how to set and
test SAML?
Thank you all so much,
unai
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
