You saying that I don't need a seperate servlet. Then who receives the PGTIOU/PGT pair? Does proxyCallbackUrl have to be a valid URL or not is what I don't understand.
I tried logging in with my setup and I can authenticate fine, but I don't see PGTIOU mentioned anywhere in the logs and I see a wierd exception. I think I haven't configured something right. Could you kindly verify my config values for Cas20ProxyReceivingTicketValidationFilter? Specifically, <filter> <filter-name>CAS Cas20ProxyReceivingTicketValidation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://tedzo-wxp01.bling.com:8443/cas-server-3.3</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://tedzo-wxp01.bling.com:8080</param-value> </init-param> <init-param> <param-name>proxyCallbackUrl</param-name> <param-value>https://tedzo-wxp01.bling.com:8443/Test/PGTReceive</param-value> </init-param> <init-param> <param-name>proxyReceptorUrl</param-name> <param-value>/PGTReceive</param-value> </init-param> <init-param> <param-name>acceptAnyProxy</param-name> <param-value>true</param-value> </init-param> </filter> In the logs I see an exception- 2009-03-10 10:59:57,343 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketV alidator] - <Constructing validation url: https://tedzo-wxp01.bling.com:8443/ cas-server-3.3/proxyValidate?pgtUrl=https%3A%2F%2Ftedzo-wxp01.bling.com%3A844 3%2FTest%2FPGTReceive&ticket=ST-1-CugnMIPTShfY2NtGKPSN-cas&service=http%3A%2F%2F tedzo-wxp01.bling.com%3A8080%2FTest%2FTest.jsp> 2009-03-10 10:59:57,343 DEBUG [org.jasig.cas.client.validation.Cas20ProxyTicketV alidator] - <Retrieving response from server.> <--------------lot of ssl stuff-----------------> 2009-03-10 11:13:56,509 ERROR [org.jasig.cas.web.ServiceValidateController] - <T icketException generating ticket for: [callbackUrl: https://tedzo-wxp01.bling .com:8443/Test/PGTReceive]> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.u nsupported at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting Ticket(CentralAuthenticationServiceImpl.java:291) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Ser viceValidateController.java:126) Caused by: error.authentication.credentials.unsupported at org.jasig.cas.authentication.handler.UnsupportedCredentialsException. <clinit>(UnsupportedCredentialsException.java:21) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(A uthenticationManagerImpl.java:116) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting Ticket(CentralAuthenticationServiceImpl.java:262) What credentials are unsupported? Thanks for your time. ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Monday, March 9, 2009 8:11:28 PM Subject: Re: [cas-user] Proxy validation question You shouldn't be configuring a separate servlet. We don't even include one. All the logic is built into the filter. Proxy Callback Url is the fully qualified URL that is sent to the CAS server. The receptor is the path portion that the filter should listen for PGT/PGTIOU requests. On Mon, Mar 9, 2009 at 11:05 PM, tedzo <[email protected]> wrote: I am trying to setup proxy validation and despite all the messages on this list, I am lost (or maybe I am just too tired). Kindly bear with me- I am trying to access https://tedzo-wxp01.bling.com:8443/Test/Test.jsp to begin with. 1. I modify web.xml to add Cas20ProxyReceivingTicketValidationFilter (among others. This client 3.1.3). 2. I add the init param proxyCallbackUrl ( https://tedzo-wxp01.bling.com:8443/Test/PGTReceive ) PGTReceive is a Servlet that will receive the PGTIOU/PGT pair. 3. Set allowAnyProxy to true, for now. 4. Now, PGTReceive is a servlet with a doGet and doPost methods. CAS will POST/GET the PGTIOU/PGT pair to this servlet? How do I extract it? (session variable? name of variable?) 5. Originally, I was trying to reach https://tedzo-wxp01.bling.com:8443/Test/Test.jsp. I should be able to have access to half (PGTIOU) of the PGTIOU/PGT pair from Test.jsp, so that I could get the PGT from PGTReceive servlet. How do I access the PGTIOU from Test.jsp? Is it in the session or something? 6. Is the PGT from the PGTIOU/PGT pair a one time use only kind of ticket or can I use it multiple times? Meaning, I get to the PGT somehow and then I pass it on the the proxied application. Then can I pass the same PGT to different proxied application? 7. I couldn't understand the difference between proxyReceptorUrl and proxyCallbackUrl. Both seem to be receiving the PGTIOU/PGT pair.... Greatly appreciate your thoughts (or pointers to any documentation). Thanks. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
