Increase the DEBUG log for CAS and you'll find out why the proxy callback is failing. Log4j settings are in WEB-INF/classes/log4j.properties
-Scott On Tue, Mar 10, 2009 at 2:21 PM, tedzo <[email protected]> wrote: > You saying that I don't need a seperate servlet. Then who receives the > PGTIOU/PGT pair? Does proxyCallbackUrl have to be a valid URL or not is what > I don't understand. > > I tried logging in with my setup and I can authenticate fine, but I don't > see PGTIOU mentioned anywhere in the logs and I see a wierd exception. I > think I haven't configured something right. Could you kindly verify my > config values for Cas20ProxyReceivingTicketValidationFilter? Specifically, > <filter> > <filter-name>CAS Cas20ProxyReceivingTicketValidation Filter</filter-name> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>https://tedzo-wxp01.bling.com:8443/cas-server-3.3 > </param-value> > </init-param> > <init-param> > <param-name>serverName</param-name> > <param-value>http://tedzo-wxp01.bling.com:8080</param-value> > </init-param> > <init-param> > <param-name>proxyCallbackUrl</param-name> > <param-value>https://tedzo-wxp01.bling.com:8443/Test/PGTReceive > </param-value> > </init-param> > <init-param> > <param-name>proxyReceptorUrl</param-name> > <param-value>/PGTReceive</param-value> > </init-param> > <init-param> > <param-name>acceptAnyProxy</param-name> > <param-value>true</param-value> > </init-param> > </filter> > > In the logs I see an exception- > > 2009-03-10 10:59:57,343 DEBUG > [org.jasig.cas.client.validation.Cas20ProxyTicketV > alidator] - <Constructing validation url: > https://tedzo-wxp01.bling.com:8443/ > cas-server-3.3/proxyValidate?pgtUrl=https%3A%2F%2Ftedzo-wxp01.bling.com > %3A844 > > 3%2FTest%2FPGTReceive&ticket=ST-1-CugnMIPTShfY2NtGKPSN-cas&service=http%3A%2F%2F > tedzo-wxp01.bling.com%3A8080%2FTest%2FTest.jsp> > 2009-03-10 10:59:57,343 DEBUG > [org.jasig.cas.client.validation.Cas20ProxyTicketV > alidator] - <Retrieving response from server.> > <--------------lot of ssl stuff-----------------> > 2009-03-10 11:13:56,509 ERROR [org.jasig.cas.web.ServiceValidateController] > - <T > icketException generating ticket for: [callbackUrl: > https://tedzo-wxp01.bling > .com:8443/Test/PGTReceive]> > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.u > nsupported > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting > Ticket(CentralAuthenticationServiceImpl.java:291) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Ser > viceValidateController.java:126) > Caused by: error.authentication.credentials.unsupported > at > org.jasig.cas.authentication.handler.UnsupportedCredentialsException. > <clinit>(UnsupportedCredentialsException.java:21) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(A > uthenticationManagerImpl.java:116) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting > Ticket(CentralAuthenticationServiceImpl.java:262) > What credentials are unsupported? > > Thanks for your time. > ------------------------------ > *From:* Scott Battaglia <[email protected]> > *To:* [email protected] > *Sent:* Monday, March 9, 2009 8:11:28 PM > *Subject:* Re: [cas-user] Proxy validation question > > You shouldn't be configuring a separate servlet. We don't even include > one. All the logic is built into the filter. Proxy Callback Url is the > fully qualified URL that is sent to the CAS server. The receptor is the > path portion that the filter should listen for PGT/PGTIOU requests. > > > > On Mon, Mar 9, 2009 at 11:05 PM, tedzo <[email protected]> wrote: > >> I am trying to setup proxy validation and despite all the messages on >> this list, I am lost (or maybe I am just too tired). Kindly bear with me- >> >> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive>I am trying to >> access <https://tedzo-wxp01.bling.com:8443/Test/Test.jsp> >> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp >> to begin with. >> 1. I modify web.xml to add Cas20ProxyReceivingTicketValidationFilter >> (among others. This client 3.1.3). >> >> 2. I add the init param proxyCallbackUrl ( >> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >> https://tedzo-wxp01.bling.com:8443/Test/PGTReceive ) >> PGTReceive is a Servlet that will receive the PGTIOU/PGT pair. >> >> 3. Set allowAnyProxy to true, for now. >> >> 4. Now, PGTReceive is a servlet with a doGet and doPost methods. CAS will >> POST/GET the PGTIOU/PGT pair to this servlet? How do I extract it? (session >> variable? name of variable?) >> >> 5. Originally, I was trying to reach >> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp. >> I should be able to have access to half (PGTIOU) of the PGTIOU/PGT pair from >> Test.jsp, so that I could get the PGT from PGTReceive servlet. How do I >> access the PGTIOU from Test.jsp? Is it in the session or something? >> >> 6. Is the PGT from the PGTIOU/PGT pair a one time use only kind of ticket >> or can I use it multiple times? Meaning, I get to the PGT somehow and then I >> pass it on the the proxied application. Then can I pass the same PGT to >> different proxied application? >> >> 7. I couldn't understand the difference between proxyReceptorUrl and >> proxyCallbackUrl. Both seem to be receiving the PGTIOU/PGT pair.... >> >> Greatly appreciate your thoughts (or pointers to any documentation). >> >> Thanks. >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
