Richard,I think that what Andrew was suggesting was that the "filter," whatever that is, should hang on to the POST data and "replay" it once CAS redirects back to the protected service. CAS is redirecting with a service ticket because it still has a valid SSO ticket. The session on your proxy server, however it is implemented, has probably expired.
I am not aware of any CAS client with a capability to preserve POST data. So, what is the "filter" protecting your proxy server?
Adam Spruit, Richard wrote:
Thanks, Andrew, for the suggestion. However, the POST-request doesn't get past the first filter, so the proxy never 'sees' the body of the request. We would prefer not to build our own filter(s). Or did I miss something?Regards, Richard ________________________________From: Andrew Tillinghast [mailto:[email protected]] Sent: Mon 1-6-2009 14:30 To: [email protected] Subject: Re:[cas-user] POST gets changed to GET We had a similar problem with one of our home grown CAS apps, what you need to do is store the post values in session variables before you send the user back to CAS for validation. Then when they validate cycle the session variables back into the request scope and process normally.-AndrewOn Jun 1, 2009, at 7:53 AM, Spruit, Richard wrote: Hello all,We have build our own proxy, which is casified. Some Flex applications are using this proxy to get acces to some backend SOAP-services. This became a bit of a large post, but we rather are puzzled by which direction we should proceed. The Flex-applications are sending http POST-requests to the proxy. What we see in the log of the proxy, after some time, is that it recieves GET requests with a ticket attached to the url. Our understanding is that: - the CAS-filters of the proxy recieve the POST-request, but had a session timeout, so any request is redirected to the CAS-server. - Somehow the CAS-server did not have a session-timeout, so the request is redirected to the proxy, but now with a ticket attached. The request is by the CAS-server changed into a http GET-request. - our proxy sends the request to the backend SOAP-service and recieves an error since the request is now a http GET-request. About this all we have a lot of questions, being the first if our understanding is indeed correct. Is this the 'expected behaviour'? Next, we need to figure out what we can do about this.1. Is there a way for the Flex application to know there has been a session-timeout? For example: should they recieve a HTTP 302 error or something? If so, our Flex-application are automatically resending the request, since we did not program anything to resend a request. Anyone out there who can tell my college how to recognise such a response in Flex?2. Is there a way to configure CAS so that is redirects an http POST request as a POST-request instead of a GET-request? 3. Is there anything we are missing? Maybe a suggestion for a different approach? Please keep in mind that our SOAP back-end services themselves are *not* casified, only the proxy. Any help is much appreciated, regards, Richard
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[email protected] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
