Hello CAS friends,
I'm having trouble getting CAS proxy to work.
My client web application is using Cas Java Client 3.1.6
and my Cas server is the Java one, v3.3.2.
My Java web application is running in JBoss and it has been configured via
web.xml, here is the relevant excerpt from web.xml:
<filter>
<filter-name>CASSingleSignOutFilter</filter-name>
<filter-class>
org.jasig.cas.client.session.SingleSignOutFilter
</filter-class>
<init-param>
<param-name>artifactParameterName</param-name>
<param-value>ticket</param-value>
</init-param>
</filter>
<filter>
<filter-name>CASAuthenticationFilter</filter-name>
<filter-class>
org.jasig.cas.client.authentication.AuthenticationFilter
</filter-class>
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>
https://CASSERVER:8443/cas/login
</param-value>
</init-param>
<init-param>
<param-name>service</param-name>
<param-value>
http://CLIENT1:8180/CRISCAS/pages/index.jsf
</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://CLIENT1:8180</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>artifactParameterName</param-name>
<param-value>ticket</param-value>
</init-param>
<init-param>
<param-name>serviceParameterName</param-name>
<param-value>service</param-value>
</init-param>
<init-param>
<param-name>encodeServiceUrl</param-name>
<param-value>true</param-value>
</init-param>
<!--
<init-param>
<param-name>gatewayStorageClass</param-name>
<param-value></param-value>
</init-param>
-->
</filter>
<filter>
<filter-name>CASValidationFilter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://CASSERVER:8443/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://CLIENT1:8180</param-value>
</init-param>
<init-param>
<param-name>proxyCallbackUrl</param-name>
<param-value>
https://CLIENT1:8543/CRISCAS/pages/proxyCallback.jsp</param-value>
</init-param>
<init-param>
<param-name>proxyReceptorUrl</param-name>
<param-value>/pages/proxyReceptor.jsp</param-value>
</init-param>
<init-param>
<param-name>allowAnyProxy</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>CASHttpServletRequestWrapperFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter>
<filter-name>CASAssertionThreadLocalFilter</filter-name>
<filter-class>
org.jasig.cas.client.util.AssertionThreadLocalFilter
</filter-class>
</filter>
After I authenticate, I am seeing in the CASSERVER's log that the proxy call
back is being executed:
CASSERVER's log:
2009-06-18 04:55:31,946 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler
successfully authenticated the user which provided the following
credentials: [callbackUrl:
https://CLIENT1:8543/CRISCAS/pages/proxyCallback.jsp]>
and the corresponding entry in CLIENT1's access log:
127.0.0.1 - - [18/Jun/2009:17:25:05 +0530] "GET /CRISCAS/pages/index.jsf
HTTP/1.1" 302 -
67.202.32.98 - - [18/Jun/2009:17:25:31 +0530] "GET
/CRISCAS/pages/proxyCallback.jsp HTTP/1.1" 302 -
67.202.32.98 - - [18/Jun/2009:17:25:32 +0530] "GET
/CRISCAS/pages/proxyCallback.jsp?pgtIou=PGTIOU-8-CftTUgVsNO3onsCrkvZG-cas&pgtId=TGT-16-lZVd5IDlP65Fi1G3D5kwIQaGRUC3CNYBOIoV9WRpckrcCfGmXH-cas
HTTP/1.1" 302 -
127.0.0.1 - - [18/Jun/2009:17:25:39 +0530] "GET
/CRISCAS/pages/index.jsf?ticket=ST-8-uU0qu6ibehTELg2emucv-cas HTTP/1.1" 302
-
127.0.0.1 - - [18/Jun/2009:17:25:44 +0530] "GET /CRISCAS/pages/index.jsf
HTTP/1.1" 200 18963
Unfortunately, in CLIENT1's server log, I got this entry:
17:25:39,541 INFO [STDOUT] 18-Jun-2009 5:25:39 PM
org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl retrieve
INFO: No Proxy Ticket found for PGTIOU-8-CftTUgVsNO3onsCrkvZG-cas
And, in my Java code, when I try to grab a proxy ticket using this call:
Assertion assertion = (Assertion)
FacesUtils.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
String proxyTicket = assertion.getPrincipal().getProxyTicketFor("
http://CLIENT2/";);
the 'proxyTicket' variable is set to null.
So, my questions are:
1) Is there something wrong in my setup?
2) Do I need to write some code that fires when the
/CRISCAS/pages/proxyCallback.jsp is fired to process the PGTIOU ticket into
a Proxy Ticket or a Proxy Granting Ticket?
My goal is to grab a proxyTicket and then make another web application
running on the CLIENT2 server, which is also a CASified application.
Any help, comments or suggestions would be greatly appreciated.
Thanks
Venka
--
Venka Ashtakala, B.Eng, G.C. Eng
Venka Ashtakala & Associates
Software Development Consultants
Office: +1-703-596-0287
Fax: +1-815-550-1356
Mobile: +91 9886304317
[email protected]
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
