Hi Scott, I turned on the debugging for the client and I saw this in the client application logs ( I've bolded some of the more important entries ):
2009-06-20 21:27:33,723 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] Storing session identifier for A08B65DE85D2990FBF4506F012FFACB5 2009-06-20 21:27:33,734 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] no ticket and no assertion found 2009-06-20 21:27:33,735 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] Constructed service url: http://CLIENT1:8180/CRISCAS/pages/index.jsf *2009-06-20 21:27:33,735 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] redirecting to " https://CASSERVER:8443/cas/login?service=http%3A%2F%2FCLIENT1%3A8180%2FCRISCAS%2Fpages%2Findex.jsf "* 2009-06-20 21:27:42,335 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] Storing session identifier for A08B65DE85D2990FBF4506F012FFACB5 2009-06-20 21:27:42,335 DEBUG [org.jasig.cas.client.session.HashMapBackedSessionMappingStorage] Attempting to remove Session=[A08B65DE85D2990FBF4506F012FFACB5] 2009-06-20 21:27:42,335 DEBUG [org.jasig.cas.client.session.HashMapBackedSessionMappingStorage] No mapping for session found. Ignoring. *2009-06-20 21:28:19,978 DEBUG [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] Attempting to validate ticket: ST-3-uxQJfuY3wXU6v12lfXA4-cas 2009-06-20 21:28:19,978 INFO [STDOUT] Attempting to validate ticket: ST-3-uxQJfuY3wXU6v12lfXA4-cas 2009-06-20 21:28:19,979 DEBUG [org.jasig.cas.client.util.CommonUtils] serviceUrl generated: http://CLIENT1:8180/CRISCAS/pages/index.jsf* 2009-06-20 21:28:19,979 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Placing URL parameters in map. 2009-06-20 21:28:19,979 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Calling template URL attribute map. 2009-06-20 21:28:19,979 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Loading custom parameters from configuration. *2009-06-20 21:28:19,980 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Constructing validation url: https://CASSERVER:8443/cas/serviceValidate?service=http%3A%2F%2FCLIENT1%3A8180%2FCRISCAS%2Fpages%2Findex.jsf&ticket=ST-3-uxQJfuY3wXU6v12lfXA4-cas&pgtUrl=https%3A%2F%2FCLIENT1%3A8543%2FCRISCAS%2Fpages%2FproxyCallback.jsp&allowAnyProxy=true * 2009-06-20 21:28:19,980 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Retrieving response from server. 2009-06-20 21:28:22,569 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] Storing session identifier for 0BECE15D644419414E6A85645C3397D3 2009-06-20 21:28:22,570 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] no ticket and no assertion found 2009-06-20 21:28:22,570 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] Constructed service url: http://CLIENT1:8180/CRISCAS/pages/index.jsf *2009-06-20 21:28:22,570 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] redirecting to " https://CASSERVER:8443/cas/login?service=http%3A%2F%2FCLIENT1%3A8180%2FCRISCAS%2Fpages%2Findex.jsf "* 2009-06-20 21:28:23,685 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] Storing session identifier for E3F31081C46925A37E7DE88D92BE1197 2009-06-20 21:28:23,686 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] no ticket and no assertion found *2009-06-20 21:28:23,686 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] Constructed service url: http://CLIENT1:8180/CRISCAS/pages/index.jsf 2009-06-20 21:28:23,686 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] redirecting to " https://CASSERVER:8443/cas/login?service=http%3A%2F%2FCLIENT1%3A8180%2FCRISCAS%2Fpages%2Findex.jsf " 2009-06-20 21:28:24,049 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>test</cas:user> <cas:proxyGrantingTicket>PGTIOU-3-VkSlAzDPqA2LUWOOiuEe-cas</cas:proxyGrantingTicket> </cas:authenticationSuccess> </cas:serviceResponse> * *2009-06-20 21:28:27,722 INFO [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] No Proxy Ticket found for PGTIOU-3-VkSlAzDPqA2LUWOOiuEe-cas 2009-06-20 21:28:27,729 DEBUG [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] Successfully authenticated user: test 2009-06-20 21:28:27,730 INFO [STDOUT] Successfully authenticated user: test 2009-06-20 21:28:27,732 DEBUG [org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter] Redirecting after successful ticket validation. 2009-06-20 21:28:27,732 DEBUG [org.jasig.cas.client.util.CommonUtils] serviceUrl generated: http://CLIENT1:8180/CRISCAS/pages/index.jsf 2009-06-20 21:28:27,733 INFO [STDOUT] Redirecting after successful ticket validation: http://CLIENT1:8180/CRISCAS/pages/index.jsf 2009-06-20 21:28:27,733 DEBUG [org.jasig.cas.client.util.CommonUtils] serviceUrl generated: http://CLIENT1:8180/CRISCAS/pages/index.jsf* 2009-06-20 21:28:27,752 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] Storing session identifier for A08B65DE85D2990FBF4506F012FFACB5 *2009-06-20 21:28:38,274 INFO [STDOUT] org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter: About to continue to http://CLIENT1:8180/CRISCAS/pages/index.jsf * So, even though the ProxyCallBack url was being fired after the user was authenticated, the proxy (granting?) ticket wasn't being stored properly in the client. However, if I went into the access logs for my client, and pulled out the pgtIou and pgtId query parameters from the callback, and used them to call the 'proxyReceptorUrl' like this ( in my browser) : http://CLIENT1:8180/CRISCAS/pages/proxyReceptorUrl?pgtIou=PGTIOU-2-C0vnWWKBlycaZ5vsgM7z-cas&pgtId=TGT-4-KwlFGsURrzghfQ9htGxfs1ojrSAgQMccFQ5aswKWGEVC0tHhdq-cas then everything works correctly. See these log entries: 2009-06-20 21:50:51,484 DEBUG [org.jasig.cas.client.util.CommonUtils] Received proxyGrantingTicketId [TGT-6-RH3FHreecq0QxCQi3ffRAC9aiCnPhcD9odffkLPIeWLfAvaDnD-cas] for proxyGrantingTicketIou [PGTIOU-3-VkSlAzDPqA2LUWOOiuEe-cas] 2009-06-20 21:50:56,100 DEBUG [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo: [PGTIOU-3-VkSlAzDPqA2LUWOOiuEe-cas, TGT-6-RH3FHreecq0QxCQi3ffRAC9aiCnPhcD9odffkLPIeWLfAvaDnD-cas] 2009-06-20 21:50:56,101 INFO [STDOUT] org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter: preFilter() false Is this the normal way of doing things? The other thing I noticed was that it seemed like the proxyCallBack url was being executed before the serviceTicket was being sent back from the server; is there a configuration setting on the CAS server that can tell it to do the proxy call back after the service ticket has been sent back to the CAS client? Thanks, Venka 2009/6/18 Scott Battaglia <[email protected]> > Did you increase the level of debugging on the client to see if the items > are being stored? > > Cheers, > Scott > > > On Thu, Jun 18, 2009 at 8:06 AM, Venka Ashtakala < > [email protected]> wrote: > >> Hello CAS friends, >> >> I'm having trouble getting CAS proxy to work. >> >> My client web application is using Cas Java Client 3.1.6 >> and my Cas server is the Java one, v3.3.2. >> >> My Java web application is running in JBoss and it has been configured via >> web.xml, here is the relevant excerpt from web.xml: >> >> <filter> >> <filter-name>CASSingleSignOutFilter</filter-name> >> <filter-class> >> org.jasig.cas.client.session.SingleSignOutFilter >> </filter-class> >> <init-param> >> <param-name>artifactParameterName</param-name> >> <param-value>ticket</param-value> >> </init-param> >> </filter> >> <filter> >> <filter-name>CASAuthenticationFilter</filter-name> >> <filter-class> >> org.jasig.cas.client.authentication.AuthenticationFilter >> </filter-class> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value> >> https://CASSERVER:8443/cas/login >> </param-value> >> </init-param> >> <init-param> >> <param-name>service</param-name> >> <param-value> >> http://CLIENT1:8180/CRISCAS/pages/index.jsf >> </param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://CLIENT1:8180</param-value> >> </init-param> >> <init-param> >> <param-name>renew</param-name> >> <param-value>false</param-value> >> </init-param> >> <init-param> >> <param-name>gateway</param-name> >> <param-value>false</param-value> >> </init-param> >> <init-param> >> <param-name>artifactParameterName</param-name> >> <param-value>ticket</param-value> >> </init-param> >> <init-param> >> <param-name>serviceParameterName</param-name> >> <param-value>service</param-value> >> </init-param> >> <init-param> >> <param-name>encodeServiceUrl</param-name> >> <param-value>true</param-value> >> </init-param> >> <!-- >> <init-param> >> <param-name>gatewayStorageClass</param-name> >> <param-value></param-value> >> </init-param> >> --> >> </filter> >> <filter> >> <filter-name>CASValidationFilter</filter-name> >> <filter-class> >> >> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter >> </filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://CASSERVER:8443/cas</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://CLIENT1:8180</param-value> >> </init-param> >> >> <init-param> >> <param-name>proxyCallbackUrl</param-name> >> <param-value> >> https://CLIENT1:8543/CRISCAS/pages/proxyCallback.jsp</param-value> >> </init-param> >> <init-param> >> <param-name>proxyReceptorUrl</param-name> >> <param-value>/pages/proxyReceptor.jsp</param-value> >> </init-param> >> <init-param> >> <param-name>allowAnyProxy</param-name> >> <param-value>true</param-value> >> </init-param> >> >> </filter> >> <filter> >> <filter-name>CASHttpServletRequestWrapperFilter</filter-name> >> <filter-class> >> org.jasig.cas.client.util.HttpServletRequestWrapperFilter >> </filter-class> >> </filter> >> <filter> >> <filter-name>CASAssertionThreadLocalFilter</filter-name> >> <filter-class> >> org.jasig.cas.client.util.AssertionThreadLocalFilter >> </filter-class> >> </filter> >> >> >> After I authenticate, I am seeing in the CASSERVER's log that the proxy >> call back is being executed: >> >> CASSERVER's log: >> 2009-06-18 04:55:31,946 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> <AuthenticationHandler: >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler >> successfully authenticated the user which provided the following >> credentials: [callbackUrl: >> https://CLIENT1:8543/CRISCAS/pages/proxyCallback.jsp]> >> >> and the corresponding entry in CLIENT1's access log: >> 127.0.0.1 - - [18/Jun/2009:17:25:05 +0530] "GET /CRISCAS/pages/index.jsf >> HTTP/1.1" 302 - >> 67.202.32.98 - - [18/Jun/2009:17:25:31 +0530] "GET >> /CRISCAS/pages/proxyCallback.jsp HTTP/1.1" 302 - >> 67.202.32.98 - - [18/Jun/2009:17:25:32 +0530] "GET >> /CRISCAS/pages/proxyCallback.jsp?pgtIou=PGTIOU-8-CftTUgVsNO3onsCrkvZG-cas&pgtId=TGT-16-lZVd5IDlP65Fi1G3D5kwIQaGRUC3CNYBOIoV9WRpckrcCfGmXH-cas >> HTTP/1.1" 302 - >> 127.0.0.1 - - [18/Jun/2009:17:25:39 +0530] "GET >> /CRISCAS/pages/index.jsf?ticket=ST-8-uU0qu6ibehTELg2emucv-cas HTTP/1.1" 302 >> - >> 127.0.0.1 - - [18/Jun/2009:17:25:44 +0530] "GET /CRISCAS/pages/index.jsf >> HTTP/1.1" 200 18963 >> >> Unfortunately, in CLIENT1's server log, I got this entry: >> 17:25:39,541 INFO [STDOUT] 18-Jun-2009 5:25:39 PM >> org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl retrieve >> INFO: No Proxy Ticket found for PGTIOU-8-CftTUgVsNO3onsCrkvZG-cas >> >> And, in my Java code, when I try to grab a proxy ticket using this call: >> Assertion assertion = (Assertion) >> FacesUtils.getSession().getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); >> String proxyTicket = assertion.getPrincipal().getProxyTicketFor(" >> http://CLIENT2/";); >> >> the 'proxyTicket' variable is set to null. >> >> So, my questions are: >> 1) Is there something wrong in my setup? >> 2) Do I need to write some code that fires when the >> /CRISCAS/pages/proxyCallback.jsp is fired to process the PGTIOU ticket into >> a Proxy Ticket or a Proxy Granting Ticket? >> >> >> My goal is to grab a proxyTicket and then make another web application >> running on the CLIENT2 server, which is also a CASified application. >> >> Any help, comments or suggestions would be greatly appreciated. >> Thanks >> Venka >> >> -- >> Venka Ashtakala, B.Eng, G.C. Eng >> Venka Ashtakala & Associates >> Software Development Consultants >> Office: +1-703-596-0287 >> Fax: +1-815-550-1356 >> Mobile: +91 9886304317 >> [email protected] >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Venka Ashtakala, B.Eng, G.C. Eng Venka Ashtakala & Associates Software Development Consultants Office: +1-703-596-0287 Fax: +1-815-550-1356 Mobile: +91 9886304317 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
