I will assume your JBoss portal is a _client_ of the CAS server, and you have set the portal to do client authentication.
Let's review what the proxy ticket validator does: - Validates a service ticket - Performs an HTTP GET to the proxy callback URL expecting one of the following HTTP response codes: 200, 202, 301, 302, 304 It's almost certainly the second step that's failing because CAS is _not_ sending a client certificate to your portal, and there is no way to configure that to work without custom code. You need to determine whether you really need proxy capability. Being a portal, you may really have a valid use case. If so, you'll need to set up a proxy receptor that is not under the scope of client authentication. Additionally, you'll need to ensure that any certificates presented by your portal are in the trust chain of the CAS server. That latter requirement is a snag for many folks and comes up on the list regularly. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
