RE: [cas-user] How do I get prinicpal from CASifyed client program?

Bryan Wooten Fri, 31 Jul 2009 09:32:59 -0700

Ok I can get my principle.  We read this 
http://www.ja-sig.org/wiki/display/CAS/CASifying+PeopleSoft


And did this:

String ticketValue = (String)request.getParameter("ticket");

        URL url = new 
URL("https://testserver.utah.edu/cas/validate?ticket="+ticketValue+"&service="+"https://othertestserver.utah.edu/casringtest/casclient";);


        BufferedReader in = new BufferedReader(new 
InputStreamReader(url.openStream()));
        if (in==null){
            System.out.println("no url input stream");
        }
        else{
            String line1 = in.readLine();
            String line2 = in.readLine();
            System.out.println("line1; "+line1); //yes or no
            System.out.println("line2: "+line2); //principal
        }

It would be nice if there could be an option parameter similar to 
"artifactParameterName" call "PrincipalParamaterName" and just pass the 
principal back to me on the request.
But maybe that is a security hole/risk.

We moved our CAS server behind a proxy with a valid cert,  but when I re-enable 
the CAS Validation Filter I still get SSL errors.  So I assume CAS wants 
trusted certs everywhere.  Since this is just a test prototype environment 
we'll just leave things be.

But that is ok, since I can get the principal for my CASifyed app whether I 
have logged in through Opensso or through the CAS server.

From: Andrew Feller [mailto:[email protected]]
Sent: Friday, July 31, 2009 7:28 AM
To: [email protected]
Subject: Re: [cas-user] How do I get prinicpal from CASifyed client program?

Bryan,

I would recommend searching the CAS mail list archives for fixing SSL issues ( 
http://www.nabble.com/CAS-f15448.html ).  Your self-signed certificate is not 
trusted as it is not part of your keystore.  You should take this moment to get 
a proper SSL certificate and import it rather than going further.

HTH,
A-


On 7/31/09 8:11 AM, "Bryan Wooten" <[email protected]> wrote:
Ok, when I add the CAS Validation Filter I run into a couple of problems:

1.      Following the example in the link below I get a deployment error, 
apparently the CAS Validation Filter requires "service" or "servername" 
init-param.  I added both and the deployment error went away.

2.      With the CAS Validation Filter included in my CASifyed application's 
web.xml I get a run time exception:  (My CAS server is on a test machine that 
does not have a trusted cert, is this the problem? Also we are running on 
Glassfish, is there other configuration I need to worry about)


javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1584)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
        at 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at 
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1089)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1116)
        at 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1100)
        at 
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at 
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934)
        at 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at 
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:35)
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
        at 
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
        at 
org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:390)
        at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
        at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)


From: Scott Battaglia [mailto:[email protected]]
Sent: Thursday, July 30, 2009 4:33 PM
To: [email protected]
Subject: Re: [cas-user] How do I get prinicpal from CASifyed client program?

Here's an example configuration:
http://www.ja-sig.org/wiki/display/CASC/web.xml+for+Tomcat+5.5+Tomcat+Manager

On Thu, Jul 30, 2009 at 5:38 PM, Bryan Wooten <[email protected]> wrote:

I can't seem to retrieve the principal from my cas client servlet.



I tried adding the wrapper filter:



<filter>

<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>

<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>



But request.getRemoteUser just returns null.



I also tried:

final Assertion assertion = AssertionHolder.getAssertion();



       if (assertion == null) {

          System.out.println("assertion null!");



       } else {

           final Principal p = assertion.getPrincipal();

           System.out.println("principal: " + p.getName());

       }



But again all I get is null.





I also tried adding the Assertion Filter...  Any ideas?



Thanks,



Bryan


--
Andrew Feller, Business System Programmer
LSU University Information Services
200 Frey Computing Services Center
Baton Rouge, LA 70803
Office: 225.578.3737
Fax: 225.578.6400

--

You are currently subscribed to [email protected] as: 
[email protected]

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] How do I get prinicpal from CASifyed client program?

Reply via email to