Your web.xml is missing a validation filter definition, e.g. org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter, so you're never validating service tickets before entering into your application. ST validation is how the client app gets the principal from the server, which would explain why you have a null principal from request.getRemoteUser().
You're doing a manual ST validation by opening a stream and reading the response, but there are filters that do it for you. See http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml for detail on the various filters you need. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
