On Wed, Aug 19, 2009 at 3:53 PM, Randy Baiad <[email protected]> wrote:
> If I want to the web application to call another CASified web > application, then I need the PGT in order to call proxy. > Yes, I'm aware of how it works :-) > > > What I see is: > > In the code CAS20ProxyReceivingTicketValidationFilter, the function > preFilter is being called. > > If the HTTPRequest contains the URI specified in the parameter > “ProxyReceptorUrl”, then it will process the request, storing the ticket. > > > proxyGrantingTicketStorage.save(proxyGrantingTicketIou,proxyGrantingTicket); > Yes, that's correct. > > > The Validation Filter never passes the request down the chain. So the > ProxyCallback servlet never gets sent the request. > You should just be able to map it to anything then. It just needs to map to a URL that your application is responding to. The client doesn't have a proxy callback servlet because it doesn't need one. > > > My only point was that the servlet is required to physically exist in Web > Sphere but doesn’t have to exist in Tomcat. > The servlet is required to exist, or you're required to map the URL to something valid? > This all works fine, even though the callback servlet never gets called. > > > > Thanks, > > > > Randy > > > > *From:* Scott Battaglia [mailto:[email protected]] > *Sent:* Wednesday, August 19, 2009 2:36 PM > *To:* [email protected] > *Subject:* Re: [cas-user] WebSphere and SSL > > > > Is there a reason you're specifying a proxycallbackUrl if you don't need > one? And if you need one, then surely it must exist! ;-) > > On Wed, Aug 19, 2009 at 2:29 PM, Randy Baiad <[email protected]> wrote: > > I thought the problem I was having while on WebSphere was related to SSO. > The problem was I am using the CAS 3.1.3 filter. The proxyCallbackUrl > doesn't exist. > It appears that the class Cas20ProxyReceivingTicketValidationFilter, looks > for a URL pattern to the value of the proxyReceptorUrl field. > If found it handles the callback, thus never sending the data to the > proxyCallbackUrl is this correct? > > On the tomcat server, the Application Server allowed CAS to send the > callback to the application even though the proxyCallbackUrl didn't exist. > When I ran the same configuration on a Web Sphere environment, the > Application Server never sent the callback to the application, so the filter > never intercepted the callback. > > What I had to do was to create a servlet so the application server could > send the request to my application. It worked after that. > > Summary: To get a casifyied application to work on WebSphere, make sure > that the proxyCallbackUrl exists. > > > -----Original Message----- > From: Randy Baiad [mailto:[email protected]] > Sent: Monday, August 10, 2009 5:11 PM > To: [email protected] > Subject: [cas-user] WebSphere and SSL > > I am having a problem with configuring CAS 3.3.1 on Websphere 6.1. > I believe the problem has to do with the SSL keys. I deploy on tomcat > successfully. > > When deploying on WebSphere, the callback URL is not being hit. It gives me > the standard > ... > ... > Caused by: error.authentication.credentials.bad > at > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:113) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:262) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) > ... > ... > > Which I believe to be an SSL issue, > Can someone confirm if my steps below are accurate? > 1.) Configure WebSphere to be secure. Accessing my application and CAS can > be done via https. > 2.) View the certificate in a browser and export the certificate as DER > encoded. > 3.) import the cert into the java keystore used by WebSphere. (This is a > Solaris box). > 4.) Bounce WebShpere. > > > -- Am I missing any steps? > -- Is there more information I should provide to help isolate this issue? > -- Any other debugging tricks that come to mind? > > > Thanks for all your help! > -Randy > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
