It appears that with Web Sphere, it must exist. On tomcat, the URL just needs to be valid. (Yes, I could have mapped to any existing resource. I wrote that servlet for our Web Services and just reused it here. )
From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, August 19, 2009 9:34 PM To: [email protected] Subject: Re: [cas-user] WebSphere and SSL On Wed, Aug 19, 2009 at 3:53 PM, Randy Baiad <[email protected]<mailto:[email protected]>> wrote: If I want to the web application to call another CASified web application, then I need the PGT in order to call proxy. Yes, I'm aware of how it works :-) What I see is: In the code CAS20ProxyReceivingTicketValidationFilter, the function preFilter is being called. If the HTTPRequest contains the URI specified in the parameter "ProxyReceptorUrl", then it will process the request, storing the ticket. proxyGrantingTicketStorage.save(proxyGrantingTicketIou,proxyGrantingTicket); Yes, that's correct. The Validation Filter never passes the request down the chain. So the ProxyCallback servlet never gets sent the request. You should just be able to map it to anything then. It just needs to map to a URL that your application is responding to. The client doesn't have a proxy callback servlet because it doesn't need one. My only point was that the servlet is required to physically exist in Web Sphere but doesn't have to exist in Tomcat. The servlet is required to exist, or you're required to map the URL to something valid? This all works fine, even though the callback servlet never gets called. Thanks, Randy From: Scott Battaglia [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, August 19, 2009 2:36 PM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] WebSphere and SSL Is there a reason you're specifying a proxycallbackUrl if you don't need one? And if you need one, then surely it must exist! ;-) On Wed, Aug 19, 2009 at 2:29 PM, Randy Baiad <[email protected]<mailto:[email protected]>> wrote: I thought the problem I was having while on WebSphere was related to SSO. The problem was I am using the CAS 3.1.3 filter. The proxyCallbackUrl doesn't exist. It appears that the class Cas20ProxyReceivingTicketValidationFilter, looks for a URL pattern to the value of the proxyReceptorUrl field. If found it handles the callback, thus never sending the data to the proxyCallbackUrl is this correct? On the tomcat server, the Application Server allowed CAS to send the callback to the application even though the proxyCallbackUrl didn't exist. When I ran the same configuration on a Web Sphere environment, the Application Server never sent the callback to the application, so the filter never intercepted the callback. What I had to do was to create a servlet so the application server could send the request to my application. It worked after that. Summary: To get a casifyied application to work on WebSphere, make sure that the proxyCallbackUrl exists. -----Original Message----- From: Randy Baiad [mailto:[email protected]<mailto:[email protected]>] Sent: Monday, August 10, 2009 5:11 PM To: [email protected]<mailto:[email protected]> Subject: [cas-user] WebSphere and SSL I am having a problem with configuring CAS 3.3.1 on Websphere 6.1. I believe the problem has to do with the SSL keys. I deploy on tomcat successfully. When deploying on WebSphere, the callback URL is not being hit. It gives me the standard ... ... Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:113) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:262) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) ... ... Which I believe to be an SSL issue, Can someone confirm if my steps below are accurate? 1.) Configure WebSphere to be secure. Accessing my application and CAS can be done via https. 2.) View the certificate in a browser and export the certificate as DER encoded. 3.) import the cert into the java keystore used by WebSphere. (This is a Solaris box). 4.) Bounce WebShpere. -- Am I missing any steps? -- Is there more information I should provide to help isolate this issue? -- Any other debugging tricks that come to mind? Thanks for all your help! -Randy -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
