[cas-user] Extra slashes in service URL

Tue, 09 Feb 2010 03:56:08 -0800 

Hello all.
We are running a Shibboleth Identity Provider and we would use CAS to
authenticate the users.

We use 3.3.10 libraries and we configured the system as recommended.
Unfortunately, when the CAS server gets called, an extra "slash" appears
in the URL and we can't get around it; here's what Tomcat logs, with the
path with the double slash (that's the original service, the supplied
one appears with three!)

SEVERE: Servlet.service() for servlet RemoteUserAuthHandler threw
exception
org.jasig.cas.client.validation.TicketValidationException: 
                ticket 'ST-1621-zlyEdYdMAk5vYb6EbFOn' does not match
supplied service.  The original service was
'https://idp.unimib.it/idp//Authn/RemoteUser' and the supplied service
was 'https://idp.unimib.it/idp///Authn/RemoteUser'.


It looks pretty obvious to us that there's an issue with those slashes
but we can't manage where's the configuration error. Here's the relevant
extract from the Web.xml file we packaged in the idp.war:

<context-param>
   <param-name>serverName</param-name>
   <param-value>idp.unimib.it</param-value>
</context-param>

<!-- CAS Authentication Filter -->
<filter>
    <filter-name>CAS Authentication Filter</filter-name>

<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
    <init-param>
       <param-name>casServerLoginUrl</param-name>

<param-value>https://xxx.unimib.it/cas_all_unimib/login</param-value>
    </init-param>
</filter>

<!-- CAS Validation Filter -->
<filter>
    <filter-name>CAS Validation Filter</filter-name>

<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
    <init-param>
    <param-name>casServerUrlPrefix</param-name>
        <param-value>https://xxx.unimib.it/cas_all_unimib</param-value>
    </init-param>
</filter>


Here's how we specify in the handler.xml file to use the RemoteUser
authentication:

<LoginHandler xsi:type="RemoteUser">
  <AuthenticationMethod>
    urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
  </AuthenticationMethod>
  <AuthenticationMethod>
    urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
  </AuthenticationMethod>
</LoginHandler>


Thank you so much for any help.

-- 
Fabio Spelta <[email protected]>
Universita` degli Studi di Milano-Bicocca


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to