Hi, Check your CAS server logs for SSL certificate validation errors. If the CAS server doesn't trust the web app server's SSL cert, it doesn't grant a proxy ticket and it doesn't indicate to the web app server that there was a problem (still sends a serviceTicket)
Scott Holodak Aspire | A Plan for Princeton Princeton University Office of Development -----Original Message----- From: Aksel Bruun [mailto:[email protected]] Sent: Friday, March 05, 2010 3:12 PM To: [email protected] Subject: [cas-user] Proxy authentication from web-service I am trying to get a proxy ticket in order to access a backend system. The backend system retrieves data that I send as part of the soap response. The soap request contains the service ticket in the soap header. I am able to validate the ticket, but i cant get a proxy ticket. It always returns null. The web-service contains the following code for ticket validation and retrieval of a proxy ticket: TicketValidator serviceValidator = new Cas20ServiceTicketValidator(CAS_SERVER_URL); Assertion assertion = serviceValidator.validate(ticket, WEB_SERVICE_URL); String proxyticket = assertion.getPrincipal().getProxyTicketFor(BACKEND_SYSTEM_URL); I have also tried the Cas20ProxyTicketValidator, but results are the same. and my web.xml is as follows: <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</ filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://myserver/cas/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://myserver</param-value> </init-param> <init-param> <param-name>gateway</param-name> <param-value>false</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketV alidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://myserver/cas/</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://myserver</param-value> </init-param> <init-param> <param-name>proxyCallbackUrl</param-name> <param-value>https://backend_server/backend_app/proxyCallback</param-val ue> </init-param> <init-param> <param-name>proxyReceptorUrl</param-name> <param-value>/backend_app/proxyCallback</param-value> </init-param> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter< /filter-class> </filter> <filter> <filter-name>CAS Assertion Thread Local Filter</filter-name> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filt er-class> </filter> <!-- *********************** --> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/protected/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Assertion Thread Local Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/proxyCallback</url-pattern> </filter-mapping> Soap Requests to my web-services does not go through the CAS Filter (otherwise they just get redirected). Is this a problem? Anyone know how to programatically get a PGT and a proxyticket for calling a backend service? Any tips appreciated ;-) Aksel. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
