Thanks & Regards,
Gokula
Sent using BlackBerry, please ignore typo.
________________________________
From: Gokula Krishnan P
To: [email protected]
Sent: Fri Apr 16 18:37:03 2010
Subject: request.getRemoteUser() returns null in CASSHIB
Hi Team,
Trying to convert J2EE Web Application (myapp) as federated service using
Shibboleth SP, CASSHIB and Shibboleth IDP.
Problem
Facing issue integrating CASHIB with Shibboleth SP. CASSHIB unable to find the
Remote User but all configured attributes are received in CASSHIB as well as in
myapp (sample application).
request.getRemoteUser() returns null but request.getHeader("REMOTE_USER")
returns value as expected.
Setup
SP, CasShib and myapp(secured application) are running in JBoss/Centos.
IDP is deployed in JBoss/Windows Vista. IDP uses Username/password login
handler for authentication. The authentication is against Oracle DB using the
login module DatabaseServerLoginModule which is configured in jboss’s
login-config.xml.
Login Flow
1. When I try to access the secure URL https://mydomain.com/myapp/app1/
2. SP redirects to IDP
https://idp-domain.com:8443/idp/profile/SAML2/Redirect/SSO?SAMLRequest=F97BUNELvO7b%0A5z3naYeY....&RelayState=cookie%3A93603178
3. IDP redirects to IDP Login page
https://idp-domain.com.com:8443/idp/Authn/UserPassword
4. On successful authentication IDP does SAML Post to
https://mydomain.com/Shibboleth.sso/SAML2/POST
5. SP redirects to my secure application URL https://mydomain.com/myapp/app1/
6. Acegi redirects back to CASSHIB
https://mydomain.com/casshib/shib/app1/login?service=https://mydomain.com/myapp/app1/
7. CASSHIB throw the message - Authentication Error The system wasn't able
to properly detect your authentication credentials. This could be a problem
with the configuration of the system. Please contact your administrator. Please
find the below logs as well.
Logs :
[edu.ucmerced.cas.web.flow.CasShibInitialFlowSetupAction] - Action
'CasShibInitialFlowSetupAction' beginning execution
[edu.ucmerced.cas.authentication.principal.CasShibWebApplicationServiceImpl] -
application name or passcode = app1
[edu.ucmerced.cas.web.support.CasShibRegistrationProtectedArgumentExtractor] -
Extractor generated service for: https://mydomain.com:8443/myapp/app1/
[edu.ucmerced.cas.web.flow.CasShibInitialFlowSetupAction] - Placing service in
FlowScope: https://mydomain.com:8443/myapp /app1/
[edu.ucmerced.cas.web.flow.CasShibInitialFlowSetupAction] - Action
'CasShibInitialFlowSetupAction' completed execution; result is 'success'
[edu.ucmerced.cas.adaptors.casshib.web.flow.PrincipalFromHttpHeadersNonInteractiveCredentialsAction]
- Action 'PrincipalFromHttpHeadersNonInteractiveCredentialsAction' beginning
execution
[edu.ucmerced.cas.adaptors.casshib.web.flow.PrincipalFromHttpHeadersNonInteractiveCredentialsAction]
- Remote User not found in HttpServletRequest.
[edu.ucmerced.cas.adaptors.casshib.web.flow.PrincipalFromHttpHeadersNonInteractiveCredentialsAction]
- Action 'PrincipalFromHttpHeadersNonInteractiveCredentialsAction' completed
execution; result is 'error'
[org.quartz.core.JobRunShell] - Calling execute on job
DEFAULT.serviceRegistryReloaderJobDetail
[org.jasig.cas.services.DefaultServicesManagerImpl] - Reloading registered
services.
[org.jasig.cas.services.DefaultServicesManagerImpl] - Adding registered
service https://mydomain.com:8443/myapp/app1/
[org.jasig.cas.services.DefaultServicesManagerImpl] - Loaded 1 services.
Thanks & Regards,
Gokula
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are
not
to copy, disclose, or distribute this e-mail or its contents to any other
person and
any such actions are unlawful. This e-mail may contain viruses. Infosys has
taken
every reasonable precaution to minimize this risk, but is not liable for any
damage
you may sustain as a result of any virus in this e-mail. You should carry out
your
own virus checks before opening the e-mail or attachment. Infosys reserves the
right to monitor and review the content of all messages sent to or from this
e-mail
address. Messages sent to or from this e-mail address may be stored on the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
