R: R: R: [cas-user] Getting info about the backend authentication used

Thu, 06 May 2010 08:44:51 -0700 

Sorry for my last incomplete email, but I just discovered some new keyboard 
combination to send the email before completing it...

> -----Messaggio originale-----
> Da: David Hawes [mailto:[email protected]] 
> Inviato: lunedì 3 maggio 2010 20.18
> A: [email protected]
> Oggetto: Re: R: R: [cas-user] Getting info about the backend 
> authentication used
> 
> On 5/3/10 12:33 PM, Leandro Dardini wrote:
> ...
> > Thank you for your help, your patch will be really useful. 
> However for 
> > now we are trying only to check for the type of authentication 
> > succeded. I am working on a test CAS server with the 
> > "SimpleTestUsernamePasswordAuthenticationHandler" (the one accepting
> > username=password) and the 
> "AcceptUsersAuthenticationHandler" (the one 
> > from the example, with scott/secret).
> > 
> > Unfortunately I am not receiving the additional information 
> regarding 
> > the succeded authentication handler in the HTTP header. The only 
> > additional information in the header is the user logged in.
> > 
> > The general section of httpd configuration file reports:
> > 
> > CASValidateURL https://dvpauthserver:8443/cas/samlValidate
> > CASLoginURL https://dvpauthserver:8443/cas/login CASDebug On 
> > CASValidateServer Off CASCertificatePath 
> /etc/httpd/conf.d/client.pem 
> > CASValidateSAML On LoadModule auth_cas_module 
> modules/mod_auth_cas.so
> > 
> > The virtualhost section reports:
> > 
> > <Location /> AuthType CAS CASAuthNHeader CAS_USER require 
> valid-user 
> > </Location>
> 
> Do you see the SAML request and response in your debug logs?  
> If any attributes are returned, they will be in this log.
> 
> Also, have you configured a CASCookiePath?
> 
> --

I thank you all for your patience, but the problems I am having with the type 
of authentication succeded are not solved. Thinking of a problem due to the 
simple method implemented, I add the AD/LDAP authentication and this get me 
some time. Now I can look at the SAML exchange, but there are no useful 
information in there. How can I activate the info about the type of 
authentication succeded?

Thank you

Leandro

Validation request: POST 
/cas/samlValidate?TARGET=http%3a%2f%2fdvpauthserver.comune.prato.it%2f HTTP/1.0
Host: dvpauthserver
soapaction: http://www.oasis-open.org/committees/security 
cache-control: no-cache
pragma: no-cache
accept: text/xml
connection: keep-alive
content-type: text/xml
Content-Length: 382

<?xml version="1.0" encoding="utf-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"  MajorV 
ersion="1" MinorVersion="1">
      <samlp:AssertionArtifact>ST-3-cOxDMdlaGvGTrF9JfpXl-cas
      </samlp:AssertionArtifact>
    </samlp:Request>
  </SOAP-ENV:Body>
</SOAP-ENV:Envelope>

Validation response: HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml;charset=UTF-8
Content-Language: it-IT
Date: Thu, 06 May 2010 15:30:52 GMT
Connection: close
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";>
  <SOAP-ENV:Header/>
  <SOAP-ENV:Body>
    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:saml="urn:oasis:names:tc:S AML:1.0:assertion" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi 
="http://www.w3.org/2001/XMLSchema-instance"; 
IssueInstant="2010-05-06T15:30:52.270Z" MajorVersion="1" MinorVersion="1" Recip 
ient="http://dvpauthserver.comune.prato.it/"; 
ResponseID="_7aefa17d02e2f29f00fd450f7f3f9fe6">
     <Status>
       <StatusCode Value="samlp :Success">
       </StatusCode>
     </Status>
    <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" 
AssertionID="_07d510c6bea1b09b8eb2ecc139a3061f" 
IssueInstant="2010-05-06T15:30:52.270Z" Issuer="localhost" MajorVersion="1" 
MinorVersion="1">
    <Conditions NotBef ore="2010-05-06T15:30:52.270Z" 
NotOnOrAfter="2010-05-06T15:31:22.270Z">
      <AudienceRestrictionCondition>
        <Audience>http://dvpauthserver.comune.prato.it/
        </Audience>
      </AudienceRestrictionCondition>
    </Conditions>
    <AuthenticationStatement AuthenticationInstan t="2010-05-06T15:30:52.240Z" 
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified">
     <Subject>
      <NameIdentifier>bf45
      </NameIdentifier>
      <SubjectConfirmation>
         <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact
         </ConfirmationMethod>
      </SubjectConfirmation>
     </Subject>
    </AuthenticationStatement>
    </Assertion>
   </ResponectConfirmation>se>
 </SOAP-ENV:Body>
</SOAP-ENV:Envelope>



-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to