Hi, I've made a small breakthrough. I've added the org.jasig.cas.client.authentication.AuthenticationFilter after the SingleSignOutFilter and before the CAS WebAuthenticationFilter. So now the lack of authentication causes a redirection to the configured login site.
Unfortunately, when I come back after successful login I get: 2010-11-16 17:00:37,703 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] (http-127.0.0.1-8443-1) no ticket and no assertion found 2010-11-16 17:00:37,703 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] (http-127.0.0.1-8443-1) Constructed service url: https://localhost:8443/test-jaas 2010-11-16 17:00:37,703 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] (http-127.0.0.1-8443-1) redirecting to "https://localhost:9443/cas?service=https%3A%2F%2Flocalhost%3A8443%2Ftest-jaas"; I type in the username and password.... 2010-11-16 17:01:03,984 DEBUG [org.jasig.cas.client.session.SingleSignOutHandler] (http-127.0.0.1-8443-1) Recording session for token ST-5-J6VCA7YfwMYTtn1R1zzK-cas 2010-11-16 17:01:03,984 DEBUG [org.jasig.cas.client.session.HashMapBackedSessionMappingStorage] (http-127.0.0.1-8443-1) Attempting to remove Session=[5C4AF8B1F27A8B582D143FBD392A86F0] 2010-11-16 17:01:03,984 DEBUG [org.jasig.cas.client.session.HashMapBackedSessionMappingStorage] (http-127.0.0.1-8443-1) No mapping for session found. Ignoring. 2010-11-16 17:01:03,984 DEBUG [org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter] (http-127.0.0.1-8443-1) Attempting CAS ticket validation with service=https://localhost:8443/test-jaas;jsessionid=5C4AF8B1F27A8B582D143FBD392A86F0 and ticket=ST-5-J6VCA7YfwMYTtn1R1zzK-cas 2010-11-16 17:01:04,000 DEBUG [org.jasig.cas.client.jboss.authentication.WebAuthenticationFilter] (http-127.0.0.1-8443-1) JBoss Web authentication failed. How can I debug this? What are the possible causes of failed "web authentication". No logs from CasLoginModule nor activity on CAS server have been recorded. The "cas" application-policy has the CasLoginModule configured, login-config.xml has been attached in the initial post. Another thing, which is confusing as well, is the fact that when I access the servlet via an unsecured URL (say, /_TestServlet in from my web.xml) I get redirected to CAS, while I access it via a protected URL (say, /TestServlet) I get the 403 message immediately. It's like the web layer privileges were checked before the redirecting filter invocation. Perhaps the server notices a role requirement, but due to the lack of <login-config/> in web.xml it returns 403 immediately. Is is possible at all to use the CasLoginModule in both EJB and web layers? Here is my new web.xml: http://jasig.275507.n4.nabble.com/file/n3045189/web.xml web.xml So, by and large, I have two problems now: "web authentication" failure and the phenomenon described above (which might be just my lack of understanding). Best regards, Maciek -- View this message in context: http://jasig.275507.n4.nabble.com/Problems-with-CAS-ifying-a-JEE-application-using-JAAS-tp3044438p3045189.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
