Scott, The problem of audit of the single sign out is that the method (CentralAuthenticationService.java: void destroyTicketGrantingTicket (final String ticketGrantingTicketId) accepts the ticket cookie in String format, without rebuilding the object as a whole (ie. authentication attribute). In contrast, the (CentralAuthenticationService.java: public String createTicketGrantingTicket (final Credentials credentials)) receives a Credentials object in which I can do a cast (X509Credentials) and retrieve the certificate information.
I hope the next version could be used to complete audit trail for the single sign out. Cheers, On Mon, Nov 29, 2010 at 4:30 PM, Yuri Negocio Negocio <[email protected]>wrote: > Scott, > > Done: https://issues.jasig.org/browse/CAS-926. However, The biggest > problem is the log of the single sign out. I'm not getting in any way. > > Cheers, > > Yuri > > > > > > On Mon, Nov 29, 2010 at 4:07 PM, Scott Battaglia < > [email protected]> wrote: > >> Hey, >> >> Can you open a JIRA issue for the first problem? I'll fix it tonight >> (I'll actually look through all the credential instances). We still have >> time to get that into 3.4.4. >> >> I'll investigate the second issue tonight. >> >> Cheers, >> Scott >> >> >> On Mon, Nov 29, 2010 at 2:01 PM, Yuri Negocio Negocio >> <[email protected]>wrote: >> >>> Hello Guys, >>> >>> I am deploying the audit module to a CAS X509Authentication Handler, >>> however, observing the log generated by the CAS see that user activities are >>> not properly identified. >>> >>> I used Implementation >>> org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver ( >>> http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-core/3.4-RC1/org/jasig/cas/audit/spi/TicketOrCredentialPrincipalResolver.java >>> ), however, when auditing >>> the identifier of who logged returns: >>> >>> {INFO >>> who: @ >>> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials >>> 1140cf6, >>> what: supplied credentials: @ >>> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials >>> 1140cf6, >>> action: AUTHENTICATION_SUCCESS, >>> application: CAS >>> when: Mon Nov 29 15:43:42 EDT 2010, >>> client_IP: 127.0.0.1, >>> server_ip: localhost >>> } >>> >>> This is the implementation that runs X509CertificateCredentials toString >>> in class: >>> >>> if (arg1 instanceof Credentials) {return arg1.toString ();} >>> >>> >>> I changed the implementation to return the Subject DN: >>> >>> if (arg1 instanceof Credentials) { >>> if (arg1 instanceof X509CertificateCredentials) { >>> X509CertificateCredentials x509Credencials = >>> (X509CertificateCredentials) arg1; >>> x509Credencials.getCertificate return (). getSubjectDN (). getName () >>> } >>> } >>> >>> The log audiria for single sign on has been corrected: >>> >>> {INFO >>> who: cn = Yuri Feitosa Negocio, OU = XXX, O = XXX XX XXX ST =, C = XX, >>> what: TGT-1-w00UIClUmdGQNPRV6PvP7dJeSExXsuaByHyelIIuNOsubZhzwb-Casse, >>> action: TICKET_GRANTING_TICKET_CREATED, >>> application: CAS >>> when: Mon Nov 29 15:10:34 EDT 2010, >>> client_IP: 127.0.0.1, >>> server_ip: localhost >>> } >>> >>> However, for the single sign out can not get the same success: >>> >>> Single Sign Out: >>> {INFO >>> who: audit: unknown, >>> what: TGT-1-w00UIClUmdGQNPRV6PvP7dJeSExXsuaByHyelIIuNOsubZhzwb-cassso, >>> action: TICKET_GRANTING_TICKET_DESTROYED, >>> application: CAS >>> when: Mon Nov 29 15:20:35 EDT 2010, >>> client_IP: 127.0.0.1, >>> server_ip: localhost >>> } >>> >>> I noticed that for the single sign out the following code is executed: >>> >>> else if (instanceof TicketGrantingTicket ticket) { >>> final TicketGrantingTicket tgt = (TicketGrantingTicket) >>> ticket; >>> tgt.getAuthentication return (). getPrincipal (). getId >>> (); >>> } >>> The problem is that the return tgt.getAuthentication (). GetPrincipal (). >>> GetId (); always returns null. >>> >>> Does anyone have any suggestions to appear on the single sign out the >>> user information? >>> >>> Cheers, >>> >>> Yuri Feitosa Negócio >>> >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
