The TicketOrCredentialPrincipalResolver takes the String ticket id and
attempts to resolve it to the ticket. If its not resolving it, that
typically means it can't find it.
Here's the code:
protected String resolveFromInternal(final JoinPoint joinPoint) {
final Object arg1 = joinPoint.getArgs()[0];
if (arg1 instanceof Credentials) {
return arg1.toString();
} else if (arg1 instanceof String) {
final Ticket ticket = this.ticketRegistry.getTicket((String)
arg1);
if (ticket instanceof ServiceTicket) {
final ServiceTicket serviceTicket = (ServiceTicket) ticket;
return
serviceTicket.getGrantingTicket().getAuthentication().getPrincipal().getId();
} else if (ticket instanceof TicketGrantingTicket) {
final TicketGrantingTicket tgt = (TicketGrantingTicket)
ticket;
return tgt.getAuthentication().getPrincipal().getId();
}
}
return UNKNOWN_USER;
}
Cheers,
Scott
On Mon, Nov 29, 2010 at 3:33 PM, Yuri Negocio Negocio <[email protected]>wrote:
> Scott,
>
> The problem of audit of the single sign out is that the method
> (CentralAuthenticationService.java: void destroyTicketGrantingTicket (final
> String ticketGrantingTicketId) accepts the ticket cookie in String format,
> without rebuilding the object as a whole (ie. authentication attribute). In
> contrast, the (CentralAuthenticationService.java: public String
> createTicketGrantingTicket (final Credentials credentials)) receives a
> Credentials object in which I can do a cast (X509Credentials) and retrieve
> the certificate information.
>
> I hope the next version could be used to complete audit trail for the
> single sign out.
>
> Cheers,
>
> On Mon, Nov 29, 2010 at 4:30 PM, Yuri Negocio Negocio
> <[email protected]>wrote:
>
>> Scott,
>>
>> Done: https://issues.jasig.org/browse/CAS-926. However, The biggest
>> problem is the log of the single sign out. I'm not getting in any way.
>>
>> Cheers,
>>
>> Yuri
>>
>>
>>
>>
>>
>> On Mon, Nov 29, 2010 at 4:07 PM, Scott Battaglia <
>> [email protected]> wrote:
>>
>>> Hey,
>>>
>>> Can you open a JIRA issue for the first problem? I'll fix it tonight
>>> (I'll actually look through all the credential instances). We still have
>>> time to get that into 3.4.4.
>>>
>>> I'll investigate the second issue tonight.
>>>
>>> Cheers,
>>> Scott
>>>
>>>
>>> On Mon, Nov 29, 2010 at 2:01 PM, Yuri Negocio Negocio <[email protected]
>>> > wrote:
>>>
>>>> Hello Guys,
>>>>
>>>> I am deploying the audit module to a CAS X509Authentication Handler,
>>>> however, observing the log generated by the CAS see that user activities
>>>> are
>>>> not properly identified.
>>>>
>>>> I used Implementation
>>>> org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver (
>>>> http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-core/3.4-RC1/org/jasig/cas/audit/spi/TicketOrCredentialPrincipalResolver.java
>>>> ), however, when auditing
>>>> the identifier of who logged returns:
>>>>
>>>> {INFO
>>>> who: @
>>>> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials
>>>> 1140cf6,
>>>> what: supplied credentials: @
>>>> org.jasig.cas.adaptors.x509.authentication.principal.X509CertificateCredentials
>>>> 1140cf6,
>>>> action: AUTHENTICATION_SUCCESS,
>>>> application: CAS
>>>> when: Mon Nov 29 15:43:42 EDT 2010,
>>>> client_IP: 127.0.0.1,
>>>> server_ip: localhost
>>>> }
>>>>
>>>> This is the implementation that runs X509CertificateCredentials toString
>>>> in class:
>>>>
>>>> if (arg1 instanceof Credentials) {return arg1.toString ();}
>>>>
>>>>
>>>> I changed the implementation to return the Subject DN:
>>>>
>>>> if (arg1 instanceof Credentials) {
>>>> if (arg1 instanceof X509CertificateCredentials) {
>>>> X509CertificateCredentials x509Credencials =
>>>> (X509CertificateCredentials) arg1;
>>>> x509Credencials.getCertificate return (). getSubjectDN (). getName ()
>>>> }
>>>> }
>>>>
>>>> The log audiria for single sign on has been corrected:
>>>>
>>>> {INFO
>>>> who: cn = Yuri Feitosa Negocio, OU = XXX, O = XXX XX XXX ST =, C = XX,
>>>> what: TGT-1-w00UIClUmdGQNPRV6PvP7dJeSExXsuaByHyelIIuNOsubZhzwb-Casse,
>>>> action: TICKET_GRANTING_TICKET_CREATED,
>>>> application: CAS
>>>> when: Mon Nov 29 15:10:34 EDT 2010,
>>>> client_IP: 127.0.0.1,
>>>> server_ip: localhost
>>>> }
>>>>
>>>> However, for the single sign out can not get the same success:
>>>>
>>>> Single Sign Out:
>>>> {INFO
>>>> who: audit: unknown,
>>>> what: TGT-1-w00UIClUmdGQNPRV6PvP7dJeSExXsuaByHyelIIuNOsubZhzwb-cassso,
>>>> action: TICKET_GRANTING_TICKET_DESTROYED,
>>>> application: CAS
>>>> when: Mon Nov 29 15:20:35 EDT 2010,
>>>> client_IP: 127.0.0.1,
>>>> server_ip: localhost
>>>> }
>>>>
>>>> I noticed that for the single sign out the following code is executed:
>>>>
>>>> else if (instanceof TicketGrantingTicket ticket) {
>>>> final TicketGrantingTicket tgt = (TicketGrantingTicket)
>>>> ticket;
>>>> tgt.getAuthentication return (). getPrincipal (). getId
>>>> ();
>>>> }
>>>> The problem is that the return tgt.getAuthentication (). GetPrincipal
>>>> (). GetId (); always returns null.
>>>>
>>>> Does anyone have any suggestions to appear on the single sign out the
>>>> user information?
>>>>
>>>> Cheers,
>>>>
>>>> Yuri Feitosa Negócio
>>>>
>>>
>>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
