I tried to read the remoteUser but i always get null.
I deployed a servlet on the same Tomcat server as of CAS and displayed the
headers. i see it null
this is code snippet
out.println("queryString=" + req.getQueryString());
out.println("uri=" + req.getRequestURI());
out.println("host=" + req.getServerName());
out.println("user=" + req.getUserPrincipal());
out.println("port=" + req.getServerPort());
out.println("remoteuser=" + req.getgetRemoteUser());
Should we change anyting at the CAS Tomcat Server level for enabling this?
On Thu, Dec 9, 2010 at 9:11 AM, Vipin Jain <[email protected]> wrote:
> Thanks Scott
>
> trying things out now.
>
>
> On Thu, Dec 9, 2010 at 8:53 AM, Scott Battaglia <[email protected]
> > wrote:
>
>> On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain <[email protected]> wrote:
>>
>>> ok, but i am using the same CAS server for issuing the ticket at both the
>>> clients.
>>
>>
>> It doesn't matter. You can only validate a service ticket once. So if
>> both clients get the same ticket, the second one will fail.
>>
>>
>>
>>>
>>> also, is remoteUser a header which i can read
>>>
>>
>> Its the HttpServletRequest#getRemoteUser().
>>
>>
>>
>>
>>>
>>>
>>> On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <
>>> [email protected]> wrote:
>>>
>>>> Two of them can't read the same ticket. Tickets can only be used once.
>>>>
>>>>
>>>> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain <[email protected]> wrote:
>>>>
>>>>> Thanks
>>>>>
>>>>> but we need protection even if anybody accesses the direct websphere
>>>>> application so have CAS clients at both levels.
>>>>>
>>>>> Can't we have two CAS clients working at a time?
>>>>>
>>>>> Thanks
>>>>> Vipin
>>>>>
>>>>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>>>>> [email protected]> wrote:
>>>>>
>>>>>> You only need one CAS client. You either need to use mod_auth_cas
>>>>>> (and then read the remoteUser) or use the CAS Client.
>>>>>>
>>>>>>
>>>>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain <[email protected]>wrote:
>>>>>>
>>>>>>> Hello Scott,
>>>>>>>
>>>>>>> I have a peculiar problem
>>>>>>>
>>>>>>> We have configured the environment as below
>>>>>>>
>>>>>>> 1. Install CAS on Tomcat
>>>>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat
>>>>>>> URL
>>>>>>> 4. Proxy all the access through Apache
>>>>>>>
>>>>>>> Here is the flow
>>>>>>>
>>>>>>> 1. User access websphere application thru Apache
>>>>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>>>>> 3. User authenticates and it is redirected to the websphere
>>>>>>> application
>>>>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>>>>> below error
>>>>>>>
>>>>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O has ticket? =false
>>>>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O request url=
>>>>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>>>>
>>>>>>> If we remove the mod_auth_cas from Apache and only Proxy the
>>>>>>> application through apache. Everything works fine.
>>>>>>>
>>>>>>> So mod_auth_cas is creating issues.
>>>>>>>
>>>>>>> Can you please help me whats the problem.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Vipin
>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to [email protected] as:
>>>>>>> [email protected]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [email protected] as:
>>>>>> [email protected]
>>>>>>
>>>>>>
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>> --
>>>>> You are currently subscribed to [email protected] as:
>>>>> [email protected]
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>>
>>>> --
>>>> You are currently subscribed to [email protected] as:
>>>> [email protected]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>>
>>>
>>>
>>>
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
