Yes. Eventually these will be on different machines but as of now, I have the web and DS apps on my machine. I read the CAS and spring security documentation and made some changes to my configuration. The proxy ticket is always NULL.
I am trying to get the proxy ticket with CasAuthenticationToken auth = (CasAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); String serviceUrl = "https://localhost:8443/app-web/j_spring_cas_security_check";; String proxyTicket = assertion.getPrincipal().getProxyTicketFor(serviceUrl); but the error on the console is *AttributePrincipalImpl.getProxyTicketFor(109) | No ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. * The proxy url is already configured with the CasAuthenticationFilter : <b:bean id="casFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter" p:authenticationManager-ref="authManager" p:serviceProperties-ref="serviceProperties" p:proxyGrantingTicketStorage-ref="pgtStorage" p:proxyReceptorUrl="/j_spring_cas_security_proxyreceptor"> <b:property name="authenticationDetailsSource"> <b:bean class="org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource" /> </b:property> <b:property name="authenticationFailureHandler"> <b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" p:defaultFailureUrl="/casfailed.jsp" /> </b:property> </b:bean> I haven't added any filters to the web.xml. I am not sure if this is causing any problem. Regards K On 8/2/11 3:00 PM, Marvin Addison wrote: >> 1. app-web : UI application WAR (maven+spring+gwt) >> 2. app-ds: Data services WAR (maven+spring+hibernate) >> 3. app-cas: Maven overlay war. > Hopefully those are all on different hosts where SSO would be of benefit. > >> When the user logs into app-web and requests services from the app-ds, the >> user app-ds throws an exception and wants the user to authenticate again. > If app-ds is protected by CAS, this will not work without use of CAS > proxy authentication. See http://www.jasig.org/cas/protocol for more > information on the CAS 2 protocol with proxy support. In any case you > should share the exception if after study and further work the problem > persists. > >> I adding the service ticket (ST-XXXX) to the query string before sending >> post requests to the app-ds. > CAS doesn't work that way. You really should study the protocol > document or many other resources on the Web that provide a high-level > overview of the CAS authentication workflow. > > M > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
