Hi Scott The only reason I used the Saml11TicketValidator was to get the Active Directory attributes for the logged in user using a custom UserDetailsService (extending AbstractCasAssertionUserDetailsService). But proxying fails.
If I use Cas20ProxyTicketValidator, proxying works fine but no attributes are released. I need the authorities and attributes from AD both in both my applications. Is there an explicit way to request CAS to release these attributes after proxying. Regards Kiran On 8/3/11 1:55 PM, Scott Battaglia wrote: > SAML1.1 doesn't support proxying (its not in SAML 1.1) > > > On Wed, Aug 3, 2011 at 12:45 PM, Tropigeek <[email protected] > <mailto:[email protected]>> wrote: > > There doesn't seem to be any callback in the trace. I go back to > my earlier question if it has to do anything to do with using the > Saml11TicketValidator instead of the Cas20ProxyTicketValidator. > The Saml11TicketValidator does not have any of the properties such > as acceptAnyProxy, proxyCallbackUrl, proxyGrantingTicketStorage-ref > > I was missing out on the service manage configuration but I have > added attribute release for both http and https. Don't know if it > has any bearing on the proxy ticket. > > What am I missing if I see this on the console: > > AttributePrincipalImpl.getProxyTicketFor(109) | No > ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. > > If I am using Spring Security, do I need any configuration in the > web.xml. The only security filter I have is the > org.springframework.web.filter.DelegatingFilterProxy. > > Regards > > > > > On 8/3/11 10:53 AM, Marvin Addison wrote: >>> The proxy ticket is always NULL. >> May be a proxy callback authentication or configuration problem. Turn >> up the logging to DEBUG on the server and read whether the proxy >> callback is invoked successfully. >> >> M >> > -- > You are currently subscribed [email protected] > <mailto:[email protected]> as:[email protected] > <mailto:[email protected]> > > > To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
