I have a tomcat instance which I've configured container managed
security on by setting up the conf/context.xml as follows
<Context allowLinking="true" crossContext='true'>
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat
restarts -->
<!--
<Manager pathname="" />
-->
<!-- Uncomment this to enable Comet connection tacking (provides events
on session expiration as well as webapp lifecycle) -->
<!--
<Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
-->
<Realm
className="org.jasig.cas.client.tomcat.v6.AssertionCasRealm"
roleAttributeName="memberOf"
/>
<Valve
className="org.jasig.cas.client.tomcat.v6.Saml11Authenticator"
encoding="UTF-8"
casServerLoginUrl="https://hostname:443/cas/login";
casServerUrlPrefix="https://hostname:443/cas/";
serverName="hostname"
/>
<!-- Single sign-out support -->
<Valve
className="org.jasig.cas.client.tomcat.v6.SingleSignOutValve"
artifactParameterName="SAMLart"
/>
</Context>
This works except that I've noticed that when I now make requests to
/cas/v1/tickets (which is also in the same tomcat instance) with
content type of application/x-www-form-urlencoded this gives the
following 500 Internal Server Error
<html>
<head>
<title>Status page</title>
</head>
<body>
<h3>The server encountered an unexpected condition which prevented it
from fulfilling the request</h3><p>You can get technical details <a
href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1";>here</a>.<br>
Please continue your visit at our <a href="/">home page</a>.
</p>
</body>
</html>
if I change the content type to text/xml the request succeeds with a
201 response. If I remove the SingleSignOutValve both succeed. What
is the best way to stop this from happening?
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
