[cas-user] Legacy java client ticket validation

Fri, 02 Aug 2013 05:13:32 -0700 

Hello everyone. I'm new to this forum and this is my first question for CAS, so 
be merciful! :]

Here's some background: I'm the sys. admin of a site and we're implementing CAS 
(3.4.2.1) onto a glassfish cluster (currently, single node for tests), the 
whole thing is protected by an apache reverse-proxy with mod_jk.

Thus being said, we have several php application already casyfied and 
everything seems fine. My worry is that I have a legacy java application that 
would also needs to be casyfied.
This java application is in fact an sftp server where users can access their 
files, It currently has its own authentication method. The goal is that the 
user authenticate to CAS, gets a ticket, use the php application, gets 
redirected to the legacy java app and present its ticket as a "token". The java 
app validates the ticket and returns a success.

I checked the tutorial and first tried Cas20ProxyTicketValidator:

public static void main(String[] args) {
        validateTicket("ST-119-tTfBWlPfc4afNiWwP9RP-dcas");     // I get this 
ticket from the CAS logfile
                                                                // when the 
user authenticates through the cas
                                                                // changes 
everytime of course
}

public final static boolean validateTicket(String ticket) {
        AttributePrincipal principal = null;
        String casServerUrl = "https://dcas.sopres.be:8443/cas";;
        String legacyServerServiceUrl = "http://dservicedesk.sopres.be";;
        Cas20ProxyTicketValidator sv = new 
Cas20ProxyTicketValidator(casServerUrl);
                
        sv.setAcceptAnyProxy(true);
        try {
                Assertion a = sv.validate(ticket, legacyServerServiceUrl);
                principal = a.getPrincipal();
                System.out.println("user name:" + principal.getName());
        } catch (TicketValidationException e) {
                e.printStackTrace();
        }
        return principal != null;
}


Alas, everytime I get "ticket '...' not recognized".

The only success I have is when, on the same workstation, I surf to:
https://dcas.sopres.be:8443/cas/login?service=http%3A%2F%2Fdservicedesk.sopres.be
>From the logfile, I get: Granted service ticket 
>[ST-126-bkL0cU2B7hc4d5O1ZOVm-dcas] for service [http://dservicedesk.sopres.be]
Change the ticket number in my code, run it and I get the username.

If I wait a little bit too much, I get the infamous "not recognized" answer 
from CAS.

Could someone give me a clue on how this can be achieved?

Thanks in advance!

Seb.

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to