Hi, The *filterProcessesUrl* is dedicated to receive service tickets during the CAS login process. Generally, the url is kept with the default value: /j_spring_cas_security_check. So the error you get is completely normal if you don't provide any service ticket. You should not call this url, but any protected url of your application to trigger a CAS round-trip. Best regards, Jérôme
2014-03-27 9:07 GMT+01:00 ray <[email protected]>: > Hi, > In my cas service client (Spring client) I have this configuration: > > <http pattern="/resources/**" security="none"/> > > <http use-expressions="true" entry-point-ref="casEntryPoint"> > <intercept-url pattern="/sync/**" access="permitAll"/> > <intercept-url pattern="/**" access="isAuthenticated()"/> > <access-denied-handler error-page="/no-access"/> > > <custom-filter ref="casFilter" position="CAS_FILTER"/> > <custom-filter ref="singleLogoutFilter" > before="LOGOUT_FILTER"/> > > <logout logout-url="/logout" > > logout-success-url="${cas.server.host}/cas/logout?service=${cas.service.host}"/> > </http> > > <authentication-manager alias="authenticationManager"> > <authentication-provider ref="casAuthProvider"/> > </authentication-manager> > > > <!-- authenticates CAS tickets, must be in custom-filter of cis.xml --> > <bean id="casFilter" > > class="org.springframework.security.cas.web.CasAuthenticationFilter"> > <property name="authenticationManager" > ref="authenticationManager"/> > <property name="filterProcessesUrl" value="/login"/> > </bean> > > <bean id="casAuthProvider" > > class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> > <property name="ticketValidator" ref="ticketValidator"/> > <property name="serviceProperties" ref="serviceProperties"/> > <property name="key" value="Analytics"/> > <property name="authenticationUserDetailsService" > ref="myUserDetailsService"/> > <!-- <property name="statelessTicketCache" > ref="statelessTicketCache"/>--> > > </bean> > > > > Everything working as expected. the only this I dont get is when I am > accessing localhost:8080/login instead of being redirect to CAS server I am > getting: > > HTTP Status 401 - Authentication Failed: Failed to provide a CAS service > ticket to validate > > > (same goes for /admin/login) > > Is 'login' somehow protected by cas client? anyone could please explain me > that? > > thanks, > ray. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
