I'm missing something and I could use a bit of help. I (obviously) have a CAS Server configured and running. I have two clients (Services) authenticated against said server. Both clients are actual applications that perform a myriad of functions. Each application has its own UI. The UI, in both cases, communicates to the backend application via RESTful service calls.
This works *fine* when I log into a single application and go through whatever it is I want to do. However, I now have a requirement to have Application B invoke one of the RESTful URLs within Application A. ************************************* Application A: URL - https://my.domain.com/a Desired Service URL - https://my.domain.com/a/rest/my/service ************************************* When I attempt to to have Application B retrieve a Proxy Ticket from Application A, all goes well and I get the following: 2014-10-02 15:59:12,390 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: https://my.domain.com/b/j_spring_cas_security_proxyreceptor WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com for https://my.domain.com/a/j_spring_cas_security_check ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Thu Oct 02 15:59:12 EDT 2014 CLIENT IP ADDRESS: 999.999.999.999 SERVER IP ADDRESS: 999.999.999.999 ============================================================= > ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** When I attempt to actually use the Proxy Ticket I get mixed results. What I *want* to do is invoke *https://my.domain.com/a/rest/my/service <https://my.domain.com/a/rest/my/service>* When I try to do that, I am met with the following: 2014-10-02 16:05:32,732 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets. Service: [https://my.domain.com/a/rest/my/service]> 2014-10-02 16:05:32,733 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Thu Oct 02 16:05:32 EDT 2014 CLIENT IP ADDRESS: 172.19.10.247 SERVER IP ADDRESS: 172.19.10.247 ============================================================= > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationFailure code='Service not allowed to validate tickets.'> Service not allowed to validate tickets. </cas:authenticationFailure> </cas:serviceResponse> 10068974 02-10-2014 16:05:32.736 [http-bio-8443-exec-26] DEBUG o.s.s.c.web.CasAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Service not allowed to validate tickets. ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** However, if I just invoke the Application's URL (*https://my.domain.com/a <https://my.domain.com/a>*), I get the following: 2014-10-02 16:05:17,181 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Thu Oct 02 16:05:17 EDT 2014 CLIENT IP ADDRESS: 172.19.10.247 SERVER IP ADDRESS: 172.19.10.247 ============================================================= > 2014-10-02 16:05:17,182 DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated service ticket: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com> ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** ****************************************************************************************************************************************************************************** I understand what the error is telling me - the service at [*https://my.domain.com/a/rest/my/service <https://my.domain.com/a/rest/my/service>*] is not registered within CAS. However, it *is* registered in CAS. I want to invoke one of the RESTful Services contained within the CAS "Service" (Client). What am I missing? How can I accomplish my goal? Is this not possible? -- Sincerely, Michael Keith -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
