What do your service registry entries look like? Thanks, Carl Waldbieser On Oct 2, 2014 4:24 PM, "Michael Keith" <[email protected]> wrote:
> I'm missing something and I could use a bit of help. > > I (obviously) have a CAS Server configured and running. I have two > clients (Services) authenticated against said server. Both clients are > actual applications that perform a myriad of functions. Each application > has its own UI. The UI, in both cases, communicates to the backend > application via RESTful service calls. > > This works *fine* when I log into a single application and go through > whatever it is I want to do. > > However, I now have a requirement to have Application B invoke one of the > RESTful URLs within Application A. > > ************************************* > Application A: > URL - https://my.domain.com/a > Desired Service URL - https://my.domain.com/a/rest/my/service > ************************************* > > When I attempt to to have Application B retrieve a Proxy Ticket from > Application A, all goes well and I get the following: > > 2014-10-02 15:59:12,390 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: https://my.domain.com/b/j_spring_cas_security_proxyreceptor > WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com for > https://my.domain.com/a/j_spring_cas_security_check > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Thu Oct 02 15:59:12 EDT 2014 > CLIENT IP ADDRESS: 999.999.999.999 > SERVER IP ADDRESS: 999.999.999.999 > ============================================================= > > > > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > When I attempt to actually use the Proxy Ticket I get mixed results. What > I *want* to do is invoke *https://my.domain.com/a/rest/my/service > <https://my.domain.com/a/rest/my/service>* When I try to do that, I am > met with the following: > > 2014-10-02 16:05:32,732 WARN > [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: > Service does not exist is not enabled, and thus not allowed to validate > tickets. Service: [https://my.domain.com/a/rest/my/service]> > 2014-10-02 16:05:32,733 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Thu Oct 02 16:05:32 EDT 2014 > CLIENT IP ADDRESS: 172.19.10.247 > SERVER IP ADDRESS: 172.19.10.247 > ============================================================= > > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationFailure code='Service not allowed to validate tickets.'> > Service not allowed to validate tickets. > </cas:authenticationFailure> > </cas:serviceResponse> > > 10068974 02-10-2014 16:05:32.736 [http-bio-8443-exec-26] DEBUG > o.s.s.c.web.CasAuthenticationFilter - Authentication request failed: > org.springframework.security.authentication.BadCredentialsException: > Service not allowed to validate tickets. > > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > However, if I just invoke the Application's URL (*https://my.domain.com/a > <https://my.domain.com/a>*), I get the following: > > 2014-10-02 16:05:17,181 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com > ACTION: SERVICE_TICKET_VALIDATED > APPLICATION: CAS > WHEN: Thu Oct 02 16:05:17 EDT 2014 > CLIENT IP ADDRESS: 172.19.10.247 > SERVER IP ADDRESS: 172.19.10.247 > ============================================================= > > > 2014-10-02 16:05:17,182 DEBUG > [org.jasig.cas.web.ServiceValidateController] - <Successfully validated > service ticket: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com> > > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > ****************************************************************************************************************************************************************************** > > I understand what the error is telling me - the service at > [*https://my.domain.com/a/rest/my/service > <https://my.domain.com/a/rest/my/service>*] is not registered within > CAS. However, it *is* registered in CAS. I want to invoke one of the > RESTful Services contained within the CAS "Service" (Client). What am I > missing? How can I accomplish my goal? Is this not possible? > > -- > Sincerely, > Michael Keith > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
