https://my.domain.com/a/j_spring_security_check https://my.domain.com/b/j_spring_security_check
Like I said: Each of those is an application unto itself. Each application has many RESTful services - each of which I may be required (at some point in time) to allow a different application to invoke. I say all of that because I assume that I can create a separate entry within the *RegisteredServiceImpl* table for the RESTful service I am trying to call. However, that isn't going to scale very well if / when I have to allow various applications the ability to invoke various RESTful services in different applications. As of right now, we have a half dozen application participating in SSO. Each application has 1-2 dozen RESTful services that their UI invokes at various times. It would be unreasonable to have a "service" entry within the *RegisteredServiceImpl* table for each and every one of them when the application they're running inside is already registered. On Thu, Oct 2, 2014 at 6:53 PM, Carl Waldbieser <[email protected]> wrote: > What do your service registry entries look like? > > Thanks, > Carl Waldbieser > On Oct 2, 2014 4:24 PM, "Michael Keith" <[email protected]> wrote: > >> I'm missing something and I could use a bit of help. >> >> I (obviously) have a CAS Server configured and running. I have two >> clients (Services) authenticated against said server. Both clients are >> actual applications that perform a myriad of functions. Each application >> has its own UI. The UI, in both cases, communicates to the backend >> application via RESTful service calls. >> >> This works *fine* when I log into a single application and go through >> whatever it is I want to do. >> >> However, I now have a requirement to have Application B invoke one of the >> RESTful URLs within Application A. >> >> ************************************* >> Application A: >> URL - https://my.domain.com/a >> Desired Service URL - https://my.domain.com/a/rest/my/service >> ************************************* >> >> When I attempt to to have Application B retrieve a Proxy Ticket from >> Application A, all goes well and I get the following: >> >> 2014-10-02 15:59:12,390 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: https://my.domain.com/b/j_spring_cas_security_proxyreceptor >> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com for >> https://my.domain.com/a/j_spring_cas_security_check >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Thu Oct 02 15:59:12 EDT 2014 >> CLIENT IP ADDRESS: 999.999.999.999 >> SERVER IP ADDRESS: 999.999.999.999 >> ============================================================= >> > >> >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> When I attempt to actually use the Proxy Ticket I get mixed results. >> What I *want* to do is invoke *https://my.domain.com/a/rest/my/service >> <https://my.domain.com/a/rest/my/service>* When I try to do that, I am >> met with the following: >> >> 2014-10-02 16:05:32,732 WARN >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: >> Service does not exist is not enabled, and thus not allowed to validate >> tickets. Service: [https://my.domain.com/a/rest/my/service]> >> 2014-10-02 16:05:32,733 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Thu Oct 02 16:05:32 EDT 2014 >> CLIENT IP ADDRESS: 172.19.10.247 >> SERVER IP ADDRESS: 172.19.10.247 >> ============================================================= >> > >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationFailure code='Service not allowed to validate >> tickets.'> >> Service not allowed to validate tickets. >> </cas:authenticationFailure> >> </cas:serviceResponse> >> >> 10068974 02-10-2014 16:05:32.736 [http-bio-8443-exec-26] DEBUG >> o.s.s.c.web.CasAuthenticationFilter - Authentication request failed: >> org.springframework.security.authentication.BadCredentialsException: >> Service not allowed to validate tickets. >> >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> However, if I just invoke the Application's URL (*https://my.domain.com/a >> <https://my.domain.com/a>*), I get the following: >> >> 2014-10-02 16:05:17,181 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >> trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com >> ACTION: SERVICE_TICKET_VALIDATED >> APPLICATION: CAS >> WHEN: Thu Oct 02 16:05:17 EDT 2014 >> CLIENT IP ADDRESS: 172.19.10.247 >> SERVER IP ADDRESS: 172.19.10.247 >> ============================================================= >> > >> 2014-10-02 16:05:17,182 DEBUG >> [org.jasig.cas.web.ServiceValidateController] - <Successfully validated >> service ticket: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com> >> >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> ****************************************************************************************************************************************************************************** >> >> I understand what the error is telling me - the service at >> [*https://my.domain.com/a/rest/my/service >> <https://my.domain.com/a/rest/my/service>*] is not registered within >> CAS. However, it *is* registered in CAS. I want to invoke one of the >> RESTful Services contained within the CAS "Service" (Client). What am I >> missing? How can I accomplish my goal? Is this not possible? >> >> -- >> Sincerely, >> Michael Keith >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Sincerely, Michael Keith -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
