Ha. I knew I was overlooking something silly and simple. *Thank you so much*. For anyone interested, for here <https://wiki.jasig.org/display/CASUM/Adding+a+New+Service> is the link to the relevant Wiki page.(CAS 4.x here <http://jasig.github.io/cas/4.0.0/installation/Service-Management.html>).
On Thu, Oct 2, 2014 at 10:08 PM, Carl Waldbieser <[email protected]> wrote: > Typically the service registry entries use patterns. Ant or regex are > typical types of patterns. > > For example: > > https://my.domain.com/a/** > > That should match any child resource under /a. > > If you don't use a pattern, you are allowing only the exact URL. Even an > explicit vs implicit port can cause a failure. E.g. the above pattern does > not match an explicit port 443. > > Thanks, > Carl > On Oct 2, 2014 7:07 PM, "Michael Keith" <[email protected]> wrote: > >> https://my.domain.com/a/j_spring_security_check >> https://my.domain.com/b/j_spring_security_check >> >> Like I said: Each of those is an application unto itself. Each >> application has many RESTful services - each of which I may be required (at >> some point in time) to allow a different application to invoke. >> >> I say all of that because I assume that I can create a separate entry >> within the *RegisteredServiceImpl* table for the RESTful service I am >> trying to call. However, that isn't going to scale very well if / when I >> have to allow various applications the ability to invoke various RESTful >> services in different applications. >> >> As of right now, we have a half dozen application participating in SSO. >> Each application has 1-2 dozen RESTful services that their UI invokes at >> various times. It would be unreasonable to have a "service" entry within >> the *RegisteredServiceImpl* table for each and every one of them when >> the application they're running inside is already registered. >> >> On Thu, Oct 2, 2014 at 6:53 PM, Carl Waldbieser <[email protected]> >> wrote: >> >>> What do your service registry entries look like? >>> >>> Thanks, >>> Carl Waldbieser >>> On Oct 2, 2014 4:24 PM, "Michael Keith" <[email protected]> wrote: >>> >>>> I'm missing something and I could use a bit of help. >>>> >>>> I (obviously) have a CAS Server configured and running. I have two >>>> clients (Services) authenticated against said server. Both clients are >>>> actual applications that perform a myriad of functions. Each application >>>> has its own UI. The UI, in both cases, communicates to the backend >>>> application via RESTful service calls. >>>> >>>> This works *fine* when I log into a single application and go through >>>> whatever it is I want to do. >>>> >>>> However, I now have a requirement to have Application B invoke one of >>>> the RESTful URLs within Application A. >>>> >>>> ************************************* >>>> Application A: >>>> URL - https://my.domain.com/a >>>> Desired Service URL - https://my.domain.com/a/rest/my/service >>>> ************************************* >>>> >>>> When I attempt to to have Application B retrieve a Proxy Ticket from >>>> Application A, all goes well and I get the following: >>>> >>>> 2014-10-02 15:59:12,390 INFO >>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >>>> trail record BEGIN >>>> ============================================================= >>>> WHO: https://my.domain.com/b/j_spring_cas_security_proxyreceptor >>>> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com for >>>> https://my.domain.com/a/j_spring_cas_security_check >>>> ACTION: SERVICE_TICKET_CREATED >>>> APPLICATION: CAS >>>> WHEN: Thu Oct 02 15:59:12 EDT 2014 >>>> CLIENT IP ADDRESS: 999.999.999.999 >>>> SERVER IP ADDRESS: 999.999.999.999 >>>> ============================================================= >>>> > >>>> >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> When I attempt to actually use the Proxy Ticket I get mixed results. >>>> What I *want* to do is invoke *https://my.domain.com/a/rest/my/service >>>> <https://my.domain.com/a/rest/my/service>* When I try to do that, I >>>> am met with the following: >>>> >>>> 2014-10-02 16:05:32,732 WARN >>>> [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: >>>> Service does not exist is not enabled, and thus not allowed to validate >>>> tickets. Service: [https://my.domain.com/a/rest/my/service]> >>>> 2014-10-02 16:05:32,733 INFO >>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >>>> trail record BEGIN >>>> ============================================================= >>>> WHO: audit:unknown >>>> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com >>>> ACTION: SERVICE_TICKET_VALIDATE_FAILED >>>> APPLICATION: CAS >>>> WHEN: Thu Oct 02 16:05:32 EDT 2014 >>>> CLIENT IP ADDRESS: 172.19.10.247 >>>> SERVER IP ADDRESS: 172.19.10.247 >>>> ============================================================= >>>> > >>>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >>>> <cas:authenticationFailure code='Service not allowed to validate >>>> tickets.'> >>>> Service not allowed to validate tickets. >>>> </cas:authenticationFailure> >>>> </cas:serviceResponse> >>>> >>>> 10068974 02-10-2014 16:05:32.736 [http-bio-8443-exec-26] DEBUG >>>> o.s.s.c.web.CasAuthenticationFilter - Authentication request failed: >>>> org.springframework.security.authentication.BadCredentialsException: >>>> Service not allowed to validate tickets. >>>> >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> However, if I just invoke the Application's URL (*https://my.domain.com/a >>>> <https://my.domain.com/a>*), I get the following: >>>> >>>> 2014-10-02 16:05:17,181 INFO >>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit >>>> trail record BEGIN >>>> ============================================================= >>>> WHO: audit:unknown >>>> WHAT: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com >>>> ACTION: SERVICE_TICKET_VALIDATED >>>> APPLICATION: CAS >>>> WHEN: Thu Oct 02 16:05:17 EDT 2014 >>>> CLIENT IP ADDRESS: 172.19.10.247 >>>> SERVER IP ADDRESS: 172.19.10.247 >>>> ============================================================= >>>> > >>>> 2014-10-02 16:05:17,182 DEBUG >>>> [org.jasig.cas.web.ServiceValidateController] - <Successfully validated >>>> service ticket: ST-14-oScXwVbhdJ7mPwWujgMp-XXXXX.XXXXX.com> >>>> >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> ****************************************************************************************************************************************************************************** >>>> >>>> I understand what the error is telling me - the service at >>>> [*https://my.domain.com/a/rest/my/service >>>> <https://my.domain.com/a/rest/my/service>*] is not registered within >>>> CAS. However, it *is* registered in CAS. I want to invoke one of the >>>> RESTful Services contained within the CAS "Service" (Client). What am I >>>> missing? How can I accomplish my goal? Is this not possible? >>>> >>>> -- >>>> Sincerely, >>>> Michael Keith >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> >> -- >> Sincerely, >> Michael Keith >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Sincerely, Michael Keith -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
