I finally solved this issue.  The previous developer working on our CAS
system setup a different prefix path for the UrlBasedViewResolver than the
default, and a side effect was that the JSP in which clearpass returns the
response could not be found.  This was causing a 404 error, and hence the
password was not returned.

On Wed, Oct 22, 2014 at 1:46 PM, Adam Causey <[email protected]> wrote:

> Thanks for all of the replies.  I've narrowed it down now to an issue with
> the jsp not being found, although it is where it should be on the file
> system.  It's going to take some additional digging to see why the jsp path
> is apparently including the context, which seems to be the issue here.
>
> HTTP Status 404 - 
> /cas/WEB-INF/view/jsp/default/ui/protocol/clearPass/clearPassSuccess.jsp
>>
>>
> thanks,
> Adam
>
>
> On Wed, Oct 22, 2014 at 11:50 AM, John Gasper <[email protected]> wrote:
>
>>  At this point, if you can't bump the logging to get more information
>> about the cause of the error, then you might need to attach a debugger to
>> your container and step through some code.
>>
>>
>>  On 10/21/14 12:10 PM, Adam Causey wrote:
>>
>>  John,
>>
>>  As far as I know I am sending the newly acquired proxy ticket, however
>> I did notice that my proxy tickets are prefixed with ST which is not what
>> the example shows.
>>
>>  I followed the steps found on the Proxy CAS Walkthrough
>> <https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough> page using
>> the clearPass URL as the targetService in Step Four, and in Step Five I
>> verified the ticket by calling proxyValidate with the clearPass URL as the
>> service and the ticket I received from Step Four as the ticket.
>>
>>  Step Five produced the result below, which seems to indicate that the
>> ticket was valid.  However, if I call the clearPass URL with the ticket
>> appended I get the 'invalid ticket' error in the logs.  This tells me the
>> backend call that the clearPass endpoint is making is where the failure is
>> occurring.
>>
>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>>      <cas:authenticationSuccess>
>>              <cas:user>apcausey</cas:user>
>>              <cas:proxies>
>>                      
>> <cas:proxy>https://dev.vcu.edu/cas-test/proxyCallback</cas:proxy>
>>              </cas:proxies>
>>      </cas:authenticationSuccess></cas:serviceResponse>
>>
>>  Thanks!
>>
>> Adam
>>
>>
>>
>> On Tue, Oct 21, 2014 at 12:54 PM, John Gasper <[email protected]> wrote:
>>
>>>  Adam,
>>>
>>> Are you sending the calling application's originally requested service
>>> ticket or are you sending a newly acquired proxy ticket to clearPass?
>>>
>>> John
>>>
>>> ---
>>> *John Gasper*
>>> IAM Consultant
>>> Unicon, Inc.
>>> PGP/GPG Key: 0xbafee3ef
>>>
>>>   On 10/21/14 8:53 AM, Adam Causey wrote:
>>>
>>>   I'm still having issues with clearPass not recognizing the service
>>> ticket when I call the /clearPass endpoint.  I ran through the 'Proxy CAS
>>> Walkthrough' instructions to make sure that proxying is setup correctly and
>>> that I understand it better.
>>>
>>>  Is my understanding correct that all I should have to do is treat the
>>> /clearPass endpoint as I would a normal proxied service even though it is
>>> on the CAS server itself?
>>>
>>>  I followed the instructions for setting up clear pass to the tooth and
>>> have re-checked my configuration.
>>>
>>>  Does anyone using clearPass have any suggestions, or is it not widely
>>> implemented?
>>>
>>>  Thanks,
>>> Adam
>>>
>>>
>>>
>>> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey <[email protected]> wrote:
>>>
>>>>  I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>>>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>>>> .  However, it my test client when I call the /clearPass endpoint I get a
>>>> 404 Not Found response.
>>>>
>>>>  I checked to make sure the /clearPass is being mapping with the
>>>> defined HandlerMapping in clearpass-configuration.xml, and everything looks
>>>> fine.  There are no errors in my logs.
>>>>
>>>>  Any advice on getting this setup?
>>>>
>>>>  Thanks!
>>>>
>>>>  Adam Causey
>>>> Virginia Commonwealth University
>>>>
>>>>
>>>   --
>>> You are currently subscribed to [email protected] as: 
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>> --
>>> You are currently subscribed to [email protected] as: 
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>  --
>> You are currently subscribed to [email protected] as: 
>> [email protected]
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to [email protected] as: [email protected]
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to