I finally solved this issue. The previous developer working on our CAS system setup a different prefix path for the UrlBasedViewResolver than the default, and a side effect was that the JSP in which clearpass returns the response could not be found. This was causing a 404 error, and hence the password was not returned.
On Wed, Oct 22, 2014 at 1:46 PM, Adam Causey <[email protected]> wrote: > Thanks for all of the replies. I've narrowed it down now to an issue with > the jsp not being found, although it is where it should be on the file > system. It's going to take some additional digging to see why the jsp path > is apparently including the context, which seems to be the issue here. > > HTTP Status 404 - > /cas/WEB-INF/view/jsp/default/ui/protocol/clearPass/clearPassSuccess.jsp >> >> > thanks, > Adam > > > On Wed, Oct 22, 2014 at 11:50 AM, John Gasper <[email protected]> wrote: > >> At this point, if you can't bump the logging to get more information >> about the cause of the error, then you might need to attach a debugger to >> your container and step through some code. >> >> >> On 10/21/14 12:10 PM, Adam Causey wrote: >> >> John, >> >> As far as I know I am sending the newly acquired proxy ticket, however >> I did notice that my proxy tickets are prefixed with ST which is not what >> the example shows. >> >> I followed the steps found on the Proxy CAS Walkthrough >> <https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough> page using >> the clearPass URL as the targetService in Step Four, and in Step Five I >> verified the ticket by calling proxyValidate with the clearPass URL as the >> service and the ticket I received from Step Four as the ticket. >> >> Step Five produced the result below, which seems to indicate that the >> ticket was valid. However, if I call the clearPass URL with the ticket >> appended I get the 'invalid ticket' error in the logs. This tells me the >> backend call that the clearPass endpoint is making is where the failure is >> occurring. >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationSuccess> >> <cas:user>apcausey</cas:user> >> <cas:proxies> >> >> <cas:proxy>https://dev.vcu.edu/cas-test/proxyCallback</cas:proxy> >> </cas:proxies> >> </cas:authenticationSuccess></cas:serviceResponse> >> >> Thanks! >> >> Adam >> >> >> >> On Tue, Oct 21, 2014 at 12:54 PM, John Gasper <[email protected]> wrote: >> >>> Adam, >>> >>> Are you sending the calling application's originally requested service >>> ticket or are you sending a newly acquired proxy ticket to clearPass? >>> >>> John >>> >>> --- >>> *John Gasper* >>> IAM Consultant >>> Unicon, Inc. >>> PGP/GPG Key: 0xbafee3ef >>> >>> On 10/21/14 8:53 AM, Adam Causey wrote: >>> >>> I'm still having issues with clearPass not recognizing the service >>> ticket when I call the /clearPass endpoint. I ran through the 'Proxy CAS >>> Walkthrough' instructions to make sure that proxying is setup correctly and >>> that I understand it better. >>> >>> Is my understanding correct that all I should have to do is treat the >>> /clearPass endpoint as I would a normal proxied service even though it is >>> on the CAS server itself? >>> >>> I followed the instructions for setting up clear pass to the tooth and >>> have re-checked my configuration. >>> >>> Does anyone using clearPass have any suggestions, or is it not widely >>> implemented? >>> >>> Thanks, >>> Adam >>> >>> >>> >>> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey <[email protected]> wrote: >>> >>>> I'm attempting to setup clearpass in CAS 3.5.2. I've followed the >>>> instructions found here: https://wiki.jasig.org/display/casum/clearpass >>>> . However, it my test client when I call the /clearPass endpoint I get a >>>> 404 Not Found response. >>>> >>>> I checked to make sure the /clearPass is being mapping with the >>>> defined HandlerMapping in clearpass-configuration.xml, and everything looks >>>> fine. There are no errors in my logs. >>>> >>>> Any advice on getting this setup? >>>> >>>> Thanks! >>>> >>>> Adam Causey >>>> Virginia Commonwealth University >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
