Hi,

For security reasons, service tickets cannot be reused and expire shortly
(10s by default). So that must be a *quick* manual testing or you must
change your service ticket lifetime configuration.

Best regards,

Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

2014-11-05 15:43 GMT+01:00 Federico Paparoni <[email protected]>:

> I left only the AuthenticationFilter and manually testing doesn't work.
> The log after authentication
>
> 15:39:00,925 INFO  [org.jasig.cas.CentralAuthenticationServiceImpl]
> (http--127.0.0.1-8443-1) Granted service ticket [
> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [
> https://localhost:8443/webappA/index.jsp] for user [casuser]
> 15:39:00,926 INFO  [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1)
> start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET]
> 15:39:00,928 INFO
>  [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> (http--127.0.0.1-8443-1) Audit trail record BEGIN
> =============================================================
> WHO: casuser
> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for
> https://localhost:8443/webappA/index.jsp
> ACTION: SERVICE_TICKET_CREATED
> APPLICATION: CAS
> WHEN: Wed Nov 05 15:39:00 CET 2014
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
>
> Then I browse to the url
> https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp
> Server replies:
>
> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas
> <http://www.yale.edu/tp/cas>*">
> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket '
> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</
> cas:authenticationFailure>
> </cas:serviceResponse>
>
> And this is the log
>
> 15:39:19,024 INFO  [org.jasig.cas.CentralAuthenticationServiceImpl]
> (http--127.0.0.1-8443-1) ServiceTicket [
> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired.
> 15:39:19,025 INFO  [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1)
> start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET]
> 15:39:19,027 INFO
>  [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager]
> (http--127.0.0.1-8443-1) Audit trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org
> ACTION: SERVICE_TICKET_VALIDATE_FAILED
> APPLICATION: CAS
> WHEN: Wed Nov 05 15:39:19 CET 2014
> CLIENT IP ADDRESS: 127.0.0.1
> SERVER IP ADDRESS: 127.0.0.1
> =============================================================
>
> I don't really understand why this simple example doesn't work.
>
>
> 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <[email protected]>:
>
>> Hi,
>>
>> You can use the SAML endpoint, but the new /p3 endpoint is meant to avoid
>> the use of SAML and return the user atributes.
>>
>> Sure it works by testing manually:
>> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy?
>>
>> Best regards,
>>
>>
>>
>> Jérôme LELEU
>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>>
>> 2014-11-05 14:50 GMT+01:00 Federico Paparoni <[email protected]
>> >:
>>
>>> Hi Jérôme,
>>>
>>> I haven't defined/modified anything on the CAS Server. The validation
>>> filter on the webapp is defined so
>>>
>>> <filter>
>>>         <filter-name>CAS Validation Filter</filter-name>
>>>
>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
>>>         <init-param>
>>>             <param-name>casServerUrlPrefix</param-name>
>>>             <param-value>https://localhost:8443/custom-cas</param-value>
>>>         </init-param>
>>>         <init-param>
>>>             <param-name>service</param-name>
>>>             <param-value>https://localhost:8443/webappA/index.jsp
>>> </param-value>
>>>         </init-param>
>>> </filter>
>>>
>>> Same result using p3 url.
>>> Maybe I have to enable something in CAS? SAML as suggested by Alberto?
>>>
>>> --
>>> Federico Paparoni
>>>
>>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni <
>>> [email protected]>:
>>>
>>>> Hi Jérôme,
>>>>
>>>> I haven't defined/modified anything on the CAS Server. The validation
>>>> filter on the webapp is defined so
>>>>
>>>> <filter>
>>>>         <filter-name>CAS Validation Filter</filter-name>
>>>>
>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
>>>>         <init-param>
>>>>             <param-name>casServerUrlPrefix</param-name>
>>>>             <param-value>https://localhost:8443/custom-cas
>>>> </param-value>
>>>>         </init-param>
>>>>         <init-param>
>>>>             <param-name>service</param-name>
>>>>             <param-value>https://localhost:8443/webappA/index.jsp
>>>> </param-value>
>>>>         </init-param>
>>>> </filter>
>>>>
>>>> --
>>>> Federico Paparoni
>>>>
>>>>
>>>>
>>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <[email protected]>:
>>>>
>>>>> Hi,
>>>>>
>>>>> What's the url of the defined endpoint for the service ticket
>>>>> validator? Did you use the /p3 url?
>>>>>
>>>>> Thanks.
>>>>> Best regards,
>>>>>
>>>>>
>>>>> Jérôme LELEU
>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>>>>>
>>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <[email protected]>:
>>>>>
>>>>>> On Wed, 05 Nov 2014 11:12:05 +0100
>>>>>> Federico Paparoni <[email protected]> wrote:
>>>>>>
>>>>>> > Map attributes = principal.getAttributes();
>>>>>> >
>>>>>> > Iterator attributeNames = attributes.keySet().iterator();
>>>>>> > for (; attributeNames.hasNext();) {
>>>>>> >   String attributeName = (String) attributeNames.next();
>>>>>> >   Object attributeValue = attributes.get(attributeName);
>>>>>> >   out.println("attributeName:"+attributeName+"
>>>>>> > attributeValue:"+(String)attributeValue);
>>>>>> > }
>>>>>> >
>>>>>> > but the output is only the username. I think that in default
>>>>>> configuration
>>>>>> > it should show the attributes defined in a static map but it
>>>>>> doesn't work.
>>>>>> > Is there something I have to enable?
>>>>>>
>>>>>> I did roughly the same, but only got that code working after enabling
>>>>>> SAML
>>>>>> attribute release.
>>>>>>
>>>>>> --
>>>>>> Alberto Cabello Sánchez
>>>>>> <[email protected]>
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [email protected] as:
>>>>>> [email protected]
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Federico Paparoni
>>>
>>> Blog -- http://fpaparoni.wordpress.com/
>>> Twitter --  http://twitter.com/fpaparoni
>>>
>>>
>>>
>>>  --
>>> You are currently subscribed to [email protected] as: 
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>
>> --
>> You are currently subscribed to [email protected] as: 
>> [email protected]
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
>
> --
> Federico Paparoni
>
> Blog -- http://fpaparoni.wordpress.com/
> Twitter --  http://twitter.com/fpaparoni
>
>
>
>  --
> You are currently subscribed to [email protected] as: [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to