Hi, For security reasons, service tickets cannot be reused and expire shortly (10s by default). So that must be a *quick* manual testing or you must change your service ticket lifetime configuration.
Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-11-05 15:43 GMT+01:00 Federico Paparoni <[email protected]>: > I left only the AuthenticationFilter and manually testing doesn't work. > The log after authentication > > 15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > (http--127.0.0.1-8443-1) Granted service ticket [ > ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ > https://localhost:8443/webappA/index.jsp] for user [casuser] > 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) > start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] > 15:39:00,928 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > (http--127.0.0.1-8443-1) Audit trail record BEGIN > ============================================================= > WHO: casuser > WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for > https://localhost:8443/webappA/index.jsp > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Wed Nov 05 15:39:00 CET 2014 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > > Then I browse to the url > https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp > Server replies: > > <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas > <http://www.yale.edu/tp/cas>*"> > <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' > ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ > cas:authenticationFailure> > </cas:serviceResponse> > > And this is the log > > 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] > (http--127.0.0.1-8443-1) ServiceTicket [ > ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. > 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) > start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] > 15:39:19,027 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > (http--127.0.0.1-8443-1) Audit trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Wed Nov 05 15:39:19 CET 2014 > CLIENT IP ADDRESS: 127.0.0.1 > SERVER IP ADDRESS: 127.0.0.1 > ============================================================= > > I don't really understand why this simple example doesn't work. > > > 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <[email protected]>: > >> Hi, >> >> You can use the SAML endpoint, but the new /p3 endpoint is meant to avoid >> the use of SAML and return the user atributes. >> >> Sure it works by testing manually: >> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? >> >> Best regards, >> >> >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> 2014-11-05 14:50 GMT+01:00 Federico Paparoni <[email protected] >> >: >> >>> Hi Jérôme, >>> >>> I haven't defined/modified anything on the CAS Server. The validation >>> filter on the webapp is defined so >>> >>> <filter> >>> <filter-name>CAS Validation Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>> <init-param> >>> <param-name>casServerUrlPrefix</param-name> >>> <param-value>https://localhost:8443/custom-cas</param-value> >>> </init-param> >>> <init-param> >>> <param-name>service</param-name> >>> <param-value>https://localhost:8443/webappA/index.jsp >>> </param-value> >>> </init-param> >>> </filter> >>> >>> Same result using p3 url. >>> Maybe I have to enable something in CAS? SAML as suggested by Alberto? >>> >>> -- >>> Federico Paparoni >>> >>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni < >>> [email protected]>: >>> >>>> Hi Jérôme, >>>> >>>> I haven't defined/modified anything on the CAS Server. The validation >>>> filter on the webapp is defined so >>>> >>>> <filter> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>> <init-param> >>>> <param-name>casServerUrlPrefix</param-name> >>>> <param-value>https://localhost:8443/custom-cas >>>> </param-value> >>>> </init-param> >>>> <init-param> >>>> <param-name>service</param-name> >>>> <param-value>https://localhost:8443/webappA/index.jsp >>>> </param-value> >>>> </init-param> >>>> </filter> >>>> >>>> -- >>>> Federico Paparoni >>>> >>>> >>>> >>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <[email protected]>: >>>> >>>>> Hi, >>>>> >>>>> What's the url of the defined endpoint for the service ticket >>>>> validator? Did you use the /p3 url? >>>>> >>>>> Thanks. >>>>> Best regards, >>>>> >>>>> >>>>> Jérôme LELEU >>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>> >>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <[email protected]>: >>>>> >>>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>>> Federico Paparoni <[email protected]> wrote: >>>>>> >>>>>> > Map attributes = principal.getAttributes(); >>>>>> > >>>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>>> > for (; attributeNames.hasNext();) { >>>>>> > String attributeName = (String) attributeNames.next(); >>>>>> > Object attributeValue = attributes.get(attributeName); >>>>>> > out.println("attributeName:"+attributeName+" >>>>>> > attributeValue:"+(String)attributeValue); >>>>>> > } >>>>>> > >>>>>> > but the output is only the username. I think that in default >>>>>> configuration >>>>>> > it should show the attributes defined in a static map but it >>>>>> doesn't work. >>>>>> > Is there something I have to enable? >>>>>> >>>>>> I did roughly the same, but only got that code working after enabling >>>>>> SAML >>>>>> attribute release. >>>>>> >>>>>> -- >>>>>> Alberto Cabello Sánchez >>>>>> <[email protected]> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> >>>> >>>> >>> >>> >>> -- >>> Federico Paparoni >>> >>> Blog -- http://fpaparoni.wordpress.com/ >>> Twitter -- http://twitter.com/fpaparoni >>> >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > Federico Paparoni > > Blog -- http://fpaparoni.wordpress.com/ > Twitter -- http://twitter.com/fpaparoni > > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
