I finally succeeded in getting attributes setting ignoreAttributes flag on default bean org.jasig.cas.services.RegisteredServiceImpl Thanks for the help to everybody.
Cheers, Federico 2014-11-06 10:13 GMT+01:00 Federico Paparoni <[email protected]>: > I didn't modify anything on CAS configuration, using maven overlay I only > configured an external cas.properteis. > The deployerConfigContext.xml is this http://pastebin.com/8NS6g3Zv > Where I have to put ignoreAttributes flag? > > -- > > Federico Paparoni > > > 2014-11-06 10:05 GMT+01:00 Jérôme LELEU <[email protected]>: > >> Hi, >> >> It seems so: did you configure the ignoreAttributes flag for your >> services (it means all attributes must be returned)? >> >> Thanks. >> Best regards, >> >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> 2014-11-06 9:46 GMT+01:00 Federico Paparoni <[email protected]> >> : >> >>> Ok I modified timeout and now using the /ps/serviceValidate url I >>> receive this response >>> >>> - >>> <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> >>> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >>> <http://www.yale.edu/tp/cas>*"> >>> - >>> <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> >>> <cas:authenticationSuccess> >>> <cas:user>casuser</cas:user> >>> </cas:authenticationSuccess> >>> </cas:serviceResponse> >>> >>> Attributes aren't in the response. So the problem is with CAS >>> configuration (default) ? >>> >>> -- >>> >>> Federico >>> >>> >>> 2014-11-05 16:11 GMT+01:00 Jérôme LELEU <[email protected]>: >>> >>>> Hi, >>>> >>>> For security reasons, service tickets cannot be reused and expire >>>> shortly (10s by default). So that must be a *quick* manual testing or >>>> you must change your service ticket lifetime configuration. >>>> >>>> Best regards, >>>> >>>> Jérôme LELEU >>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>> >>>> 2014-11-05 15:43 GMT+01:00 Federico Paparoni < >>>> [email protected]>: >>>> >>>>> I left only the AuthenticationFilter and manually testing doesn't >>>>> work. >>>>> The log after authentication >>>>> >>>>> 15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>>>> (http--127.0.0.1-8443-1) Granted service ticket [ >>>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ >>>>> https://localhost:8443/webappA/index.jsp] for user [casuser] >>>>> 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>>>> start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] >>>>> 15:39:00,928 INFO >>>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>>>> ============================================================= >>>>> WHO: casuser >>>>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for >>>>> https://localhost:8443/webappA/index.jsp >>>>> ACTION: SERVICE_TICKET_CREATED >>>>> APPLICATION: CAS >>>>> WHEN: Wed Nov 05 15:39:00 CET 2014 >>>>> CLIENT IP ADDRESS: 127.0.0.1 >>>>> SERVER IP ADDRESS: 127.0.0.1 >>>>> ============================================================= >>>>> >>>>> >>>>> Then I browse to the url >>>>> https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp >>>>> Server replies: >>>>> >>>>> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >>>>> <http://www.yale.edu/tp/cas>*"> >>>>> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' >>>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ >>>>> cas:authenticationFailure> >>>>> </cas:serviceResponse> >>>>> >>>>> And this is the log >>>>> >>>>> 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>>>> (http--127.0.0.1-8443-1) ServiceTicket [ >>>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. >>>>> 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>>>> start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] >>>>> 15:39:19,027 INFO >>>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>>>> ============================================================= >>>>> WHO: audit:unknown >>>>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org >>>>> ACTION: SERVICE_TICKET_VALIDATE_FAILED >>>>> APPLICATION: CAS >>>>> WHEN: Wed Nov 05 15:39:19 CET 2014 >>>>> CLIENT IP ADDRESS: 127.0.0.1 >>>>> SERVER IP ADDRESS: 127.0.0.1 >>>>> ============================================================= >>>>> >>>>> I don't really understand why this simple example doesn't work. >>>>> >>>>> >>>>> 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <[email protected]>: >>>>> >>>>>> Hi, >>>>>> >>>>>> You can use the SAML endpoint, but the new /p3 endpoint is meant to >>>>>> avoid the use of SAML and return the user atributes. >>>>>> >>>>>> Sure it works by testing manually: >>>>>> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? >>>>>> >>>>>> Best regards, >>>>>> >>>>>> >>>>>> >>>>>> Jérôme LELEU >>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>>> >>>>>> 2014-11-05 14:50 GMT+01:00 Federico Paparoni < >>>>>> [email protected]>: >>>>>> >>>>>>> Hi Jérôme, >>>>>>> >>>>>>> I haven't defined/modified anything on the CAS Server. The >>>>>>> validation filter on the webapp is defined so >>>>>>> >>>>>>> <filter> >>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>> >>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>> <init-param> >>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>> <param-value>https://localhost:8443/custom-cas >>>>>>> </param-value> >>>>>>> </init-param> >>>>>>> <init-param> >>>>>>> <param-name>service</param-name> >>>>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>>>> </param-value> >>>>>>> </init-param> >>>>>>> </filter> >>>>>>> >>>>>>> Same result using p3 url. >>>>>>> Maybe I have to enable something in CAS? SAML as suggested by >>>>>>> Alberto? >>>>>>> >>>>>>> -- >>>>>>> Federico Paparoni >>>>>>> >>>>>>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni < >>>>>>> [email protected]>: >>>>>>> >>>>>>>> Hi Jérôme, >>>>>>>> >>>>>>>> I haven't defined/modified anything on the CAS Server. The >>>>>>>> validation filter on the webapp is defined so >>>>>>>> >>>>>>>> <filter> >>>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>>> >>>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>>> <init-param> >>>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>>> <param-value>https://localhost:8443/custom-cas >>>>>>>> </param-value> >>>>>>>> </init-param> >>>>>>>> <init-param> >>>>>>>> <param-name>service</param-name> >>>>>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>>>>> </param-value> >>>>>>>> </init-param> >>>>>>>> </filter> >>>>>>>> >>>>>>>> -- >>>>>>>> Federico Paparoni >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <[email protected]>: >>>>>>>> >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> What's the url of the defined endpoint for the service ticket >>>>>>>>> validator? Did you use the /p3 url? >>>>>>>>> >>>>>>>>> Thanks. >>>>>>>>> Best regards, >>>>>>>>> >>>>>>>>> >>>>>>>>> Jérôme LELEU >>>>>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: >>>>>>>>> @leleuj >>>>>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: >>>>>>>>> www.pac4j.org >>>>>>>>> >>>>>>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez < >>>>>>>>> [email protected]>: >>>>>>>>> >>>>>>>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>>>>>>> Federico Paparoni <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>> > Map attributes = principal.getAttributes(); >>>>>>>>>> > >>>>>>>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>>>>>>> > for (; attributeNames.hasNext();) { >>>>>>>>>> > String attributeName = (String) attributeNames.next(); >>>>>>>>>> > Object attributeValue = attributes.get(attributeName); >>>>>>>>>> > out.println("attributeName:"+attributeName+" >>>>>>>>>> > attributeValue:"+(String)attributeValue); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > but the output is only the username. I think that in default >>>>>>>>>> configuration >>>>>>>>>> > it should show the attributes defined in a static map but it >>>>>>>>>> doesn't work. >>>>>>>>>> > Is there something I have to enable? >>>>>>>>>> >>>>>>>>>> I did roughly the same, but only got that code working after >>>>>>>>>> enabling SAML >>>>>>>>>> attribute release. >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Alberto Cabello Sánchez >>>>>>>>>> <[email protected]> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> You are currently subscribed to [email protected] as: >>>>>>>>>> [email protected] >>>>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Federico Paparoni >>>>>>> >>>>>>> Blog -- http://fpaparoni.wordpress.com/ >>>>>>> Twitter -- http://twitter.com/fpaparoni >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Federico Paparoni >>>>> >>>>> Blog -- http://fpaparoni.wordpress.com/ >>>>> Twitter -- http://twitter.com/fpaparoni >>>>> >>>>> >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> >>> >>> -- >>> Federico Paparoni >>> >>> Blog -- http://fpaparoni.wordpress.com/ >>> Twitter -- http://twitter.com/fpaparoni >>> >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
