Thanks for the link. As per the directions. I followed each section exactly as shown. Except as mentioned below:
https://wiki.jasig.org/display/CASUM/SAML+Support+in+CAS+4 Step 1: CHANGED Define samlValidateController bean and map it to /samlValidate URL via handlerMappingC bean in cas-servlet.xml - Verbatim for setting the samlValidateController. The second portion says to add <bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> <property name="mappings"> <props> ... <prop key="/samlValidate">samlValidateController</prop> In my configuration file, it contained <util:properties> as opposed to <props>. If I added <props> and placed things there, it totally failed. So, I set is as follows: <bean id="handlerMappingC" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping" p:alwaysUseFullPath="true"> <property name="mappings"> <util:properties> <prop key="/samlValidate">samlValidateController</prop> .... Step 2: Done Add the servlet mapping for /samlValidate URL in the web.xml file: Step 3: Done Step 4: Done I made both changes exactly as stated setting the "value" portion to localhost:8443. I also tried PitonyakVM-02:8443. Step 5: Done... When I attempt to login from my client, I see the following error: CAS is Unavailable There was an error trying to complete your request. Please notify your support desk or try again. The log files look sane enough: 10-Nov-2014 16:33:42.216 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version: Apache Tomcat/8.0.14 10-Nov-2014 16:33:42.221 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built: Sep 24 2014 09:01:51 10-Nov-2014 16:33:42.222 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server number: 8.0.14.0 10-Nov-2014 16:33:42.222 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name: Windows 7 10-Nov-2014 16:33:42.223 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version: 6.1 10-Nov-2014 16:33:42.223 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture: amd64 10-Nov-2014 16:33:42.224 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version: 1.7.0_51-b13 10-Nov-2014 16:33:42.224 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor: Oracle Corporation 10-Nov-2014 16:33:42.605 INFO [main] org.apache.catalina.core.AprLifecycleListener.init Loaded APR based Apache Tomcat Native library 1.1.31 using APR version 1.4.8. 10-Nov-2014 16:33:42.606 INFO [main] org.apache.catalina.core.AprLifecycleListener.init APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 10-Nov-2014 16:33:43.479 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized (OpenSSL 1.0.1h 5 Jun 2014) 10-Nov-2014 16:33:43.662 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-apr-8080"] 10-Nov-2014 16:33:43.704 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8443"] 10-Nov-2014 16:33:44.056 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 10-Nov-2014 16:33:44.064 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-apr-8009"] 10-Nov-2014 16:33:44.070 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 2031 ms 10-Nov-2014 16:33:44.169 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina 10-Nov-2014 16:33:44.170 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.14 10-Nov-2014 16:33:44.267 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive Z:\home\Programs\Win\CAS \apache-tomcat-8.0.14\webapps\cas-server-webapp-4.0.0.war 2014-11-10 16:34:44,956 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services.> 2014-11-10 16:34:57,844 INFO [org.jasig.cas.util.AutowiringSchedulerFactoryBean] - <Starting Quartz Scheduler now> 2014-11-10 16:35:06,664 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Beginning ticket cleanup.> 2014-11-10 16:35:06,751 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 tickets found to be removed.> 2014-11-10 16:35:06,756 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished ticket cleanup.> 10-Nov-2014 16:35:07.163 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\cas-server-webapp-4.0.0.war has finished in 82,895 ms 10-Nov-2014 16:35:07.168 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\examples 10-Nov-2014 16:35:11.538 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\examples has finished in 4,370 ms 10-Nov-2014 16:35:11.538 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\manager 10-Nov-2014 16:35:11.775 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\manager has finished in 237 ms 10-Nov-2014 16:35:11.776 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\host-manager 10-Nov-2014 16:35:11.972 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\host-manager has finished in 196 ms 10-Nov-2014 16:35:11.976 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\ROOT 10-Nov-2014 16:35:12.172 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\ROOT has finished in 196 ms 10-Nov-2014 16:35:12.173 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\docs 10-Nov-2014 16:35:12.364 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory Z:\home\Programs\Win\CAS\apache-tomcat-8.0.14\webapps\docs has finished in 191 ms 10-Nov-2014 16:35:12.375 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-apr-8080"] 10-Nov-2014 16:35:12.407 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8443"] 10-Nov-2014 16:35:12.409 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-apr-8009"] 10-Nov-2014 16:35:12.410 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 88337 ms 2014-11-10 16:36:47,671 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2014-11-10 16:36:47,671 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services.> 2014-11-10 16:36:51,174 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /cas-server-webapp-4.0.0/> If I undo Step 5 and remove the <value>saml_views</value>, then I am able to make it to the login screen and authenticate, at which point, I receive the error message CAS is Unavailable There was an error trying to complete your request. Please notify your support desk or try again. This is output 2014-11-10 16:47:29,377 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: /cas-server-webapp-4.0.0/> 2014-11-10 16:47:37,640 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <AcceptUsersAuthenticationHandler successfully authenticated casus er+password> 2014-11-10 16:47:37,679 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - <Authenticated casuser with credentials [casuser+password].> 2014-11-10 16:47:37,738 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: supplied credentials: [casuser+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Mon Nov 10 16:47:37 EST 2014 CLIENT IP ADDRESS: fe80:0:0:0:e169:de3a:6a9f:b7da%14 SERVER IP ADDRESS: fe80:0:0:0:e169:de3a:6a9f:b7da%14 ============================================================= > 2014-11-10 16:47:37,796 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-1-SamNwOrImRtyK2QkiZ4yxFcCwgYObcpbRgHaPbZfacWnpt4KZO-PitonyakVM-02 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Mon Nov 10 16:47:37 EST 2014 CLIENT IP ADDRESS: fe80:0:0:0:e169:de3a:6a9f:b7da%14 SERVER IP ADDRESS: fe80:0:0:0:e169:de3a:6a9f:b7da%14 ============================================================= Do I need to edit the saml_views.properties file? From: John Gasper [mailto:[email protected]] Sent: Monday, November 10, 2014 12:01 PM To: [email protected] Subject: Re: [cas-user] Configure CAS 4 to redirect back to client OK, you are using the SAML 1.1 protocol support. Did you wire in the saml11 support in the spring-configuration/ argumentExtractorsConfiguration.xml? See, http://jasig.github.io/cas/4.0.0/protocol/SAML-Protocol.html, SAML Argument Extractor. --- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 11/10/14 8:38 AM, Pitonyak, Andrew D wrote: While navigating to the login page, I have the following: https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html After login, I have the following: https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=8D94A04A840871AC67C9885A70239DDD?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html I even tried changing my server name (for the client) and I have these: While redirecting TO CAS: https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html While login page is displayed: https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html After I login and am looking at the CAS page that says "hey, you logged in" https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html A single URL decode yields this (more readable) https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html Of course, that final parameter decodes to /CM2S.html (not that it probably matters). From: John Gasper [mailto:[email protected]] Sent: Monday, November 10, 2014 11:22 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] Configure CAS 4 to redirect back to client Hi Andrew, What's the service= querystring parameter look like when you are sitting at the CAS login page after your client redirected you to CAS Server? --- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 11/10/14 7:58 AM, Pitonyak, Andrew D wrote: I have a .NET client that uses CAS single sign on. When I hit CAS 3.x setup by someone else, I redirect to CAS, authenticate to CAS and then redirect back to my site. I setup a CAS 4 server on my local machine to test in development. In Windows, I installed tomcat 8.0.14 (the latest). I then auto-deployed CAS mostly out-of-the box no changes made from the original I can navigate directly to the site and login using the default "casuser / Mellon" credentials. (note that my machine name is pitonyakvm-02 and everything is running locally for this test). https://pitonyakvm-02:8443<https://pitonyakvm-02:8443/>/cas-server-webapp-4.0.0/login<http://localhost:8080/cas-server-webapp-4.0.0/login> When I use my client to login, it properly redirects to CAS, CAS shows the login page, I use the default credentials, I am then told that I authenticated but I do not redirect back to my client. Did I miss a simple property that tells CAS to redirect back after login rather than simply showing the screen that tells me that I successfully authenticated? I assume that my client is sending the correct things since I am able to hit the 3.x version, login, and redirect back correctly. In this case, CAS is external to my machine. My first thought is that I need to change something in the login-webflow.xml, but I thought that it was configured by default to redirect. Is it possible that tomcat deploys by default to not allow redirections? [cid:[email protected]] Andrew D. Pitonyak Principal Research Scientist Health & Analytics 505 King Avenue, Columbus, OH 43201 P: 614-424-5252 -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
