Jeremie, That is probably your issue. By default CAS Server won't issue a TicketGrantTicket without SSL (https). It's not secure to pass credentials without SSL.
--- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 1/12/15 10:12 AM, Jeremie NATAF wrote: > hi, > there are no certificat, all connection are over http, there are no https > Could we use jasig on http and share connection http ? > tks > > On Mon, Jan 12, 2015 at 7:05 PM, Chris Cheltenham > <[email protected] <mailto:[email protected]>> wrote: > > John, > > > > What are the browser certificates for? > > > > > > > > Thank You, > > > > Chris Cheltenham > > SwainTechs / HHS > > > > Cell# 267-586-2369 <tel:267-586-2369> > > > > *From:*John Gasper [mailto:[email protected] > <mailto:[email protected]>] > *Sent:* Monday, January 12, 2015 11:29 AM > *To:* [email protected] <mailto:[email protected]> > *Subject:* Re: [cas-user] share a connection between application > > > > I can't say that I've seen anything like this before... What > authenticate handlers are you using? > > > --- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > On 1/12/15 5:47 AM, jnataf wrote: > > Hi everybody, > > > > Two webapp applications (webapp1 on tomcat 1 and webapp2 on tomcat 2) > are deployed on two tomcats server. > > > > My problem : > > I can connect on each application with sso, but i can't share > connection betwen the two applications, i have to reconnect each time on the > second application. > > > > the cas server generated alway a new ticket > > > > My use case : > > - i connect to the webapp1 with sso > > - i browse to the webapp2 and i automated redirect to the cas login > page, i have to logon a second time on sso server > > > > thanks for your help > > 2015-01-12 15:12:37,565 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action > 'InitialFlowSetupAction' completed execution; result is 'success' > > 2015-01-12 15:12:37,565 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Action 'PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction' > beginning execution > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Remote User not found in HttpServletRequest. > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Action 'PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction' > completed execution; result is 'error' > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > object with name 'credentials' > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance > of form object class [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of > type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow with name 'credentials' > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > errors for object with name 'credentials' > > 2015-01-12 15:12:37,566 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > > 2015-01-12 15:12:37,567 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors > instance in scope Flash > > 2015-01-12 15:12:37,567 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > 2015-01-12 15:12:37,567 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:37,567 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > 2015-01-12 15:12:42,460 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:42,460 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing bind > > 2015-01-12 15:12:42,460 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow > > 2015-01-12 15:12:42,460 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > > 2015-01-12 15:12:42,461 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding allowed > request parameters in map['username' -> 'nataf1', 'submit' -> 'SE CONNECTER', > '_eventId' -> 'submit', 'service' -> > 'http://portail.intranet.citepro.cite-sciences.fr/c/portal/login?p_l_id=12980', > 'lt' -> > '_c7E1350E9-537B-F296-195A-D28DDFA8017E_k0595A0EE-EC71-239E-AE03-AB417C17634F', > 'password' -> 'secret'] to form object with name 'credentials', pre-bind > formObject toString = [username: null] > > 2015-01-12 15:12:42,461 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is allowed) > > 2015-01-12 15:12:42,461 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed for > form object with name 'credentials', post-bind formObject toString = > [username: nataf1] > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, > details: [] > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing validation > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking validator > org.jasig.cas.validation.UsernamePasswordCredentialsValidator@3b69278 > <mailto:org.jasig.cas.validation.UsernamePasswordCredentialsValidator@3b69278> > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation completed > for form object > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, > details: [] > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors > instance in scope Flash > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > 2015-01-12 15:12:42,462 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:42,463 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form > object with name 'credentials' of type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow > > 2015-01-12 15:12:42,463 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create > TicketGrantingTicket for [username: nataf1] > > 2015-01-12 15:12:42,463 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create > TicketGrantingTicket for [username: nataf1] > > 2015-01-12 15:12:42,480 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully > authenticated the user which provided the following credentials: [username: > nataf1] > > 2015-01-12 15:12:42,480 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Attempting to resolve a principal... > > 2015-01-12 15:12:42,480 DEBUG > [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] > - Creating SimplePrincipal for [nataf1] > > 2015-01-12 15:12:42,481 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket > [TGT-16-cT3RrXO3rcFFM0kUuADGdp2NCPA9hhGnmGgjRmNOK3FsOWHrb4-cas] to registry. > > 2015-01-12 15:12:42,481 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Removed cookie > with name [CASPRIVACY] > > 2015-01-12 15:12:42,481 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > 2015-01-12 15:12:42,481 DEBUG > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action > 'SendTicketGrantingTicketAction' beginning execution > > 2015-01-12 15:12:42,481 DEBUG > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added cookie > with name [CASTGC] and value > [TGT-16-cT3RrXO3rcFFM0kUuADGdp2NCPA9hhGnmGgjRmNOK3FsOWHrb4-cas] > > 2015-01-12 15:12:42,482 DEBUG > [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action > 'SendTicketGrantingTicketAction' completed execution; result is 'success' > > 2015-01-12 15:12:42,482 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action > 'GenerateServiceTicketAction' beginning execution > > 2015-01-12 15:12:42,482 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket > [TGT-16-cT3RrXO3rcFFM0kUuADGdp2NCPA9hhGnmGgjRmNOK3FsOWHrb4-cas] > > 2015-01-12 15:12:42,482 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket > [TGT-16-cT3RrXO3rcFFM0kUuADGdp2NCPA9hhGnmGgjRmNOK3FsOWHrb4-cas] found in > registry. > > 2015-01-12 15:12:42,482 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket > [ST-14-ogdO1bt3aGv9rZ5JIRAs-cas] to registry. > > 2015-01-12 15:12:42,482 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-14-ogdO1bt3aGv9rZ5JIRAs-cas] for service > [http://portail.intranet.citepro.cite-sciences.fr/c/portal/login?p_l_id=12980] > for user [nataf1] > > 2015-01-12 15:12:42,483 DEBUG > [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action > 'GenerateServiceTicketAction' completed execution; result is 'success' > > 2015-01-12 15:12:42,518 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: > http://portail.intranet.citepro.cite-sciences.fr/c/portal/login?p_l_id=12980 > > 2015-01-12 15:12:42,518 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to > retrieve ticket [ST-14-ogdO1bt3aGv9rZ5JIRAs-cas] > > 2015-01-12 15:12:42,518 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket > [ST-14-ogdO1bt3aGv9rZ5JIRAs-cas] found in registry. > > 2015-01-12 15:12:42,519 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing ticket > [ST-14-ogdO1bt3aGv9rZ5JIRAs-cas] from registry > > 2015-01-12 15:12:51,531 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action > 'InitialFlowSetupAction' beginning execution > > 2015-01-12 15:12:51,532 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: > http://portail.intranet.citepro.cite-sciences.fr/bonita/portal/homepage > > 2015-01-12 15:12:51,532 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in > FlowScope: > http://portail.intranet.citepro.cite-sciences.fr/bonita/portal/homepage > > 2015-01-12 15:12:51,532 DEBUG > [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action > 'InitialFlowSetupAction' completed execution; result is 'success' > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Action 'PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction' > beginning execution > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Remote User not found in HttpServletRequest. > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Action 'PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction' > completed execution; result is 'error' > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > object with name 'credentials' > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance > of form object class [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of > type [class > org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope > Flow with name 'credentials' > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form > errors for object with name 'credentials' > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor > registrar set, no custom editors to register > > 2015-01-12 15:12:51,534 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors > instance in scope Flash > > 2015-01-12 15:12:51,534 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > 2015-01-12 15:12:51,534 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' beginning execution > > 2015-01-12 15:12:51,534 DEBUG > [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action > 'AuthenticationViaFormAction' completed execution; result is 'success' > > ~ > > > > > > URL > > for the webapp1 > http://portail.intranet.citepro.cite-sciences.fr/c/portal/login?p_l_id=12980 > > > > and webapp2 > > > > > http://portail.intranet.citepro.cite-sciences.fr/bonita/portal/homepage > > > > we caan see on log when i navigate to the webapp2 > > > > the log Remote User not found > > > > 2015-01-12 15:12:51,533 DEBUG > [org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction] > - Remote User not found in HttpServletRequest. > > > > > > this log can explain the problem ? > > > > > > Thks > > Jeremie > > > > > > > > -- > > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
