If your app is protected by the Java CAS client, you have a number of options:
1. Use SAML validation and authentication filters, or 2. Modify the CAS server's validation jsp to return attributes, or 3. Use the validator in CAS client 3.4.0 (for which you will need to download the client code, build the jar and include it in the app for now) that allows you to point to /p3/serviceValidate #1 would probably be the easiest to configure for now. ----- Original Message ----- From: "Gianluca Diodato" <[email protected]> To: [email protected] Cc: [email protected], [email protected] Sent: Friday, May 15, 2015 5:57:08 AM Subject: Re: [cas-user] Empty Attribute Map Ok, I understand now in effect into ticketExpirationPolicies.xml I can read 1 time use of ticket. So, what is the right choice to do in order to retrieve my own attributes for my service after login from my client java webapp? thanks Gianluca Il giorno venerdì 15 maggio 2015 14:47:07 UTC+2, Misagh Moayyed ha scritto: Because you are validating the same ticket id twice. Your java webapp receives ST-4 and validates it. When a ST is validated, it is expired and thus removed. Then, you attempt to execute the same operation in your browser, which causes validation to fail. STs can be only be used once, unless you change the expiration policy for STs. From: Gianluca Diodato [mailto: [email protected] ] Sent: Friday, May 15, 2015 5:44 AM To: [email protected] Cc: [email protected] ; [email protected] Subject: Re: [cas-user] Empty Attribute Map Hi Misagh, why you said I have 2 requests to validate the same ticket?? I don't understand... In the log that I posted there are a SERVICE_TICKET_VALIDATED (after login from my java webapp client side) and a SERVICE_TICKET_VALIDATE_FAILED (from my browser client side when I tried to access this url https://cas_server/cas/p3/serviceValidate?ticket= ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org &service= http://localhost:8080/Campus/mainpage.jsp ). What Wrong? Gianluca Il giorno venerdì 15 maggio 2015 14:03:41 UTC+2, Misagh Moayyed ha scritto: <blockquote> Your CAS client is attempting to resuse a service ticket, or it’s submitting the same request twice. It validates ST-4 and about a minute later it attempts to validate it again. That won’t work. Monitor traffic and see why you have two requests to validate the same ticket. From: Gianluca Diodato [mailto: [email protected] ] Sent: Friday, May 15, 2015 4:44 AM To: [email protected] Cc: [email protected] ; [email protected] Subject: Re: [cas-user] Empty Attribute Map Hi Misagh, This is my last test with deployerConfigContext.xml file. Anyway I don't access to any serviceValidate page (Cas2,Cas3,Saml). When I'm trying to acces I have always this answer: 2015-05-15 13:18:23,465 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:18:23,465 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:18:23,465 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.* > 2015-05-15 13:18:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:19:31,657 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ]> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ] found in registry.> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - <Found attribute [first_name] in the list of allowed attributes for service [Test CAS]> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return for service [Test CAS] is [ [email protected] ]. The default principal id is [ [email protected] ].> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ] from registry> 2015-05-15 13:19:31,658 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ]> 2015-05-15 13:19:31,658 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ACTION: SERVICE_TICKET_VALIDATED APPLICATION: CAS WHEN: Fri May 15 13:19:31 CEST 2015 CLIENT IP ADDRESS: 146.48.89.203 SERVER IP ADDRESS: 146.48.89.135 ============================================================= > 2015-05-15 13:19:31,659 DEBUG [org.jasig.cas.web.ServiceValidateController] - <Successfully validated service ticket ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org for service [ http://localhost:8080/Campus/mainpage.jsp ]> 2015-05-15 13:20:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:20:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:20:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.* > 2015-05-15 13:20:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:22:23,465 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:22:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:22:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.* > 2015-05-15 13:22:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:24:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2015-05-15 13:24:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:24:23,466 DEBUG [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered service http://localhost:8080/SmartMobility/.* > 2015-05-15 13:24:23,466 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> 2015-05-15 13:25:08,452 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/Campus/mainpage.jsp > 2015-05-15 13:25:08,452 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ]> 2015-05-15 13:25:08,453 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ] does not exist.> 2015-05-15 13:25:08,453 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ]> 2015-05-15 13:25:08,453 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Fri May 15 13:25:08 CEST 2015 CLIENT IP ADDRESS: 146.48.89.203 SERVER IP ADDRESS: 146.48.89.135 ============================================================= > 2015-05-15 13:25:08,453 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages_en] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:custom_messages] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file found for [classpath:messages_en] - neither plain properties nor XML> 2015-05-15 13:25:08,454 DEBUG [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Re-caching properties for filename [classpath:messages] - file hasn't been modified> I modified expiredtimeout of ticket from 10 seconds to 600 seconds in ticketExpirationPolicies.xml, but doesn't work. Best Gianluca Il giorno venerdì 15 maggio 2015 11:12:56 UTC+2, Misagh Moayyed ha scritto: <blockquote> Are you allowing attributes for release? Is your client talking to /p3/serviceValidate? From: Gianluca Diodato [ mailto:[email protected] ] Sent: Friday, May 15, 2015 1:41 AM To: [email protected] Subject: Re:[cas-user] Empty Attribute Map Same problem with Java Cas Client but no answers yet from community.. I'm almost depressed. Gianluca Il giorno giovedì 14 maggio 2015 12:33:26 UTC+2, Luís Lobo ha scritto: <blockquote> Hi! I am using CAS Server version 4.0.1 and I am having trouble with the attributes. The problem is that in the client side (phpCAS) the attribute map is empty. The relevant parts in my deployerConfigContext.xml are: <bean id = "authenticationManager" class = "org.jasig.cas.authentication.PolicyBasedAuthenticationManager" > <constructor-arg> <map> <entry key-ref = "userAuthHandler" value-ref = "principalResolver" /> </map> </constructor-arg> <property name = "authenticationPolicy" > <bean class = "org.jasig.cas.authentication.AnyAuthenticationPolicy" /> </property> </bean> The principal resolver is declared as: <bean id = "personAttributeDao" class = "org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" > <constructor-arg index = "0" ref = "dataSource" /> <constructor-arg index = "1" value = "${auth.resolverSql}" /> <property name = "queryAttributeMapping" > <map> <entry key = "username" value = "username" /> </map> </property> <property name = "resultAttributeMapping" > <map> <entry key = "login" value = "login" /> <entry key = "client_id" value = "client_id" /> </map> </property> </bean> <bean id = "principalResolver" class = "org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" p:principalAttributeName = "username" p:attributeRepository-ref = "personAttributeDao" p:returnNullIfNoAttributes = "true" /> The relevant log line in the console is: 2015 - 05 - 14 11 : 33 : 41 , 370 INFO [ org . jasig . cas . authentication . PolicyBasedAuthenticationManager ] - < Authenticated [email protected] with credentials [< username >+ password ].> 2015 - 05 - 14 11 : 33 : 41 , 370 DEBUG [ org . jasig . cas . authentication . PolicyBasedAuthenticationManager ] - < Attribute map for </blockquote> </blockquote> ... </blockquote> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
