Hi Misagh, I solved my problems with attributes and SAML protocol. Now, I need to understand how to implements a right logout and slo for my app clients in Java. My configuration is this one:
1. CAS Server into VM 2. Java Cas Client webapp1 into other VM; 3. Java Cas Client webapp2 into other VM; 4. ... 5. Java Cas Client webappN into other VM. I launch webapp1 and I are redirect to login Cas Server, authentication and attributes are send back to webapp1 correctly. If I acces to webapp2..N I am logging right with the same user. Now if user click logout into one of webapp1...N I want to redirect to login page of webapp1...N and that user can't access to sso without do login. How to do this? Thanks Gianluca Il giorno venerdì 15 maggio 2015 16:32:32 UTC+2, Misagh Moayyed ha scritto: > > Here is an example on how to configure the SAML authn and validation > filters in your app: > > > https://github.com/UniconLabs/cas-sample-java-webapp/blob/master/src/main/webapp/WEB-INF/web.xml > > > > > > *From:* Misagh Moayyed [mailto:[email protected] <javascript:>] > *Sent:* Friday, May 15, 2015 7:29 AM > *To:* [email protected] <javascript:> > *Subject:* Re: [cas-user] Empty Attribute Map > > > > If your app is protected by the Java CAS client, you have a number of > options: > > > > 1. Use SAML validation and authentication filters, or > > > > 2. Modify the CAS server's validation jsp to return attributes, or > > > > 3. Use the validator in CAS client 3.4.0 (for which you will need to > download the client code, build the jar and include it in the app for now) > that allows you to point to /p3/serviceValidate > > > > #1 would probably be the easiest to configure for now. > ------------------------------ > > *From: *"Gianluca Diodato" <[email protected] <javascript:>> > *To: *[email protected] <javascript:> > *Cc: *[email protected] <javascript:>, [email protected] > <javascript:> > *Sent: *Friday, May 15, 2015 5:57:08 AM > *Subject: *Re: [cas-user] Empty Attribute Map > > Ok, I understand now in effect into ticketExpirationPolicies.xml I can > read 1 time use of ticket. > > So, what is the right choice to do in order to retrieve my own attributes > for my service after login from my client java webapp? > > > > thanks > > Gianluca > > Il giorno venerdì 15 maggio 2015 14:47:07 UTC+2, Misagh Moayyed ha scritto: > > Because you are validating the same ticket id twice. > > > > Your java webapp receives ST-4 and validates it. When a ST is validated, > it is expired and thus removed. Then, you attempt to execute the same > operation in your browser, which causes validation to fail. STs can be only > be used once, unless you change the expiration policy for STs. > > > > *From:* Gianluca Diodato [mailto:[email protected]] > *Sent:* Friday, May 15, 2015 5:44 AM > *To:* [email protected] > *Cc:* [email protected]; [email protected] > *Subject:* Re: [cas-user] Empty Attribute Map > > > > Hi Misagh, > > why you said I have 2 requests to validate the same ticket?? > > I don't understand... > > In the log that I posted there are a SERVICE_TICKET_VALIDATED (after login > from my java webapp client side) and a SERVICE_TICKET_VALIDATE_FAILED (from > my browser client side when I tried to access this url > https://cas_server/cas/p3/serviceValidate?ticket= > ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > <http://st-4-yagp66sconktxo1v5zct-cassso.smartcampus.org/>&service= > http://localhost:8080/Campus/mainpage.jsp > <http://www.google.com/url?q=http%3A%2F%2Flocalhost%3A8080%2FCampus%2Fmainpage.jsp&sa=D&sntz=1&usg=AFQjCNGR0ce21s5VKuT8uLduzW-gGTU7kg> > ). > > > > What Wrong? > > > > Gianluca > > > > Il giorno venerdì 15 maggio 2015 14:03:41 UTC+2, Misagh Moayyed ha scritto: > > Your CAS client is attempting to resuse a service ticket, or it’s > submitting the same request twice. It validates ST-4 and about a minute > later it attempts to validate it again. That won’t work. > > > > Monitor traffic and see why you have two requests to validate the same > ticket. > > > > *From:* Gianluca Diodato [mailto:[email protected]] > *Sent:* Friday, May 15, 2015 4:44 AM > *To:* [email protected] > *Cc:* [email protected]; [email protected] > *Subject:* Re: [cas-user] Empty Attribute Map > > > > Hi Misagh, > This is my last test with deployerConfigContext.xml file. > Anyway I don't access to any serviceValidate page (Cas2,Cas3,Saml). > When I'm trying to acces I have always this answer: > > 2015-05-15 13:18:23,465 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:18:23,465 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:18:23,465 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.*> > 2015-05-15 13:18:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:19:31,657 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org]> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ > ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org] found in registry.> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.services.support.RegisteredServiceDefaultAttributeFilter] - > <Found attribute [first_name] in the list of allowed attributes for service > [Test CAS]> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Principal id to return > for service [Test CAS] is [[email protected]]. The default principal > id is [[email protected]].> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ > ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org] from registry> > 2015-05-15 13:19:31,658 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org]> > 2015-05-15 13:19:31,658 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > ACTION: SERVICE_TICKET_VALIDATED > APPLICATION: CAS > WHEN: Fri May 15 13:19:31 CEST 2015 > CLIENT IP ADDRESS: 146.48.89.203 > SERVER IP ADDRESS: 146.48.89.135 > ============================================================= > > > > 2015-05-15 13:19:31,659 DEBUG > [org.jasig.cas.web.ServiceValidateController] - <Successfully validated > service ticket ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org for > service [http://localhost:8080/Campus/mainpage.jsp]> > 2015-05-15 13:20:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:20:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:20:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.*> > 2015-05-15 13:20:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:22:23,465 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:22:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:22:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.*> > 2015-05-15 13:22:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:24:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered > services.> > 2015-05-15 13:24:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:24:23,466 DEBUG > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Adding registered > service http://localhost:8080/SmartMobility/.*> > 2015-05-15 13:24:23,466 INFO > [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 2 services.> > 2015-05-15 13:25:08,452 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated > service for: http://localhost:8080/Campus/mainpage.jsp> > 2015-05-15 13:25:08,452 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org]> > 2015-05-15 13:25:08,453 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ > ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org] does not exist.> > 2015-05-15 13:25:08,453 DEBUG > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to > retrieve ticket [ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org]> > 2015-05-15 13:25:08,453 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: audit:unknown > WHAT: ST-4-yaGp66SconKtxo1v5ZCt-cassso.smartcampus.org > ACTION: SERVICE_TICKET_VALIDATE_FAILED > APPLICATION: CAS > WHEN: Fri May 15 13:25:08 CEST 2015 > CLIENT IP ADDRESS: 146.48.89.203 > SERVER IP ADDRESS: 146.48.89.135 > ============================================================= > > > > 2015-05-15 13:25:08,453 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:custom_messages_en] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:custom_messages] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <No properties file > found for [classpath:messages_en] - neither plain properties nor XML> > 2015-05-15 13:25:08,454 DEBUG > [org.jasig.cas.web.view.CasReloadableMessageBundle] - <Re-caching > properties for filename [classpath:messages] - file hasn't been modified> > > I modified expiredtimeout of ticket from 10 seconds to 600 seconds in > ticketExpirationPolicies.xml, but doesn't work. > > Best > Gianluca > > Il giorno venerdì 15 maggio 2015 11:12:56 UTC+2, Misagh Moayyed ha scritto: > > Are you allowing attributes for release? Is your client talking to > /p3/serviceValidate? > > > > *From:* Gianluca Diodato [mailto:[email protected]] > *Sent:* Friday, May 15, 2015 1:41 AM > *To:* [email protected] > *Subject:* Re:[cas-user] Empty Attribute Map > > > > Same problem with Java Cas Client but no answers yet from community.. > > I'm almost depressed. > > > > Gianluca > > Il giorno giovedì 14 maggio 2015 12:33:26 UTC+2, Luís Lobo ha scritto: > > Hi! > > > > I am using CAS Server version 4.0.1 and I am having trouble with the > attributes. The problem is that in the client side (phpCAS) the attribute > map is empty. > > > > The relevant parts in my deployerConfigContext.xml are: > > <bean id="authenticationManager" class= > "org.jasig.cas.authentication.PolicyBasedAuthenticationManager"> > <constructor-arg> > <map> > <entry key-ref="userAuthHandler" value-ref="principalResolver" > /> > </map> > </constructor-arg> > > <property name="authenticationPolicy"> > <bean class="org.jasig.cas.authentication.AnyAuthenticationPolicy" > /> > </property> > </bean> > > > > The principal resolver is declared as: > > <bean id="personAttributeDao" > class= > "org.jasig.services.persondir.support.jdbc.SingleRowJdbcPersonAttributeDao" > > > <constructor-arg index="0" ref="dataSource" /> > <constructor-arg index="1" value="${auth.resolverSql}" /> > <property name="queryAttributeMapping"> > <map> > <entry key="username" value="username" /> > </map> > </property> > <property name="resultAttributeMapping"> > <map> > <entry key="login" value="login" /> > <entry key="client_id" value="client_id" /> > </map> > </property> > </bean> > > <bean id="principalResolver" > class= > "org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver" > p:principalAttributeName="username" > p:attributeRepository-ref="personAttributeDao" > p:returnNullIfNoAttributes="true" /> > > > The relevant log line in the console is: > > ... -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
