It’s because the service in your registry (svc mgmt) is set to disallow proxy. Set allowToProxy=true for that entry, assuming you’re running 3.5.x.
From: Thibault Huguet [mailto:[email protected]] Sent: Monday, June 8, 2015 10:07 AM To: [email protected] Subject: [cas-user] help with org.jasig.cas.client.validation.ProxyList Hello, i'm trying to setup CAS for PWM. in my clearpass-configuration.xml i have those beans as per the doc: <bean id="casValidationFilter" class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" p:serverName="${server.name <http://server.name> }" p:exceptionOnValidationFailure="false" p:useSession="true" p:ticketValidator-ref="clearPassTicketValidator" /> <bean id="clearPassTicketValidator" class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator" c:casServerUrlPrefix="${server.prefix}" p:allowedProxyChains-ref="clearPassProxyList" /> <bean id="clearPassProxyList" class="org.jasig.cas.client.validation.ProxyList"> <constructor-arg> <list> <value>https://myserver.mydomain.com:8443/pwm/private/</value> </list> </constructor-arg> </bean> i also tried moving the clearPassProxyList to deployerconfig.xml as per some doc says to. I can also see https://myserver.mydomain.com:8443/pwm/private/ as allowed to everything but anonymous access in the service management webapp. Anyway, when i try to log into pwm, after a successfull cas login i end up with this error: "javax.servlet.ServletException: org.jasig.cas.client.validation.TicketValidationException: The supplied service 'https://myserver.mydomain.com:8443/pwm/private/' is not authorized to use CAS proxy authentication" is error due to not beeing autorized in the cas service management or in the clearPassProxyList? Does anyone know what my mistake is? regards, Thib -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
