Re: CAS EROOR Proxy

Fri, 21 Sep 2007 09:54:48 -0700

Zahia,

This is not a valid CAS protocol login invocation.

[
- then the url " https://localhost:8443/cas/login?service=localhost:8090/c/portal" to get the st for liferay
]

the value for parameter "service" is not valid.  The value of the service request parameter should be a fully specified URL, including the "http://" or "https://" prefix. Further, the value of this parameter, like all URL parameters, should be URL encoded.

The consequence of the miscued CAS login invocation is probably to confuse CAS about where it should be redirecting to.

Requirements of CAS protocol invocation URLs are specified in the CAS protocol specification.

http://www.ja-sig.org/products/cas/overview/protocol/index.html

Andrew


zahia ikhteah wrote:
Hi,
I have put in place a simple "CAS SSO"  for the "Liferay" portal and it works very well.
now I'm trying to extend this solution to put in place a proxy cas sso that accesses to a portlet that, itself, accesses to "Alfresco" via web services.

What are the configurations to add in the class "com.liferay.portal.servlet.filters.sso.cas.CASFilter"
to use the proxies and get the pgtiou I'd use to ask for proxy tickets???


otherwise, I've tried to illustrate the mecanisme directly in a browser like this:
- my server cas accessible on the port :8483
- my server tomcat for liferay on : 8090
- I also have the liferay's ssl port: 8445

So
 - I put in the url "https://localhost:8443/cas/login" for the authentication on the "CAS"
- then the url " https://localhost:8443/cas/login?service=localhost:8090/c/portal" to get the st for liferay
- validation of the service, ticket recovered on https://localhost:8443/cas/serviceValidateticket=XXX&service=localhost:8090/c/portal&pgtUrl=https://localhost:8445
/c/cas/proxyCallBack

this is where I get the login but I have this exception:

 

INFO: Server startup in 4596 ms
2007-09-13 14:23:12,026 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry a
t [Thu Sep 13 14:23:12 CEST 2007]>
2007-09-13 14:23:12,036 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <0 found to be removed.  Removing now.>
2007-09-13 14:23:12,046 INFO [org.jasig.cas.ticket.registry.support.DefaultTicke
tRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry a
t [Thu Sep 13 14:23:12 CEST 2007]>
2007-09-13 14:38:32,650 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <
Setting ContextPath for cookies to: /cas>
2007-09-13 14:39:14,991 INFO [org.jasig.cas.authentication.AuthenticationManager
Impl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.Sim
pleTestUsernamePasswordAuthenticationHandler successfully authenticated the user
 which provided the following credentials: joebloggs>
2007-09-13 14:39:15,011 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] -
<Granted service ticket [ST-1-o33NgonIFq7uJTQCTfy5f66I4OJJLJftVaQ-20] for servic
e [http://localhost:9000/liferay] for user [joebloggs]>

...
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to