|
Edward, As others have already confirmed, you must configure your CAS client application to use the JA-SIG CAS Client library, which facilitates communications with the CAS server. It is ultimately the CAS Client library that will allow request.getRemoteUser() to return the username of the authenticated user. The logs you sent make this fairly clear. The log of the CAS server clearly shows CAS issuing a service ticket for user "edwardc." It appears that the server is working fine. The log file from the client shows a clue to your problem. The client is unable to load the CAS Client filters. The JA-SIG CAS Client library (a jar file, which at least on my computer is called "cas-client-core-3.1.1.jar") needs to be in your Web application's classpath. As with any enterprise Java Web application, there is an appropriate place to install this jar file. Since I see you are using Tomcat, in your case this place should be something like <tomcat_dir>/webapps/Recruiting/WEB-INF/lib. Adam Edward Chen wrote: I am kind of understanding... In order to display request.getRemoteUser() value in my test.jsp, I need to integrate cas client 3.1.1 to my application, for Recruiting application. The reason why my current test.jsp returns null value is because I haven't integrate cas client 3.21 with my application, Is it correct?I am done with the server side configuration, right? If so, how to integrate cas client 3.11 to my java/jsp application? do you have an instruction? Edward Scott Battaglia wrote:When CASifying an application, you integrate the CAS client with your application. You don't integrate the CAS client with the CAS server software. The CAS client library is what allows the application to communicate with the CAS server. You should be configuring the wrapper on YOUR application if you want access to request.getRemoteUser(). -Scott On Tue, May 20, 2008 at 11:22 PM, Edward Chen <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: Adam and Scott, It seems to me that I missing the client configuration. I tried to locate HttpServletRequestWrapperFilter file but I don't find them in my cas 3.21 folder. So, I download "cas-client-3.1.1-release" and I find HttpServletRequestWrapperFilter file in it. I wonder if I need to integrate client into server. If yes, how to integrate case-client-3.1.1? using maven? ?? I am stuck in this problem. Edward Adam Rybicki wrote: > Edward, > > It's hard to tell what effect your cas.war file custom build may have > on CAS itself. Let's assume for the time being, that this is fine. > > Did you have a chance to look inside the Tomcat logs as the error > message was suggesting? Getting no response from CAS could be caused > by a certificate error. I looked at > AbstractCasProtocolUrlBasedTicketValidator, and it is possible that > this class would return null on a communication error with CAS > server. It logs the error and returns null. Can you locate the log > file? I think that the CAS Client may be actually using the log file > of your application. > > Adam > > Edward Chen wrote: >> Hi Scott and other experts, >> >> Hi, >> >> Just a thought about this problem. I don't know if it will make a >> difference. >> >> I think maybe the CAS in my tomcat is different. Why? >> >> I deployed my CAS to Tomcat by other method - our own build.xml. >> >> CAS 3.2.1 is built with Maven 2.0.9. <http://2.0.9.> I generate cas.war not by Maven, >> but by my build.xml >> >> The current problem seems to me that the CAS only talks itself and not >> react to any applications. That is why there is >> >> "...The CAS server returned no response...." when CAS linking to an >> application. >> >> What do you think? >> >> Edward >> >> >> Scott Battaglia wrote: >> >>> Edward, >>> >>> Can you try using the CAS 20 filter and see if that works? >>> >>> -Scott >>> >>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote: >>> >>> Here it's what I modify below. But it still doesn't work. I have the >>> following exception. Can you tell what 's wrong with it? Anything >>> wrong >>> with my cas filter?? Please help--very urgent >>> >>> >>> HTTP Status 500 - >>> >>> ------------------------------------------------------------------------ >>> >>> *type* Exception report >>> >>> *message* >>> >>> *description* _The server encountered an internal error () that >>> prevented it from fulfilling this request._ >>> >>> *exception* >>> >>> javax.servlet.ServletException: The CAS server returned no response. >>> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:152) >>> >>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >>> >>> *root cause* >>> >>> org.jasig.cas.client.validation.TicketValidationException: The CAS >>> server returned no response. >>> >>> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:162) >>> >>> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:129) >>> >>> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:103) >>> >>> *note* _The full stack trace of the root cause is available in the >>> Apache Tomcat/5.5.25 logs._ >>> >>> ------------------------------------------------------------------------ >>> >>> >>> Apache Tomcat/5.5.25 >>> >>> >>> >>> .......... >>> <filter> >>> <filter-name>CAS Authentication Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>> <init-param> >>> <param-name>casServerLoginUrl</param-name> >>> <param-value>https://casserver:8443/CAS/login</param-value> >>> </init-param> >>> <init-param> >>> <param-name>service</param-name> >>> >>> <param-value>http://casserver:8080/Recruiting/test.jsp</param-value> >>> </init-param> >>> <init-param> >>> <param-name>serverName</param-name> >>> <param-value>casserver:8080</param-value> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS Validation Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> >>> <init-param> >>> <param-name>casUrlServerPrefix</param-name> >>> <param-value>https://casserver:8443/CAS</param-value> >>> </init-param> >>> <init-param> >>> <param-name>serverName</param-name> >>> <param-value>casserver:8080</param-value> >>> </init-param> >>> </filter> >>> >>> <filter> >>> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> </filter> >>> >>> <filter-mapping> >>> <filter-name>CAS Authentication Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping> >>> >>> <filter-mapping> >>> <filter-name>CAS Validation Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping > >>> >>> <filter-mapping> >>> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >>> <url-pattern>/*</url-pattern> >>> </filter-mapping > >>> ............. >>> >>> >>> Edward >>> >>> Adam Rybicki wrote: >>> > Scott's right, of course. The Thread Local filter is not needed for >>> > what you need. It becomes handy if you don't have access to the >>> > HttpServletRequest. >>> > >>> > Adam >>> > >>> > Scott Battaglia wrote: >>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki >>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> >> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>>> wrote: >>> >> >>> >> Edward, >>> >> >>> >> Cross-posting to the wrong list (cas-dev) will not speed up >>> a reply. >>> >> >>> >> One thing you'll need is an additional filter. Actually, >>> two of >>> >> them, I think. To make getRemoteUser() work, you'll need them >>> >> configured similar to this: >>> >> >>> >> <filter> >>> >> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >> >>> >> >>> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >>> >> </filter> >>> >> >>> >> <filter> >>> >> <filter-name>CAS Assertion Thread Local >>> Filter</filter-name> >>> >> >>> >> >>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>> >> </filter> >>> >> >>> >> <filter-mapping> >>> >> <filter-name>CAS HttpServletRequest Wrapper >>> Filter</filter-name> >>> >> >>> >> <url-pattern>/*</url-pattern> >>> >> </filter-mapping> >>> >> >>> >> <filter-mapping> >>> >> <filter-name>CAS Assertion Thread Local >>> Filter</filter-name> >>> >> >>> >> <url-pattern>/*</url-pattern> >>> >> </filter-mapping> >>> >> >>> >> >>> >> What concerns me is that, while you are using the JA-SIG CAS >>> >> Client, the exception message you included appears to have come >>> >> from the Yale CAS Filter. I don't think you need both. >>> >> >>> >> >>> >> Adam beat me to it. But you are including the configuration >>> for the >>> >> JASIG CAS Client but an error message from the Yale CAS client. >>> >> That's impossible unless you have both of them configured, which I >>> >> don't think has ever been tried. I'd recommend just sticking with >>> >> one of them. If you merely wish to read the request.getRemoteUser, >>> >> you also won't need the ThreadLocal filter either. >>> >> >>> >> -Scott >>> >> >>> >> >>> >> >>> >> Adam >>> >> >>> >> Edward Chen wrote: >>> >>> I installed CAS 3.2.1 and deployed successfully with LDAP >>> in my >>> >>> Windows XP and Tomcat5.25. Now I want to link the simple jsp >>> >>> application in Tomcat to CAS. I modified the CAS filter in >>> >>> web.xml as bellow. If I comment out "CAS Validation Filter", I >>> >>> got redirected to CAS and passed CAS login and went back >>> to the >>> >>> application. However, I got "null" value >>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It should be >>> >>> supposed to have the CAS login username. If I don't >>> comment out >>> >>> "CAS Validation Filter", I got redirected to CAS and >>> passed CAS >>> >>> login. But when CAS went back to the application, it >>> throws out >>> >>> exception, something like "*exception* >>> >>> javax.servlet.ServletException: Unable to validate >>> >>> ProxyTicketValidator >>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator >>> >>> proxyList=[null] >>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator ..... " It >>> >>> seems to me that the validation doesn't work. What is >>> wrong with >>> >>> it? How to fix it? any recommendation?? any thing wrong >>> with the >>> >>> following CAS filter?? Very urgent help needed!!! ........ >>> >>> <filter> <filter-name>CAS Authentication Filter</filter-name> >>> >>> >>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>> >>> <init-param> <param-name>casServerLoginUrl</param-name> >>> >>> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value> >>> >>> </init-param> <init-param> <param-name>service</param-name> >>> >>> >>> <param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value> >>> >>> </init-param> <init-param> <param-name>serverName</param-name> >>> >>> <param-value>xxxxxxx:8080/</param-value> </init-param> >>> </filter> >>> >>> <filter> <filter-name>CAS Validation Filter</filter-name> >>> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> >>> >>> <init-param> <param-name>casUrlServerPrefix</param-name> >>> >>> <param-value>https://xxxxxxx:8443/CAS</param-value> >>> >>> </init-param> <init-param> <param-name>serverName</param-name> >>> >>> <param-value>xxxxxxxxxxx:8080/</param-value> </init-param> >>> >>> </filter> <filter-mapping> <filter-name>CAS Authentication >>> >>> Filter</filter-name> <url-pattern>/*</url-pattern> >>> >>> </filter-mapping> <!--filter-mapping> <filter-name>CAS >>> >>> Validation Filter</filter-name> <url-pattern>/*</url-pattern> >>> >>> </filter-mapping --> ................... >>> >>> ______________________________ >>> >>> _________________ >>> >>> Yale CAS mailing list >>> >>> [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> >>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> >>> >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> >> _______________________________________________ >>> >> Yale CAS mailing list >>> >> [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> >>> <mailto:[email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>>> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> >> >>> >> >>> >> >>> >> -- >>> >> -Scott Battaglia >>> >> PGP Public Key Id: 0x383733AA >>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> >> >>> ------------------------------------------------------------------------ >>> >> >>> >> _______________________________________________ >>> >> Yale CAS mailing list >>> >> [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas >>> >> >>> > _______________________________________________ >>> > Yale CAS mailing list >>> > [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> >>> > http://tp.its.yale.edu/mailman/listinfo/cas >>> > >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] <mailto:[email protected]> <mailto:[email protected] <mailto:[email protected]>> >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >>> >>> >>> -- >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] <mailto:[email protected]> >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] <mailto:[email protected]> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > _______________________________________________ > Yale CAS mailing list > [email protected] <mailto:[email protected]> > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] <mailto:[email protected]> http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia ------------------------------------------------------------------------ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas |
begin:vcard fn:Adam Rybicki n:Rybicki;Adam org:Unicon, Inc.;Professional Services adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States email;internet:[EMAIL PROTECTED] tel;work:+1-480-558-2400 tel;home:+1-310-265-8286 tel;cell:+1-310-980-2758 x-mozilla-html:FALSE url:http://www.unicon.net/ version:2.1 end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
