Hello,
I have configured the CAS Client with spring configuration to use a
Cas20ProxyReceivingTicketValidationFilter.
<bean
name="casValidationFilter"
class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidati
onFilter">
<property name="proxyReceptorUrl" value="/proxy/receptor"/>
<property name="serverName" value="${cas.client.serverName}"
/>
<property name="redirectAfterValidation" value="true"/>
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="${cas.server.url}" />
<property name="proxyCallbackUrl"
value="https://myservice:8443/mycontext/proxy/receptor"/>
</bean>
</property>
</bean>
I make subsequent call to the Principal.GetProxyTicket(ServiceUrl) to
proxy authenticate to another service and I have null return : No
ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved.
I have made some debug to find that the proxyGrantingTicketStorage of
the filter is not passed to the ServiceTicketValidator. That is why the
PGTIOU sent back by the CAS server on ST validation does not correspond
to the any PGT.
Did I made configuration mistake ?
I have included the log which shows that the PGT is sent by the CAS
server :
26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93]
- Constructed service url:
http://radiomee.vmmario3.rennes.niji:8080/camcas/gateway/gateway.jsp;jse
ssionid=DC60F272E9B8A8BAC30C07B345DF621C
26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99]
- redirecting to
"https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyserv
ice%3A8080%2Fmycontext%2Fgateway%2Fgateway.jsp%3Bjsessionid%3DDC60F272E9
B8A8BAC30C07B345DF621C&gateway=true"
26/06/08 11:54:51.890 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107
] - removing gateway attribute from session
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():84]
- no ticket and no assertion found
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():234] -
serviceUrl generated:
http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93]
- Constructed service url:
http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99]
- redirecting to
"https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyserv
ice%3A8080%2Fmycontext%2Fprotected%2Fsecured.jsp"
26/06/08 11:54:59.015 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107
] - removing gateway attribute from session
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter
():128] - Attempting to validate ticket: ST-22-mzbwF9YhWaMzGFdhcq1F-cas
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] -
serviceUrl generated:
http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constru
ctValidationUrl():86] - Placing URL parameters in map.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constru
ctValidationUrl():94] - Calling template URL attribute map.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constru
ctValidationUrl():97] - Loading custom parameters from configuration.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validat
e():173] - Constructing validation url:
https://vmmario3.rennes.niji:8443/cas/serviceValidate?pgtUrl=https%3A%2F
%2Fmyservice%3A8443%2Fmycontext%2Fproxy%2Freceptor&ticket=ST-22-mzbwF9Yh
WaMzGFdhcq1F-cas&service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fpro
tected%2Fsecured.jsp
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validat
e():177] - Retrieving response from server.
26/06/08 11:54:59.265 |DEBUG | [http-8443-Processor25]
[org.jasig.cas.client.util.CommonUtils.readAndRespondToProxyReceptorRequ
est():164] - Received proxyGrantingTicketId
[TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas] for
proxyGrantingTicketIou [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas]
26/06/08 11:54:59.281 |DEBUG | [http-8443-Processor25]
[org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl.save():89] -
Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo:
[PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas,
TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas]
26/06/08 11:54:59.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validat
e():185] - Server response: <cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>toto</cas:user>
<cas:proxyGrantingTicket>PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas</cas:proxyGr
antingTicket>
</cas:authenticationSuccess>
</cas:serviceResponse>
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter
():137] - Successfully authenticated user: toto
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter
():160] - Redirecting after successful ticket validation.
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] -
serviceUrl generated:
http://myservice:8080/mycontext/protected/secured.jsp
Mathieu Rousselle
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
