Mathieu,
On comparing your config against the wiki article for JA-SIG CAS 3.1 (
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+fo
r+Java+using+Spring), the only discrepancy I find is that you declared the
serverName property vs the service property on the
Cas20ProxyReceivingTicketValidationFilter. Hrmmm, in your config you are
using the Cas20ServiceTicketValidator. Have you configured the CAS client
on the service that should accept proxy tickets with the
Cas20ProxyTicketValidator?
On 6/26/08 5:04 AM, "Mathieu ROUSSELLE" <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I have configured the CAS Client with spring configuration to use a
> Cas20ProxyReceivingTicketValidationFilter.
>
> <bean
> name="casValidationFilter"
>
> class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilt
> er">
>
> <property name="proxyReceptorUrl" value="/proxy/receptor"/>
> <property name="serverName" value="${cas.client.serverName}" />
> <property name="redirectAfterValidation" value="true"/>
> <property name="ticketValidator">
> <bean
> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
> <constructor-arg index="0" value="${cas.server.url}"
> />
> <property name="proxyCallbackUrl"
> value="https://myservice:8443/mycontext/proxy/receptor"/>
> </bean>
> </property>
> </bean>
>
> I make subsequent call to the Principal.GetProxyTicket(ServiceUrl) to proxy
> authenticate to another service and I have null return : No
> ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved.
>
> I have made some debug to find that the proxyGrantingTicketStorage of the
> filter is not passed to the ServiceTicketValidator. That is why the PGTIOU
> sent back by the CAS server on ST validation does not correspond to the any
> PGT.
>
> Did I made configuration mistake ?
>
>
> I have included the log which shows that the PGT is sent by the CAS server :
>
>
> 26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] -
> Constructed service url:
> http://radiomee.vmmario3.rennes.niji:8080/camcas/gateway/gateway.jsp;jsessioni
> d=DC60F272E9B8A8BAC30C07B345DF621C
> 26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] -
> redirecting to
> "https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A
> 8080%2Fmycontext%2Fgateway%2Fgateway.jsp%3Bjsessionid%3DDC60F272E9B8A8BAC30C07
> B345DF621C&gateway=true"
> 26/06/08 11:54:51.890 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] -
> removing gateway attribute from session
> 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():84] - no
> ticket and no assertion found
> 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():234] -
> serviceUrl generated: http://myservice:8080/mycontext/protected/secured.jsp
> 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] -
> Constructed service url: http://myservice:8080/mycontext/protected/secured.jsp
> 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] -
> redirecting to
> "https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A
> 8080%2Fmycontext%2Fprotected%2Fsecured.jsp"
> 26/06/08 11:54:59.015 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] -
> removing gateway attribute from session
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():128
> ] - Attempting to validate ticket: ST-22-mzbwF9YhWaMzGFdhcq1F-cas
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] - serviceUrl
> generated: http://myservice:8080/mycontext/protected/secured.jsp
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructVali
> dationUrl():86] - Placing URL parameters in map.
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructVali
> dationUrl():94] - Calling template URL attribute map.
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructVali
> dationUrl():97] - Loading custom parameters from configuration.
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():17
> 3] - Constructing validation url:
> https://vmmario3.rennes.niji:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2Fmys
> ervice%3A8443%2Fmycontext%2Fproxy%2Freceptor&ticket=ST-22-mzbwF9YhWaMzGFdhcq1F
> -cas&service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fprotected%2Fsecured.j
> sp
> 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():17
> 7] - Retrieving response from server.
> 26/06/08 11:54:59.265 |DEBUG | [http-8443-Processor25]
> [org.jasig.cas.client.util.CommonUtils.readAndRespondToProxyReceptorRequest():
> 164] - Received proxyGrantingTicketId
> [TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas] for
> proxyGrantingTicketIou [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas]
> 26/06/08 11:54:59.281 |DEBUG | [http-8443-Processor25]
> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl.save():89] -
> Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo:
> [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas,
> TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas]
> 26/06/08 11:54:59.281 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():18
> 5] - Server response: <cas:serviceResponse
> xmlns:cas='http://www.yale.edu/tp/cas'>
> <cas:authenticationSuccess>
> <cas:user>toto</cas:user>
>
>
> <cas:proxyGrantingTicket>PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas</cas:proxyGranting
> Ticket>
>
>
> </cas:authenticationSuccess>
> </cas:serviceResponse>
>
> 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():137
> ] - Successfully authenticated user: toto
> 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():160
> ] - Redirecting after successful ticket validation.
> 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
> [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] -
> serviceUrl generated: http://myservice:8080/mycontext/protected/secured.jsp
>
> Mathieu Rousselle
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
