Andrew,
Thank you for your answer, setting service property instead of serverName does
not resolved my issue, but I have found a solution. I have declared a
proxyGrantingTicketStorage and passed its reference to the Filter and the
Validator and it works.
I don't have to use CAS20ProxyTicketValidator because the service I want to
proxy authenticate use pam_cas mechanism.
The above listing contains the working configuration :
<!-- PGT Storage shared instance -->
<bean id="proxyGrantingTicketStorage"
class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
<!-- Validation Filter Bean -->
<bean
id="casValidationFilter"
class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
<property name="proxyReceptorUrl" value="/proxy/receptor"/>
<property name="serverName" value="${cas.client.serverName}" />
<property name="redirectAfterValidation" value="true"/>
<!-- PGT Storage shared instance -->
<property name="proxyGrantingTicketStorage"
ref="proxyGrantingTicketStorage"/>
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="${cas.server.url}" />
<property name="proxyCallbackUrl"
value="https://myservice:8443/mycontect/proxy/receptor"/>
<!-- PGT Storage shared instance -->
<property name="proxyGrantingTicketStorage"
ref="proxyGrantingTicketStorage"/>
</bean>
</property>
</bean>
Mathieu
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Andrew Ralph
Feller, afelle1
Envoyé : jeudi 26 juin 2008 14:30
À : Yale CAS mailing list
Objet : Re: CAS Client 3.1 Spring configuration and PGT
Mathieu,
On comparing your config against the wiki article for JA-SIG CAS 3.1 (
http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+using+Spring),
the only discrepancy I find is that you declared the serverName property vs
the service property on the Cas20ProxyReceivingTicketValidationFilter. Hrmmm,
in your config you are using the Cas20ServiceTicketValidator. Have you
configured the CAS client on the service that should accept proxy tickets with
the Cas20ProxyTicketValidator?
On 6/26/08 5:04 AM, "Mathieu ROUSSELLE" <[EMAIL PROTECTED]> wrote:
Hello,
I have configured the CAS Client with spring configuration to use a
Cas20ProxyReceivingTicketValidationFilter.
<bean
name="casValidationFilter"
class="org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter">
<property name="proxyReceptorUrl" value="/proxy/receptor"/>
<property name="serverName" value="${cas.client.serverName}" />
<property name="redirectAfterValidation" value="true"/>
<property name="ticketValidator">
<bean
class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="${cas.server.url}" />
<property name="proxyCallbackUrl"
value="https://myservice:8443/mycontext/proxy/receptor"/>
</bean>
</property>
</bean>
I make subsequent call to the Principal.GetProxyTicket(ServiceUrl) to proxy
authenticate to another service and I have null return : No ProxyGrantingTicket
was supplied, so no Proxy Ticket can be retrieved.
I have made some debug to find that the proxyGrantingTicketStorage of the
filter is not passed to the ServiceTicketValidator. That is why the PGTIOU sent
back by the CAS server on ST validation does not correspond to the any PGT.
Did I made configuration mistake ?
I have included the log which shows that the PGT is sent by the CAS server :
26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] -
Constructed service url:
http://radiomee.vmmario3.rennes.niji:8080/camcas/gateway/gateway.jsp;jsessionid=DC60F272E9B8A8BAC30C07B345DF621C
26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] -
redirecting to
"https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fgateway%2Fgateway.jsp%3Bjsessionid%3DDC60F272E9B8A8BAC30C07B345DF621C&gateway=true";
26/06/08 11:54:51.890 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] -
removing gateway attribute from session
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():84] - no
ticket and no assertion found
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():234] - serviceUrl
generated: http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] -
Constructed service url: http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] -
redirecting to
"https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fprotected%2Fsecured.jsp";
26/06/08 11:54:59.015 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] -
removing gateway attribute from session
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():128]
- Attempting to validate ticket: ST-22-mzbwF9YhWaMzGFdhcq1F-cas
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] - serviceUrl
generated: http://myservice:8080/mycontext/protected/secured.jsp
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():86]
- Placing URL parameters in map.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():94]
- Calling template URL attribute map.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():97]
- Loading custom parameters from configuration.
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():173]
- Constructing validation url:
https://vmmario3.rennes.niji:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2Fmyservice%3A8443%2Fmycontext%2Fproxy%2Freceptor&ticket=ST-22-mzbwF9YhWaMzGFdhcq1F-cas&service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fprotected%2Fsecured.jsp
26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():177]
- Retrieving response from server.
26/06/08 11:54:59.265 |DEBUG | [http-8443-Processor25]
[org.jasig.cas.client.util.CommonUtils.readAndRespondToProxyReceptorRequest():164]
- Received proxyGrantingTicketId
[TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas] for
proxyGrantingTicketIou [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas]
26/06/08 11:54:59.281 |DEBUG | [http-8443-Processor25]
[org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl.save():89] - Saving
ProxyGrantingTicketIOU and ProxyGrantingTicket combo:
[PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas,
TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas]
26/06/08 11:54:59.281 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():185]
- Server response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>toto</cas:user>
<cas:proxyGrantingTicket>PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas</cas:proxyGrantingTicket>
</cas:authenticationSuccess>
</cas:serviceResponse>
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():137]
- Successfully authenticated user: toto
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():160]
- Redirecting after successful ticket validation.
26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25]
[org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] - serviceUrl
generated: http://myservice:8080/mycontext/protected/secured.jsp
Mathieu Rousselle
________________________________
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
