Mathieu, It looks like you've solved your problem but just to clarify. When using the filter in the web.xml, the filter itself does a lot of the self-configuration (since in the web.xml is not a fun place to try and configure stuff). When using the Spring configuration we leave a lot of the dependency injection to either you to configure or to use the Spring auto-configuration stuff.
The web.xml is designed for ultimate automation and the Spring method is for ultimate control ;-) -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Jun 26, 2008 at 9:18 AM, Mathieu ROUSSELLE < [EMAIL PROTECTED]> wrote: > Andrew, > > > > Thank you for your answer, setting service property instead of serverName > does not resolved my issue, but I have found a solution. I have declared a > proxyGrantingTicketStorage and passed its reference to the Filter and the > Validator and it works. > > > > I don't have to use CAS20ProxyTicketValidator because the service I want to > proxy authenticate use pam_cas mechanism. > > > > The above listing contains the working configuration : > > > > <!-- PGT Storage shared instance --> > > <bean id="proxyGrantingTicketStorage" class= > "org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/> > > > > <!-- Validation Filter Bean --> > > <bean > > id="casValidationFilter" > > class= > "org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" > > > > > > <property name="proxyReceptorUrl" value="/proxy/receptor"/> > > <property name="serverName" value="${cas.client.serverName}" > /> > > <property name="redirectAfterValidation" value="true"/> > > <!-- PGT Storage shared instance --> > > <property name="proxyGrantingTicketStorage" ref= > "proxyGrantingTicketStorage"/> > > <property name="ticketValidator"> > > <bean class= > "org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> > > <constructor-arg index="0" value="${cas.server.url}" > /> > > <property name="proxyCallbackUrl" value=" > https://myservice:8443/mycontect/proxy/receptor"/> > > <!-- PGT Storage shared instance --> > > <property name="proxyGrantingTicketStorage" ref= > "proxyGrantingTicketStorage"/> > > </bean> > > </property> > > </bean> > > > > Mathieu > > > > *De :* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *De > la part de* Andrew Ralph Feller, afelle1 > *Envoyé :* jeudi 26 juin 2008 14:30 > *À :* Yale CAS mailing list > *Objet :* Re: CAS Client 3.1 Spring configuration and PGT > > > > Mathieu, > > On comparing your config against the wiki article for JA-SIG CAS 3.1 ( > http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+using+Spring), > the only discrepancy I find is that you declared the serverName property vs > the service property on the Cas20ProxyReceivingTicketValidationFilter. > Hrmmm, in your config you are using the Cas20ServiceTicketValidator. Have > you configured the CAS client on the service that should accept proxy > tickets with the Cas20ProxyTicketValidator? > > > On 6/26/08 5:04 AM, "Mathieu ROUSSELLE" <[EMAIL PROTECTED]> wrote: > > Hello, > > I have configured the CAS Client with spring configuration to use a > Cas20ProxyReceivingTicketValidationFilter. > > <bean > name="casValidationFilter" > class= > "org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter" > > > > <property name="proxyReceptorUrl" value="/proxy/receptor"/> > <property name="serverName" value="${cas.client.serverName}" /> > <property name="redirectAfterValidation" value="true"/> > <property name="ticketValidator"> > <bean class= > "org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> > <constructor-arg index="0" value="${cas.server.url}" > /> > <property name="proxyCallbackUrl" value=" > https://myservice:8443/mycontext/proxy/receptor"/> > </bean> > </property> > </bean> > > I make subsequent call to the Principal.GetProxyTicket(ServiceUrl) to proxy > authenticate to another service and I have null return : No > ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. > > I have made some debug to find that the *proxyGrantingTicketStorage* of > the filter is not passed to the ServiceTicketValidator. That is why the > PGTIOU sent back by the CAS server on ST validation does not correspond to > the any PGT. > > Did I made configuration mistake ? > > > I have included the log which shows that the PGT is sent by the CAS server > : > > > 26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] - > Constructed service url: > http://radiomee.vmmario3.rennes.niji:8080/camcas/gateway/gateway.jsp;jsessionid=DC60F272E9B8A8BAC30C07B345DF621C > 26/06/08 11:54:50.750 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] - > redirecting to " > https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fgateway%2Fgateway.jsp%3Bjsessionid%3DDC60F272E9B8A8BAC30C07B345DF621C&gateway=true > " > 26/06/08 11:54:51.890 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] - > removing gateway attribute from session > 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():84] - > no ticket and no assertion found > 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():234] - > serviceUrl generated: > http://myservice:8080/mycontext/protected/secured.jsp > 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():93] - > Constructed service url: > http://myservice:8080/mycontext/protected/secured.jsp > 26/06/08 11:54:53.281 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():99] - > redirecting to " > https://vmmario3.rennes.niji:8443/cas/login?service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fprotected%2Fsecured.jsp > " > 26/06/08 11:54:59.015 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.authentication.AuthenticationFilter.doFilter():107] - > removing gateway attribute from session > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():128] > - Attempting to validate ticket: ST-22-mzbwF9YhWaMzGFdhcq1F-cas > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] - > serviceUrl generated: > http://myservice:8080/mycontext/protected/secured.jsp > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():86] > - Placing URL parameters in map. > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():94] > - Calling template URL attribute map. > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.constructValidationUrl():97] > - Loading custom parameters from configuration. > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():173] > - Constructing validation url: > https://vmmario3.rennes.niji:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2Fmyservice%3A8443%2Fmycontext%2Fproxy%2Freceptor&ticket=ST-22-mzbwF9YhWaMzGFdhcq1F-cas&service=http%3A%2F%2Fmyservice%3A8080%2Fmycontext%2Fprotected%2Fsecured.jsp > 26/06/08 11:54:59.031 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():177] > - Retrieving response from server. > 26/06/08 11:54:59.265 |DEBUG | [http-8443-Processor25] > [org.jasig.cas.client.util.CommonUtils.readAndRespondToProxyReceptorRequest():164] > - Received proxyGrantingTicketId > [TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas] for > proxyGrantingTicketIou [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas] > 26/06/08 11:54:59.281 |DEBUG | [http-8443-Processor25] > [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl.save():89] - > Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo: > [PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas, > TGT-37-jqWBBQo759vGWKSVaqq4TEqRkSyiVG9RTyw5shvoAHGFkgQsID-cas] > 26/06/08 11:54:59.281 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate():185] > - Server response: <cas:serviceResponse xmlns:cas=' > http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> > <cas:authenticationSuccess> > <cas:user>toto</cas:user> > > > > <cas:proxyGrantingTicket>PGTIOU-17-tqCUkGUWq0BpQiud3Xo0-cas</cas:proxyGrantingTicket> > > > </cas:authenticationSuccess> > </cas:serviceResponse> > > 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():137] > - Successfully authenticated user: toto > 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter():160] > - Redirecting after successful ticket validation. > 26/06/08 11:54:59.296 |DEBUG | [http-8080-Processor25] > [org.jasig.cas.client.util.CommonUtils.constructServiceUrl():209] - > serviceUrl generated: > http://myservice:8080/mycontext/protected/secured.jsp > > Mathieu Rousselle > ------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
