Scott, Thank you so much. I guess that should have been something obvious to try - but both the Wiki and the JA-SIG Java Client Simple WebApp Sample ( http://www.ja-sig.org/wiki/display/CASC/JA-SIG+Java+Client+Simple+WebApp+Sample) have these ordered Authentication before Validation.
New to Java Servlets - I ended up first switching the filter declerations, but I forgot to switch the mappings. Once I switched them both - I saw the following (see below) output - which made me smile. Thank you so much. Robert 2008-07-21 16:33:19,740 DEBUG [org.jasig.cas.client.proxy.ProxyGrantingTicketSto rageImpl] - <Saving ProxyGrantingTicketIOU and ProxyGrantingTicket combo: [PGTIO U-1-2vanYOheQDrLdCQtATrL-cas, TGT-2-QjqsCaEDciyirw9VY9IpOtwrHRXddmBesjbJGqg5e26L J7QPMe-cas]> 2008-07-21 16:33:19,818 DEBUG [org.jasig.cas.client.validation.Cas20ServiceTicke tValidator] - <Server response: <cas:serviceResponse xmlns:cas=' http://www.yale. edu/tp/cas'> <cas:authenticationSuccess> <cas:user>psn.com</cas:user> <cas:proxyGrantingTicket>PGTIOU-1-2vanYOheQDrLdCQtATrL-cas</cas: proxyGrantingTicket> </cas:authenticationSuccess> </cas:serviceResponse> > On Mon, Jul 21, 2008 at 10:50 AM, Scott Battaglia <[EMAIL PROTECTED]> wrote: > Robert, > > I think the problem is that our documentation says to put the > AuthenticationFilter first which works in the majority of the cases. In > your case you would need to put the ValidationFilter first. I think there > was a similar discussion on-list a while back but the documentation in the > wiki was never updated to reflect that you can configure the Validation > Filter first. > > There doesn't appear to be a reason that you can't configure the validation > filter first. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > On Mon, Jul 21, 2008 at 10:29 AM, Robert R <[EMAIL PROTECTED]> wrote: > >> I am trying to implement Proxy Login using the Java CAS Client 3.1. >> Below you'll find my filters for authentication and validation. The regular >> authentication is happening fine. The service URL is: " >> http://sp.dev.synapse.com/petclinic/", the user logs on, a service ticket >> is returned an everything is happy. >> >> However, the proxy is not working, and I'm not sure exactly what I am >> doing wrong. While debugging, I see that the callback is getting called >> with the PGTIOU and the PGT from CAS. However, the Authentication Filter is >> the first to grab this incoming service URL: " >> http://sp.dev.pearsonsynapse.com/petclinic/proxyCallback," it is not >> finding a service ticket, and tries presenting the CAS login screen. This >> CAS login screen is ultimately return to CAS's own proxy call (which of >> course is never looked at) - and the whole process never makes it to the >> proxy validation. >> >> The trouble is - now that I have this set up - what is happening makes >> sense to me. Of course - it is not letting the actualy proxy granting >> ticket to come through - which is a problem. So - what am I doing wrong - >> and how can I correct this? >> >> Thanks so much for any thoughts. >> >> - Robert >> >> <filter> >> <filter-name>CAS Authentication Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> <init-param> >> <param-name>casServerLoginUrl</param-name> >> <param-value>https://sso.dev.synapse.net/cas/login >> </param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://sp.dev.synapse.com</param-value> >> </init-param> >> <init-param> >> <param-name>renew</param-name> >> <param-value>false</param-value> >> </init-param> >> <init-param> >> <param-name>gateway</param-name> >> <param-value>false</param-value> >> </init-param> >> </filter> >> >> <filter> >> <filter-name>CAS Validation Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://sso.dev.synapse.net/cas/</param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://sp.dev.synapse.com</param-value> >> </init-param> >> <init-param> >> <param-name>allowAnyProxy</param-name> >> <param-value>true</param-value> >> </init-param> >> <init-param> >> <param-name>proxyCallbackUrl</param-name> >> <param-value> >> https://sp.dev.synapse.com/petclinic/proxyCallback</param-value> >> </init-param> >> <init-param> >> <param-name>proxyReceptorUrl</param-name> >> <param-value>/petclinic/proxyCallback</param-value> >> </init-param> >> </filter> >> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
