Continueing .. Do I need to include CasProxyServlet ? I thought it is in Cas-client 2.1 distribution. Is it the same configuration for 3.1 ?? Leena
On Thu, Oct 2, 2008 at 9:56 AM, Leena Borle <[EMAIL PROTECTED]> wrote: > > > On Thu, Oct 2, 2008 at 6:36 AM, Scott Battaglia <[EMAIL PROTECTED] > > wrote: > >> The only reason it wouldn't be called is if the callback never actually >> makes it to the CAS client. >> >> Could you please give little explanation for this. Could it be >> because of Spring Security layer. I don't see anyhting different in my >> configuration. Does anyone have sample of CAS Client 3.1 proxy settings for >> Spring security 2.0 ? I would appreciate any help. >> >> -Scott >> >> -Scott Battaglia >> PGP Public Key Id: 0x383733AA >> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> >> On Thu, Oct 2, 2008 at 1:02 AM, Leena Borle <[EMAIL PROTECTED]> wrote: >> >>> Hi, >>> After lot of debugging, I noticed that after successful logging, >>> ProxyGrantingTicketStorageImpl.save() method never gets called even if, >>> client receives PGTIOU & PGT from the server. That is why I do not find >>> proxy ticket to send with Httpclient request. I wonder what could be the >>> reason? >>> >>> Leena >>> >>> >>> On Tue, Sep 30, 2008 at 11:36 AM, Scott Battaglia < >>> [EMAIL PROTECTED]> wrote: >>> >>>> It probably means you either don't have something configured at that end >>>> point or CAS doesn't trust that certificate. >>>> >>>> -Scott >>>> >>>> -Scott Battaglia >>>> PGP Public Key Id: 0x383733AA >>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>> >>>> >>>> On Tue, Sep 30, 2008 at 2:20 PM, Leena Borle <[EMAIL PROTECTED]> wrote: >>>> >>>>> Hi Scott, >>>>> Sorry to bother you again. I looked at server log and it does throw >>>>> TicketException. >>>>> >>>>> 2008-09-30 11:09:48,524 ERROR >>>>> [org.jasig.cas.web.ServiceValidateController] - TicketException generating >>>>> ticket for: [callbackUrl: >>>>> https://localhost:8443/webappA/proxy/receptor] >>>>> org.jasig.cas.ticket.TicketCreationException: >>>>> error.authentication.credentials.bad >>>>> at >>>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:291) >>>>> at >>>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) >>>>> ........................ >>>>> >>>>> I'm confused about this url- /proxy/receptor. Is this a physical url >>>>> that I need to create in my web-app and what should exist there? I tried >>>>> to >>>>> find the answer in the documentation but still not clear about it. >>>>> >>>>> Thanks, >>>>> Leena >>>>> >>>>> >>>>> On Mon, Sep 29, 2008 at 12:47 PM, Scott Battaglia < >>>>> [EMAIL PROTECTED]> wrote: >>>>> >>>>>> You should look in your CAS server log. >>>>>> >>>>>> -Scott >>>>>> >>>>>> -Scott Battaglia >>>>>> PGP Public Key Id: 0x383733AA >>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>> >>>>>> >>>>>> On Mon, Sep 29, 2008 at 2:28 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>> >>>>>>> Hi, >>>>>>> Only thing I see in the Cas client log is that, after I log in as >>>>>>> the user, I get following messages, >>>>>>> 2008-09-29 11:15:54,158 DEBUG >>>>>>> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Server >>>>>>> response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas >>>>>>> '> >>>>>>> <cas:authenticationSuccess> >>>>>>> <cas:user>leena</cas:user> >>>>>>> >>>>>>> >>>>>>> </cas:authenticationSuccess> >>>>>>> </cas:serviceResponse> >>>>>>> >>>>>>> *2008-09-29 11:15:54,171 INFO >>>>>>> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] No Proxy >>>>>>> Ticket >>>>>>> found for * >>>>>>> It does not display any user name for the message -"*No Proxy >>>>>>> Ticket found for". >>>>>>> *Then when I try to access* *url using HttpClient, >>>>>>> >>>>>>> *2008-09-29 11:16:03,322 DEBUG >>>>>>> [org.jasig.cas.client.authentication.AttributePrincipalImpl] No >>>>>>> ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. >>>>>>> * >>>>>>> Leena >>>>>>> >>>>>>> >>>>>>> On Sat, Sep 27, 2008 at 7:33 AM, Scott Battaglia < >>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>> >>>>>>>> Have you looked at your CAS log at all in DEBUG level logging to see >>>>>>>> if it has any error messages? >>>>>>>> -Scott Battaglia >>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>> >>>>>>>> >>>>>>>> On Fri, Sep 26, 2008 at 4:21 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>>> >>>>>>>>> >>>>>>>>> Hi, >>>>>>>>> Sorry, my mistake. As url- /proxy/receptor did not work, I tried >>>>>>>>> giving complete url path which should have been >>>>>>>>> https://localhost:8443/... >>>>>>>>> Even after changing the port, I still get the same message.. >>>>>>>>> Leena >>>>>>>>> >>>>>>>>> On Fri, Sep 26, 2008 at 12:33 PM, Scott Battaglia < >>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>> >>>>>>>>>> Is 8080 your https or your http port? It seems like its both in >>>>>>>>>> the configuration. >>>>>>>>>> >>>>>>>>>> -Scott >>>>>>>>>> >>>>>>>>>> -Scott Battaglia >>>>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Fri, Sep 26, 2008 at 3:25 PM, Leena Borle <[EMAIL >>>>>>>>>> PROTECTED]>wrote: >>>>>>>>>> >>>>>>>>>>> Hi Scott, >>>>>>>>>>> As per your email, I configured web.xml and >>>>>>>>>>> applicationContext.xml for proxying. But when I call >>>>>>>>>>> ..principal.getProxyTicketFor(), I am getting error "No >>>>>>>>>>> ProxyGrantingTicket >>>>>>>>>>> was supplied, so no Proxy Ticket can be retrieved". >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Leena >>>>>>>>>>> >>>>>>>>>>> Here is snippet from my applicationContext.xml which is similar >>>>>>>>>>> to the one provided in cas-sample of spring-security. >>>>>>>>>>> <sec:http entry-point-ref="casProcessingFilterEntryPoint" > >>>>>>>>>>> <sec:intercept-url pattern="/user/*.action" >>>>>>>>>>> access="ROLE_USER" /> >>>>>>>>>>> <sec:logout logout-success-url="/cas-logout.jsp"/> >>>>>>>>>>> </sec:http> >>>>>>>>>>> >>>>>>>>>>> <sec:authentication-manager alias="authenticationManager"/> >>>>>>>>>>> >>>>>>>>>>> <bean id="casProcessingFilter" >>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilter"> >>>>>>>>>>> <sec:custom-filter after="CAS_PROCESSING_FILTER"/> >>>>>>>>>>> <property name="authenticationManager" >>>>>>>>>>> ref="authenticationManager"/> >>>>>>>>>>> <property name="authenticationFailureUrl" value=" >>>>>>>>>>> http://localhost:8080/cas/authorizationFailure.jsp"/> >>>>>>>>>>> <property name="defaultTargetUrl" value="/"/> >>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>> <property name="proxyReceptorUrl" value=" >>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>> </bean> >>>>>>>>>>> >>>>>>>>>>> <bean id="casProcessingFilterEntryPoint" >>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> >>>>>>>>>>> <property name="loginUrl" value=" >>>>>>>>>>> https://localhost:8443/cas/login"/> >>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>> ref="serviceProperties"/> >>>>>>>>>>> </bean> >>>>>>>>>>> >>>>>>>>>>> <bean id="casAuthenticationProvider" >>>>>>>>>>> class="org.springframework.security.providers.cas.CasAuthenticationProvider"> >>>>>>>>>>> <sec:custom-authentication-provider /> >>>>>>>>>>> <property name="userDetailsService" >>>>>>>>>>> ref="userCasService"/> >>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>> ref="serviceProperties" /> >>>>>>>>>>> <property name="ticketValidator"> >>>>>>>>>>> <bean >>>>>>>>>>> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> >>>>>>>>>>> <!-- >>>>>>>>>>> tried ProxyTicketValidator too --> >>>>>>>>>>> <constructor-arg index="0" value=" >>>>>>>>>>> https://localhost:8443/cas"; /> >>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>> <property name="proxyCallbackUrl" value=" >>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>> <!-- property name="acceptAnyProxy" >>>>>>>>>>> value="true" --> >>>>>>>>>>> >>>>>>>>>>> </bean> >>>>>>>>>>> </property> >>>>>>>>>>> <property name="key" >>>>>>>>>>> value="an_id_for_this_auth_provider_only"/> >>>>>>>>>>> </bean> >>>>>>>>>>> >>>>>>>>>>> <bean id="proxyGrantingTicketStorage" >>>>>>>>>>> class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" /> >>>>>>>>>>> >>>>>>>>>>> <bean id="serviceProperties" >>>>>>>>>>> class="org.springframework.security.ui.cas.ServiceProperties"> >>>>>>>>>>> <property name="service" value=" >>>>>>>>>>> https://localhost:8443/webappA/j_spring_cas_security_check"/> >>>>>>>>>>> <property name="sendRenew" value="false"/> >>>>>>>>>>> </bean> >>>>>>>>>>> >>>>>>>>>>> <bean id="userCasService" class=""> >>>>>>>>>>> <property name="dataSource" ref="dataSource" /> >>>>>>>>>>> </bean> >>>>>>>>>>> >>>>>>>>>>> ................ Web.xml of application A --------- >>>>>>>>>>> <filter> >>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>> >>>>>>>>>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>>>>>>>>> </filter> >>>>>>>>>>> <filter-mapping> >>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>> </filter-mapping> >>>>>>>>>>> >>>>>>>>>>> <filter> >>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>> Filter</filter-name> >>>>>>>>>>> >>>>>>>>>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>>>>>>>>>> </filter> >>>>>>>>>>> <filter-mapping> >>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>> Filter</filter-name> >>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>> </filter-mapping> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, Sep 25, 2008 at 10:28 PM, Leena Borle <[EMAIL PROTECTED] >>>>>>>>>>> > wrote: >>>>>>>>>>> >>>>>>>>>>>> Hello, >>>>>>>>>>>> I have 2 webapplications, say webappA and webappB. WebappA has >>>>>>>>>>>> Cas-Java client 3.1.3 with spring security-2.0.3 setup. WebappB >>>>>>>>>>>> has >>>>>>>>>>>> Cas-java client 3.1.3 configured in web.xml setup. Cas server is >>>>>>>>>>>> Cas3.3. All >>>>>>>>>>>> these applications work fine when I call them from the browser. >>>>>>>>>>>> But actually what I want to do is, in webappA, I have >>>>>>>>>>>> HttpClient, that needs to access some data from webappB. This is >>>>>>>>>>>> where I am >>>>>>>>>>>> stuck. I added proxy-support in web.xml of webappB according to the >>>>>>>>>>>> instruction. How do I obtain proxy-ticket to pass it to url( >>>>>>>>>>>> http://localhost:8080/webappB/...?ticket=...) of webappB? I do >>>>>>>>>>>> have access to spring's CasAuthentication Object whose credentials >>>>>>>>>>>> contain >>>>>>>>>>>> service ticket for webappA. How do I generate proxy-ticket from >>>>>>>>>>>> it? If I >>>>>>>>>>>> pass this same ticket to the url, I get "Invalid Ticket" message >>>>>>>>>>>> from the >>>>>>>>>>>> Cas server. >>>>>>>>>>>> Is there any proxy example available for Cas-client 3.1. >>>>>>>>>>>> >>>>>>>>>>>> web.xml for WebAppB is as follows. >>>>>>>>>>>> >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>>>>>>> <param-value>https://localhost:8443/cas >>>>>>>>>>>> </param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>> </param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>acceptAnyProxy</param-name> >>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>proxyReceptorUrl</param-name> >>>>>>>>>>>> <param-value>/proxy/receptor</param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>proxyCallbackUrl</param-name> >>>>>>>>>>>> <param-value> >>>>>>>>>>>> https://localhost:8443/WebAppB/proxy/receptor</param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>redirectAfterValidation</param-name> >>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> </filter> >>>>>>>>>>>> >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>CAS Authentication Filter</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>casServerLoginUrl</param-name> >>>>>>>>>>>> <param-value>https://localhost:8443/cas/login >>>>>>>>>>>> </param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>> </param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> <init-param> >>>>>>>>>>>> <param-name>gatewat</param-name> >>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>> </init-param> >>>>>>>>>>>> >>>>>>>>>>>> </filter> >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Leena >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Yale CAS mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Yale CAS mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Yale CAS mailing list >>>>>>>>> [email protected] >>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Yale CAS mailing list >>>>>>>> [email protected] >>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Yale CAS mailing list >>>>>>> [email protected] >>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Yale CAS mailing list >>>>>> [email protected] >>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
