Hi, The version is spring-security-2.0.3 On Thu, Oct 2, 2008 at 11:08 AM, Scott Battaglia <[EMAIL PROTECTED]>wrote:
> Which version of Spring Security are you using? Proxy support was added in > one of the minor Spring Security revisions. Its built into the > CasProcessingFilter. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Thu, Oct 2, 2008 at 12:56 PM, Leena Borle <[EMAIL PROTECTED]> wrote: > >> >> >> On Thu, Oct 2, 2008 at 6:36 AM, Scott Battaglia < >> [EMAIL PROTECTED]> wrote: >> >>> The only reason it wouldn't be called is if the callback never actually >>> makes it to the CAS client. >>> >>> Could you please give little explanation for this. Could it be >>> because of Spring Security layer. I don't see anyhting different in my >>> configuration. Does anyone have sample of CAS Client 3.1 proxy settings for >>> Spring security 2.0 ? I would appreciate any help. >>> >>> -Scott >>> >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> >>> >>> On Thu, Oct 2, 2008 at 1:02 AM, Leena Borle <[EMAIL PROTECTED]> wrote: >>> >>>> Hi, >>>> After lot of debugging, I noticed that after successful logging, >>>> ProxyGrantingTicketStorageImpl.save() method never gets called even if, >>>> client receives PGTIOU & PGT from the server. That is why I do not find >>>> proxy ticket to send with Httpclient request. I wonder what could be the >>>> reason? >>>> >>>> Leena >>>> >>>> >>>> On Tue, Sep 30, 2008 at 11:36 AM, Scott Battaglia < >>>> [EMAIL PROTECTED]> wrote: >>>> >>>>> It probably means you either don't have something configured at that >>>>> end point or CAS doesn't trust that certificate. >>>>> >>>>> -Scott >>>>> >>>>> -Scott Battaglia >>>>> PGP Public Key Id: 0x383733AA >>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>> >>>>> >>>>> On Tue, Sep 30, 2008 at 2:20 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>> >>>>>> Hi Scott, >>>>>> Sorry to bother you again. I looked at server log and it does throw >>>>>> TicketException. >>>>>> >>>>>> 2008-09-30 11:09:48,524 ERROR >>>>>> [org.jasig.cas.web.ServiceValidateController] - TicketException >>>>>> generating >>>>>> ticket for: [callbackUrl: >>>>>> https://localhost:8443/webappA/proxy/receptor] >>>>>> org.jasig.cas.ticket.TicketCreationException: >>>>>> error.authentication.credentials.bad >>>>>> at >>>>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:291) >>>>>> at >>>>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) >>>>>> ........................ >>>>>> >>>>>> I'm confused about this url- /proxy/receptor. Is this a physical url >>>>>> that I need to create in my web-app and what should exist there? I tried >>>>>> to >>>>>> find the answer in the documentation but still not clear about it. >>>>>> >>>>>> Thanks, >>>>>> Leena >>>>>> >>>>>> >>>>>> On Mon, Sep 29, 2008 at 12:47 PM, Scott Battaglia < >>>>>> [EMAIL PROTECTED]> wrote: >>>>>> >>>>>>> You should look in your CAS server log. >>>>>>> >>>>>>> -Scott >>>>>>> >>>>>>> -Scott Battaglia >>>>>>> PGP Public Key Id: 0x383733AA >>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 29, 2008 at 2:28 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> Only thing I see in the Cas client log is that, after I log in as >>>>>>>> the user, I get following messages, >>>>>>>> 2008-09-29 11:15:54,158 DEBUG >>>>>>>> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Server >>>>>>>> response: <cas:serviceResponse xmlns:cas=' >>>>>>>> http://www.yale.edu/tp/cas'> >>>>>>>> <cas:authenticationSuccess> >>>>>>>> <cas:user>leena</cas:user> >>>>>>>> >>>>>>>> >>>>>>>> </cas:authenticationSuccess> >>>>>>>> </cas:serviceResponse> >>>>>>>> >>>>>>>> *2008-09-29 11:15:54,171 INFO >>>>>>>> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] No Proxy >>>>>>>> Ticket >>>>>>>> found for * >>>>>>>> It does not display any user name for the message -"*No Proxy >>>>>>>> Ticket found for". >>>>>>>> *Then when I try to access* *url using HttpClient, >>>>>>>> >>>>>>>> *2008-09-29 11:16:03,322 DEBUG >>>>>>>> [org.jasig.cas.client.authentication.AttributePrincipalImpl] No >>>>>>>> ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. >>>>>>>> * >>>>>>>> Leena >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Sep 27, 2008 at 7:33 AM, Scott Battaglia < >>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>> >>>>>>>>> Have you looked at your CAS log at all in DEBUG level logging to >>>>>>>>> see if it has any error messages? >>>>>>>>> -Scott Battaglia >>>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Sep 26, 2008 at 4:21 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> Sorry, my mistake. As url- /proxy/receptor did not work, I tried >>>>>>>>>> giving complete url path which should have been >>>>>>>>>> https://localhost:8443/... >>>>>>>>>> Even after changing the port, I still get the same message.. >>>>>>>>>> Leena >>>>>>>>>> >>>>>>>>>> On Fri, Sep 26, 2008 at 12:33 PM, Scott Battaglia < >>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>> >>>>>>>>>>> Is 8080 your https or your http port? It seems like its both in >>>>>>>>>>> the configuration. >>>>>>>>>>> >>>>>>>>>>> -Scott >>>>>>>>>>> >>>>>>>>>>> -Scott Battaglia >>>>>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, Sep 26, 2008 at 3:25 PM, Leena Borle <[EMAIL >>>>>>>>>>> PROTECTED]>wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Scott, >>>>>>>>>>>> As per your email, I configured web.xml and >>>>>>>>>>>> applicationContext.xml for proxying. But when I call >>>>>>>>>>>> ..principal.getProxyTicketFor(), I am getting error "No >>>>>>>>>>>> ProxyGrantingTicket >>>>>>>>>>>> was supplied, so no Proxy Ticket can be retrieved". >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Leena >>>>>>>>>>>> >>>>>>>>>>>> Here is snippet from my applicationContext.xml which is similar >>>>>>>>>>>> to the one provided in cas-sample of spring-security. >>>>>>>>>>>> <sec:http entry-point-ref="casProcessingFilterEntryPoint" > >>>>>>>>>>>> <sec:intercept-url pattern="/user/*.action" >>>>>>>>>>>> access="ROLE_USER" /> >>>>>>>>>>>> <sec:logout logout-success-url="/cas-logout.jsp"/> >>>>>>>>>>>> </sec:http> >>>>>>>>>>>> >>>>>>>>>>>> <sec:authentication-manager alias="authenticationManager"/> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casProcessingFilter" >>>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilter"> >>>>>>>>>>>> <sec:custom-filter after="CAS_PROCESSING_FILTER"/> >>>>>>>>>>>> <property name="authenticationManager" >>>>>>>>>>>> ref="authenticationManager"/> >>>>>>>>>>>> <property name="authenticationFailureUrl" value=" >>>>>>>>>>>> http://localhost:8080/cas/authorizationFailure.jsp"/> >>>>>>>>>>>> <property name="defaultTargetUrl" value="/"/> >>>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>>> <property name="proxyReceptorUrl" value=" >>>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casProcessingFilterEntryPoint" >>>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> >>>>>>>>>>>> <property name="loginUrl" value=" >>>>>>>>>>>> https://localhost:8443/cas/login"/> >>>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>>> ref="serviceProperties"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casAuthenticationProvider" >>>>>>>>>>>> class="org.springframework.security.providers.cas.CasAuthenticationProvider"> >>>>>>>>>>>> <sec:custom-authentication-provider /> >>>>>>>>>>>> <property name="userDetailsService" >>>>>>>>>>>> ref="userCasService"/> >>>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>>> ref="serviceProperties" /> >>>>>>>>>>>> <property name="ticketValidator"> >>>>>>>>>>>> <bean >>>>>>>>>>>> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> >>>>>>>>>>>> <!-- >>>>>>>>>>>> tried ProxyTicketValidator too --> >>>>>>>>>>>> <constructor-arg index="0" value=" >>>>>>>>>>>> https://localhost:8443/cas"; /> >>>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>>> <property name="proxyCallbackUrl" value=" >>>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>>> <!-- property name="acceptAnyProxy" >>>>>>>>>>>> value="true" --> >>>>>>>>>>>> >>>>>>>>>>>> </bean> >>>>>>>>>>>> </property> >>>>>>>>>>>> <property name="key" >>>>>>>>>>>> value="an_id_for_this_auth_provider_only"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="proxyGrantingTicketStorage" >>>>>>>>>>>> class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" >>>>>>>>>>>> /> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="serviceProperties" >>>>>>>>>>>> class="org.springframework.security.ui.cas.ServiceProperties"> >>>>>>>>>>>> <property name="service" value=" >>>>>>>>>>>> https://localhost:8443/webappA/j_spring_cas_security_check"/> >>>>>>>>>>>> <property name="sendRenew" value="false"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="userCasService" class=""> >>>>>>>>>>>> <property name="dataSource" ref="dataSource" /> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> ................ Web.xml of application A --------- >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>>>>>>>>>> </filter> >>>>>>>>>>>> <filter-mapping> >>>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>>> </filter-mapping> >>>>>>>>>>>> >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>>> Filter</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>>>>>>>>>>> </filter> >>>>>>>>>>>> <filter-mapping> >>>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>>> Filter</filter-name> >>>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>>> </filter-mapping> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Sep 25, 2008 at 10:28 PM, Leena Borle < >>>>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> I have 2 webapplications, say webappA and webappB. WebappA >>>>>>>>>>>>> has Cas-Java client 3.1.3 with spring security-2.0.3 setup. >>>>>>>>>>>>> WebappB has >>>>>>>>>>>>> Cas-java client 3.1.3 configured in web.xml setup. Cas server is >>>>>>>>>>>>> Cas3.3. All >>>>>>>>>>>>> these applications work fine when I call them from the browser. >>>>>>>>>>>>> But actually what I want to do is, in webappA, I have >>>>>>>>>>>>> HttpClient, that needs to access some data from webappB. This is >>>>>>>>>>>>> where I am >>>>>>>>>>>>> stuck. I added proxy-support in web.xml of webappB according to >>>>>>>>>>>>> the >>>>>>>>>>>>> instruction. How do I obtain proxy-ticket to pass it to url( >>>>>>>>>>>>> http://localhost:8080/webappB/...?ticket=...) of webappB? I >>>>>>>>>>>>> do have access to spring's CasAuthentication Object whose >>>>>>>>>>>>> credentials >>>>>>>>>>>>> contain service ticket for webappA. How do I generate >>>>>>>>>>>>> proxy-ticket from it? >>>>>>>>>>>>> If I pass this same ticket to the url, I get "Invalid Ticket" >>>>>>>>>>>>> message from >>>>>>>>>>>>> the Cas server. >>>>>>>>>>>>> Is there any proxy example available for Cas-client 3.1. >>>>>>>>>>>>> >>>>>>>>>>>>> web.xml for WebAppB is as follows. >>>>>>>>>>>>> >>>>>>>>>>>>> <filter> >>>>>>>>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>>>>>>>> <param-value>https://localhost:8443/cas >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>acceptAnyProxy</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>proxyReceptorUrl</param-name> >>>>>>>>>>>>> <param-value>/proxy/receptor</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>proxyCallbackUrl</param-name> >>>>>>>>>>>>> <param-value> >>>>>>>>>>>>> https://localhost:8443/WebAppB/proxy/receptor</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> >>>>>>>>>>>>> <param-name>redirectAfterValidation</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> </filter> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter> >>>>>>>>>>>>> <filter-name>CAS Authentication Filter</filter-name> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>casServerLoginUrl</param-name> >>>>>>>>>>>>> <param-value>https://localhost:8443/cas/login >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>gatewat</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> >>>>>>>>>>>>> </filter> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Leena >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Yale CAS mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Yale CAS mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Yale CAS mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Yale CAS mailing list >>>>>>>>> [email protected] >>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Yale CAS mailing list >>>>>>>> [email protected] >>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Yale CAS mailing list >>>>>>> [email protected] >>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Yale CAS mailing list >>>>>> [email protected] >>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
