You need to look at the documentation for the correct CAS client. Spring Security, JASIG CAS Client for Java, and Yale CAS Client all provide documentation related to their specific Java classes.
No, CasProxyServlet is not in the JASIG Cas Client for Java nor is it in Spring Security 2.0.x -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Oct 2, 2008 at 1:54 PM, Leena Borle <[EMAIL PROTECTED]> wrote: > Continueing .. > Do I need to include CasProxyServlet ? I thought it is in Cas-client 2.1 > distribution. Is it the same configuration for 3.1 ?? > Leena > > > On Thu, Oct 2, 2008 at 9:56 AM, Leena Borle <[EMAIL PROTECTED]> wrote: > >> >> >> On Thu, Oct 2, 2008 at 6:36 AM, Scott Battaglia < >> [EMAIL PROTECTED]> wrote: >> >>> The only reason it wouldn't be called is if the callback never actually >>> makes it to the CAS client. >>> >>> Could you please give little explanation for this. Could it be >>> because of Spring Security layer. I don't see anyhting different in my >>> configuration. Does anyone have sample of CAS Client 3.1 proxy settings for >>> Spring security 2.0 ? I would appreciate any help. >>> >>> -Scott >>> >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>> >>> >>> On Thu, Oct 2, 2008 at 1:02 AM, Leena Borle <[EMAIL PROTECTED]> wrote: >>> >>>> Hi, >>>> After lot of debugging, I noticed that after successful logging, >>>> ProxyGrantingTicketStorageImpl.save() method never gets called even if, >>>> client receives PGTIOU & PGT from the server. That is why I do not find >>>> proxy ticket to send with Httpclient request. I wonder what could be the >>>> reason? >>>> >>>> Leena >>>> >>>> >>>> On Tue, Sep 30, 2008 at 11:36 AM, Scott Battaglia < >>>> [EMAIL PROTECTED]> wrote: >>>> >>>>> It probably means you either don't have something configured at that >>>>> end point or CAS doesn't trust that certificate. >>>>> >>>>> -Scott >>>>> >>>>> -Scott Battaglia >>>>> PGP Public Key Id: 0x383733AA >>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>> >>>>> >>>>> On Tue, Sep 30, 2008 at 2:20 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>> >>>>>> Hi Scott, >>>>>> Sorry to bother you again. I looked at server log and it does throw >>>>>> TicketException. >>>>>> >>>>>> 2008-09-30 11:09:48,524 ERROR >>>>>> [org.jasig.cas.web.ServiceValidateController] - TicketException >>>>>> generating >>>>>> ticket for: [callbackUrl: >>>>>> https://localhost:8443/webappA/proxy/receptor] >>>>>> org.jasig.cas.ticket.TicketCreationException: >>>>>> error.authentication.credentials.bad >>>>>> at >>>>>> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:291) >>>>>> at >>>>>> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:126) >>>>>> ........................ >>>>>> >>>>>> I'm confused about this url- /proxy/receptor. Is this a physical url >>>>>> that I need to create in my web-app and what should exist there? I tried >>>>>> to >>>>>> find the answer in the documentation but still not clear about it. >>>>>> >>>>>> Thanks, >>>>>> Leena >>>>>> >>>>>> >>>>>> On Mon, Sep 29, 2008 at 12:47 PM, Scott Battaglia < >>>>>> [EMAIL PROTECTED]> wrote: >>>>>> >>>>>>> You should look in your CAS server log. >>>>>>> >>>>>>> -Scott >>>>>>> >>>>>>> -Scott Battaglia >>>>>>> PGP Public Key Id: 0x383733AA >>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>> >>>>>>> >>>>>>> On Mon, Sep 29, 2008 at 2:28 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> Only thing I see in the Cas client log is that, after I log in as >>>>>>>> the user, I get following messages, >>>>>>>> 2008-09-29 11:15:54,158 DEBUG >>>>>>>> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] Server >>>>>>>> response: <cas:serviceResponse xmlns:cas=' >>>>>>>> http://www.yale.edu/tp/cas'> >>>>>>>> <cas:authenticationSuccess> >>>>>>>> <cas:user>leena</cas:user> >>>>>>>> >>>>>>>> >>>>>>>> </cas:authenticationSuccess> >>>>>>>> </cas:serviceResponse> >>>>>>>> >>>>>>>> *2008-09-29 11:15:54,171 INFO >>>>>>>> [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] No Proxy >>>>>>>> Ticket >>>>>>>> found for * >>>>>>>> It does not display any user name for the message -"*No Proxy >>>>>>>> Ticket found for". >>>>>>>> *Then when I try to access* *url using HttpClient, >>>>>>>> >>>>>>>> *2008-09-29 11:16:03,322 DEBUG >>>>>>>> [org.jasig.cas.client.authentication.AttributePrincipalImpl] No >>>>>>>> ProxyGrantingTicket was supplied, so no Proxy Ticket can be retrieved. >>>>>>>> * >>>>>>>> Leena >>>>>>>> >>>>>>>> >>>>>>>> On Sat, Sep 27, 2008 at 7:33 AM, Scott Battaglia < >>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>> >>>>>>>>> Have you looked at your CAS log at all in DEBUG level logging to >>>>>>>>> see if it has any error messages? >>>>>>>>> -Scott Battaglia >>>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Sep 26, 2008 at 4:21 PM, Leena Borle <[EMAIL PROTECTED]>wrote: >>>>>>>>> >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> Sorry, my mistake. As url- /proxy/receptor did not work, I tried >>>>>>>>>> giving complete url path which should have been >>>>>>>>>> https://localhost:8443/... >>>>>>>>>> Even after changing the port, I still get the same message.. >>>>>>>>>> Leena >>>>>>>>>> >>>>>>>>>> On Fri, Sep 26, 2008 at 12:33 PM, Scott Battaglia < >>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>> >>>>>>>>>>> Is 8080 your https or your http port? It seems like its both in >>>>>>>>>>> the configuration. >>>>>>>>>>> >>>>>>>>>>> -Scott >>>>>>>>>>> >>>>>>>>>>> -Scott Battaglia >>>>>>>>>>> PGP Public Key Id: 0x383733AA >>>>>>>>>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Fri, Sep 26, 2008 at 3:25 PM, Leena Borle <[EMAIL >>>>>>>>>>> PROTECTED]>wrote: >>>>>>>>>>> >>>>>>>>>>>> Hi Scott, >>>>>>>>>>>> As per your email, I configured web.xml and >>>>>>>>>>>> applicationContext.xml for proxying. But when I call >>>>>>>>>>>> ..principal.getProxyTicketFor(), I am getting error "No >>>>>>>>>>>> ProxyGrantingTicket >>>>>>>>>>>> was supplied, so no Proxy Ticket can be retrieved". >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Thanks, >>>>>>>>>>>> Leena >>>>>>>>>>>> >>>>>>>>>>>> Here is snippet from my applicationContext.xml which is similar >>>>>>>>>>>> to the one provided in cas-sample of spring-security. >>>>>>>>>>>> <sec:http entry-point-ref="casProcessingFilterEntryPoint" > >>>>>>>>>>>> <sec:intercept-url pattern="/user/*.action" >>>>>>>>>>>> access="ROLE_USER" /> >>>>>>>>>>>> <sec:logout logout-success-url="/cas-logout.jsp"/> >>>>>>>>>>>> </sec:http> >>>>>>>>>>>> >>>>>>>>>>>> <sec:authentication-manager alias="authenticationManager"/> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casProcessingFilter" >>>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilter"> >>>>>>>>>>>> <sec:custom-filter after="CAS_PROCESSING_FILTER"/> >>>>>>>>>>>> <property name="authenticationManager" >>>>>>>>>>>> ref="authenticationManager"/> >>>>>>>>>>>> <property name="authenticationFailureUrl" value=" >>>>>>>>>>>> http://localhost:8080/cas/authorizationFailure.jsp"/> >>>>>>>>>>>> <property name="defaultTargetUrl" value="/"/> >>>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>>> <property name="proxyReceptorUrl" value=" >>>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casProcessingFilterEntryPoint" >>>>>>>>>>>> class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> >>>>>>>>>>>> <property name="loginUrl" value=" >>>>>>>>>>>> https://localhost:8443/cas/login"/> >>>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>>> ref="serviceProperties"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="casAuthenticationProvider" >>>>>>>>>>>> class="org.springframework.security.providers.cas.CasAuthenticationProvider"> >>>>>>>>>>>> <sec:custom-authentication-provider /> >>>>>>>>>>>> <property name="userDetailsService" >>>>>>>>>>>> ref="userCasService"/> >>>>>>>>>>>> <property name="serviceProperties" >>>>>>>>>>>> ref="serviceProperties" /> >>>>>>>>>>>> <property name="ticketValidator"> >>>>>>>>>>>> <bean >>>>>>>>>>>> class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> >>>>>>>>>>>> <!-- >>>>>>>>>>>> tried ProxyTicketValidator too --> >>>>>>>>>>>> <constructor-arg index="0" value=" >>>>>>>>>>>> https://localhost:8443/cas"; /> >>>>>>>>>>>> <property name="proxyGrantingTicketStorage" >>>>>>>>>>>> ref="proxyGrantingTicketStorage" /> >>>>>>>>>>>> <property name="proxyCallbackUrl" value=" >>>>>>>>>>>> https://localhost:8080/webappA/proxy/receptor"; /> >>>>>>>>>>>> <!-- property name="acceptAnyProxy" >>>>>>>>>>>> value="true" --> >>>>>>>>>>>> >>>>>>>>>>>> </bean> >>>>>>>>>>>> </property> >>>>>>>>>>>> <property name="key" >>>>>>>>>>>> value="an_id_for_this_auth_provider_only"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="proxyGrantingTicketStorage" >>>>>>>>>>>> class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" >>>>>>>>>>>> /> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="serviceProperties" >>>>>>>>>>>> class="org.springframework.security.ui.cas.ServiceProperties"> >>>>>>>>>>>> <property name="service" value=" >>>>>>>>>>>> https://localhost:8443/webappA/j_spring_cas_security_check"/> >>>>>>>>>>>> <property name="sendRenew" value="false"/> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> <bean id="userCasService" class=""> >>>>>>>>>>>> <property name="dataSource" ref="dataSource" /> >>>>>>>>>>>> </bean> >>>>>>>>>>>> >>>>>>>>>>>> ................ Web.xml of application A --------- >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> >>>>>>>>>>>> </filter> >>>>>>>>>>>> <filter-mapping> >>>>>>>>>>>> <filter-name>springSecurityFilterChain</filter-name> >>>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>>> </filter-mapping> >>>>>>>>>>>> >>>>>>>>>>>> <filter> >>>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>>> Filter</filter-name> >>>>>>>>>>>> >>>>>>>>>>>> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class> >>>>>>>>>>>> </filter> >>>>>>>>>>>> <filter-mapping> >>>>>>>>>>>> <filter-name>CAS Assertion Thread Local >>>>>>>>>>>> Filter</filter-name> >>>>>>>>>>>> <url-pattern>/*</url-pattern> >>>>>>>>>>>> </filter-mapping> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Sep 25, 2008 at 10:28 PM, Leena Borle < >>>>>>>>>>>> [EMAIL PROTECTED]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> Hello, >>>>>>>>>>>>> I have 2 webapplications, say webappA and webappB. WebappA >>>>>>>>>>>>> has Cas-Java client 3.1.3 with spring security-2.0.3 setup. >>>>>>>>>>>>> WebappB has >>>>>>>>>>>>> Cas-java client 3.1.3 configured in web.xml setup. Cas server is >>>>>>>>>>>>> Cas3.3. All >>>>>>>>>>>>> these applications work fine when I call them from the browser. >>>>>>>>>>>>> But actually what I want to do is, in webappA, I have >>>>>>>>>>>>> HttpClient, that needs to access some data from webappB. This is >>>>>>>>>>>>> where I am >>>>>>>>>>>>> stuck. I added proxy-support in web.xml of webappB according to >>>>>>>>>>>>> the >>>>>>>>>>>>> instruction. How do I obtain proxy-ticket to pass it to url( >>>>>>>>>>>>> http://localhost:8080/webappB/...?ticket=...) of webappB? I >>>>>>>>>>>>> do have access to spring's CasAuthentication Object whose >>>>>>>>>>>>> credentials >>>>>>>>>>>>> contain service ticket for webappA. How do I generate >>>>>>>>>>>>> proxy-ticket from it? >>>>>>>>>>>>> If I pass this same ticket to the url, I get "Invalid Ticket" >>>>>>>>>>>>> message from >>>>>>>>>>>>> the Cas server. >>>>>>>>>>>>> Is there any proxy example available for Cas-client 3.1. >>>>>>>>>>>>> >>>>>>>>>>>>> web.xml for WebAppB is as follows. >>>>>>>>>>>>> >>>>>>>>>>>>> <filter> >>>>>>>>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>>>>>>>> <param-value>https://localhost:8443/cas >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>acceptAnyProxy</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>proxyReceptorUrl</param-name> >>>>>>>>>>>>> <param-value>/proxy/receptor</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>proxyCallbackUrl</param-name> >>>>>>>>>>>>> <param-value> >>>>>>>>>>>>> https://localhost:8443/WebAppB/proxy/receptor</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> >>>>>>>>>>>>> <param-name>redirectAfterValidation</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> </filter> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter> >>>>>>>>>>>>> <filter-name>CAS Authentication Filter</filter-name> >>>>>>>>>>>>> >>>>>>>>>>>>> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>casServerLoginUrl</param-name> >>>>>>>>>>>>> <param-value>https://localhost:8443/cas/login >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>serverName</param-name> >>>>>>>>>>>>> <param-value>http://localhost:8080 >>>>>>>>>>>>> </param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> <init-param> >>>>>>>>>>>>> <param-name>gatewat</param-name> >>>>>>>>>>>>> <param-value>true</param-value> >>>>>>>>>>>>> </init-param> >>>>>>>>>>>>> >>>>>>>>>>>>> </filter> >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks, >>>>>>>>>>>>> Leena >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> _______________________________________________ >>>>>>>>>>>> Yale CAS mailing list >>>>>>>>>>>> [email protected] >>>>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> Yale CAS mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> _______________________________________________ >>>>>>>>>> Yale CAS mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> _______________________________________________ >>>>>>>>> Yale CAS mailing list >>>>>>>>> [email protected] >>>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> Yale CAS mailing list >>>>>>>> [email protected] >>>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Yale CAS mailing list >>>>>>> [email protected] >>>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> Yale CAS mailing list >>>>>> [email protected] >>>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Yale CAS mailing list >>>>> [email protected] >>>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> Yale CAS mailing list >>>> [email protected] >>>> http://tp.its.yale.edu/mailman/listinfo/cas >>>> >>>> >>> >>> _______________________________________________ >>> Yale CAS mailing list >>> [email protected] >>> http://tp.its.yale.edu/mailman/listinfo/cas >>> >>> >> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
