What client were you using before this? I thought (and maybe I'm remembering incorrectly since I'm getting older ;-)) that we've always removed that attribute.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Oct 13, 2008 at 8:12 PM, Brendan Heywood <[EMAIL PROTECTED]>wrote: > Hi all, > > > > I am have just upgraded our dev CAS to 3.2 and upgrading some of our > clients to the cas-client-core-3.1.3.jar. Some of out app use gateway but I > don't seem to have it configured perfectly. If I turn gateway off then > everything works perfectly, but when I turn it on every time I access a page > it redirects to CAS checking for gateway even though it has already done it > and come back without a username. I've turned full debugging on in both the > app and the server and stepped through it using Firefox Tamper Data plug-in. > The servlet filter sets the session attribute so it doesn't create an > infinite loop of redirects but after it comes back from the CAS redirect it > sets this to null. I'd have thought it would keep it in session scope for > the duration of the session so it never checks CAS again? > > > > > https://www.ja-sig.org/svn/cas-clients/java-client/tags/cas-java-client-3-1-3-final/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java > > > > I thought it could be sessions id weren't being passed around properly but > that seems fine from looking at the session identifier logs below and from > tracking the cookies manually in FF. > > > > Any thoughts on what I've done wrong? > > > > > > I've provided my web.xml and a dump of the app logs below: > > > > To produce log this I access the app which responds with a form. I submit > the form (POST) but this gets swallowed by the filter and redirected to CAS > and comes back looking identical to the first fresh access. > > > > 2008-10-14 10:11:33,731 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 10:11:33,761 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and > no assertion found > > 2008-10-14 10:11:33,770 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - setting gateway > attribute in session > > 2008-10-14 10:11:33,771 DEBUG [org.jasig.cas.client.util.CommonUtils] - > serviceUrl generated: https://login-dev.une.edu.au/password/change/ > > 2008-10-14 10:11:33,774 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed > service url: https://login-dev.une.edu.au/password/change/ > > 2008-10-14 10:11:33,774 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to > " > https://login-dev.une.edu.au/login?service=https%3A%2F%2Flogin-dev.une.edu.au%2Fpassword%2Fchange%2F&gateway=true > " > > 2008-10-14 10:11:33,817 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 10:11:33,817 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - removing > gateway attribute from session > > 2008-10-14 10:11:33,828 DEBUG [au.edu.une.password.jsp.servlet.change] - > session attr null, request attr null > > 2008-10-14 10:11:33,847 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] – > Enter stage1 of form > > 2008-10-14 10:11:42,116 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 10:11:42,116 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and > no assertion found > > 2008-10-14 10:11:42,116 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - setting gateway > attribute in session > > 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.util.CommonUtils] - > serviceUrl generated: https://login-dev.une.edu.au/password/change/ > > 2008-10-14 10:11:42,116 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed > service url: https://login-dev.une.edu.au/password/change/ > > 2008-10-14 10:11:42,116 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to > " > https://login-dev.une.edu.au/login?service=https%3A%2F%2Flogin-dev.une.edu.au%2Fpassword%2Fchange%2F&gateway=true > " > > 2008-10-14 10:11:42,134 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 10:11:42,134 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - removing > gateway attribute from session > > 2008-10-14 10:11:42,146 DEBUG [au.edu.une.password.jsp.servlet.change] - > session attr null, request attr null > > 2008-10-14 10:11:42,167 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - > Enter stage1 of form > > > > > > In this log I am already authenticated with CAS and I still get the same > problem. The app knows who I am this time but it is still redirecting to CAS > on every access which swallows any POST submissions. > > > > 2008-10-14 11:08:08,669 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 11:08:08,670 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - removing > gateway attribute from session > > 2008-10-14 11:08:08,670 DEBUG [au.edu.une.password.jsp.servlet.change] - > session attr [EMAIL PROTECTED], > request attr null > > 2008-10-14 11:08:08,672 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - > Enter stage1 of form > > 2008-10-14 11:08:08,672 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - > Setting username from remoteUser='bheywood' > > 2008-10-14 11:08:09,881 DEBUG > [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session > identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 > > 2008-10-14 11:08:09,881 DEBUG > [org.jasig.cas.client.authentication.AuthenticationFilter] - removing > gateway attribute from session > > 2008-10-14 11:08:09,881 DEBUG [au.edu.une.password.jsp.servlet.change] - > session attr [EMAIL PROTECTED], > request attr null > > 2008-10-14 11:08:09,890 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - > Enter stage1 of form > > 2008-10-14 11:08:09,891 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - > Setting username from remoteUser='bheywood' > > > > > > Web.xml snippet: > > > > > > <filter> > > <filter-name>CAS Authentication Filter</filter-name> > > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > > <init-param> > > <param-name>casServerLoginUrl</param-name> > > <param-value>https://login-dev.une.edu.au/login</param-value> > > </init-param> > > <init-param> > > <param-name>serverName</param-name> > > <param-value>login-dev.une.edu.au</param-value> > > </init-param> > > <init-param> > > <param-name>gateway</param-name> > > <param-value>true</param-value> > > </init-param> > > </filter> > > > > <filter> > > <filter-name>CAS Validation Filter</filter-name> > > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > > <init-param> > > <param-name>casServerUrlPrefix</param-name> > > <param-value>https://login-dev.une.edu.au</param-value> > > </init-param> > > <init-param> > > <param-name>serverName</param-name> > > <param-value>login-dev.une.edu.au</param-value> > > </init-param> > > <init-param> > > <param-name>redirectAfterValidation</param-name> > > <param-value>false</param-value> > > </init-param> > > <init-param> > > <param-name>useSession</param-name> > > <param-value>true</param-value> > > </init-param> > > </filter> > > > > <filter> > > <filter-name>CAS Single Sign Out Filter</filter-name> > > > <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> > > </filter> > > > > <filter> > > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> > > </filter> > > > > … > > > > <filter-mapping> > > <filter-name>CAS Single Sign Out Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > <filter-mapping> > > <filter-name>CAS Authentication Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > <filter-mapping> > > <filter-name>CAS Validation Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > <filter-mapping> > > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > > <url-pattern>/*</url-pattern> > > </filter-mapping> > > > > > > > > > > > > > > > > cheers > > Brendan > > > > Web Group Analyst > > Information Technology Directorate > > University of New England > > P: 6773 2229 > > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
