Hi Scott, Before that we were using various clients. We've used quite a few different versions over time including the Yale and the jasig and using the taglib version and the filter versions. I'd imagine that the session attribute should never be removed. If the gateway attribute is set but the principal is null then I'd interpret that as being in 'anonymous mode'. It looks like all the 3.x versions remove the session attribute.
I've just done a quick test and added this to my header.jsp <c:set var="_const_cas_gateway_" scope="session" value="anything" /> And it behaves perfectly without the redundant redirects. cheers Brendan Web Group Analyst Information Technology Directorate University of New England P: 6773 2229 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: Tuesday, 14 October 2008 1:41 PM To: Yale CAS mailing list Subject: Re: Gateway config issue with java 3.1.3 client What client were you using before this? I thought (and maybe I'm remembering incorrectly since I'm getting older ;-)) that we've always removed that attribute. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Oct 13, 2008 at 8:12 PM, Brendan Heywood <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hi all, I am have just upgraded our dev CAS to 3.2 and upgrading some of our clients to the cas-client-core-3.1.3.jar. Some of out app use gateway but I don't seem to have it configured perfectly. If I turn gateway off then everything works perfectly, but when I turn it on every time I access a page it redirects to CAS checking for gateway even though it has already done it and come back without a username. I've turned full debugging on in both the app and the server and stepped through it using Firefox Tamper Data plug-in. The servlet filter sets the session attribute so it doesn't create an infinite loop of redirects but after it comes back from the CAS redirect it sets this to null. I'd have thought it would keep it in session scope for the duration of the session so it never checks CAS again? https://www.ja-sig.org/svn/cas-clients/java-client/tags/cas-java-client-3-1-3-final/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java I thought it could be sessions id weren't being passed around properly but that seems fine from looking at the session identifier logs below and from tracking the cookies manually in FF. Any thoughts on what I've done wrong? I've provided my web.xml and a dump of the app logs below: To produce log this I access the app which responds with a form. I submit the form (POST) but this gets swallowed by the filter and redirected to CAS and comes back looking identical to the first fresh access. 2008-10-14 10:11:33,731 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 10:11:33,761 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and no assertion found 2008-10-14 10:11:33,770 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - setting gateway attribute in session 2008-10-14 10:11:33,771 DEBUG [org.jasig.cas.client.util.CommonUtils] - serviceUrl generated: https://login-dev.une.edu.au/password/change/ 2008-10-14 10:11:33,774 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed service url: https://login-dev.une.edu.au/password/change/ 2008-10-14 10:11:33,774 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to "https://login-dev.une.edu.au/login?service=https%3A%2F%2Flogin-dev.une.edu.au%2Fpassword%2Fchange%2F&gateway=true"; 2008-10-14 10:11:33,817 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 10:11:33,817 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - removing gateway attribute from session 2008-10-14 10:11:33,828 DEBUG [au.edu.une.password.jsp.servlet.change] - session attr null, request attr null 2008-10-14 10:11:33,847 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Enter stage1 of form 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - no ticket and no assertion found 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - setting gateway attribute in session 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.util.CommonUtils] - serviceUrl generated: https://login-dev.une.edu.au/password/change/ 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - Constructed service url: https://login-dev.une.edu.au/password/change/ 2008-10-14 10:11:42,116 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - redirecting to "https://login-dev.une.edu.au/login?service=https%3A%2F%2Flogin-dev.une.edu.au%2Fpassword%2Fchange%2F&gateway=true"; 2008-10-14 10:11:42,134 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 10:11:42,134 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - removing gateway attribute from session 2008-10-14 10:11:42,146 DEBUG [au.edu.une.password.jsp.servlet.change] - session attr null, request attr null 2008-10-14 10:11:42,167 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Enter stage1 of form In this log I am already authenticated with CAS and I still get the same problem. The app knows who I am this time but it is still redirecting to CAS on every access which swallows any POST submissions. 2008-10-14 11:08:08,669 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 11:08:08,670 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - removing gateway attribute from session 2008-10-14 11:08:08,670 DEBUG [au.edu.une.password.jsp.servlet.change] - session attr [EMAIL PROTECTED], request attr null 2008-10-14 11:08:08,672 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Enter stage1 of form 2008-10-14 11:08:08,672 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Setting username from remoteUser='bheywood' 2008-10-14 11:08:09,881 DEBUG [org.jasig.cas.client.session.SingleSignOutFilter] - Storing session identifier for 5B4C76C81A2E3E1CB86B7AAA40A14162 2008-10-14 11:08:09,881 DEBUG [org.jasig.cas.client.authentication.AuthenticationFilter] - removing gateway attribute from session 2008-10-14 11:08:09,881 DEBUG [au.edu.une.password.jsp.servlet.change] - session attr [EMAIL PROTECTED], request attr null 2008-10-14 11:08:09,890 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Enter stage1 of form 2008-10-14 11:08:09,891 DEBUG [au.edu.une.password.jsp.WEB-INF.stage1] - Setting username from remoteUser='bheywood' Web.xml snippet: <filter> <filter-name>CAS Authentication Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://login-dev.une.edu.au/login</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>login-dev.une.edu.au<http://login-dev.une.edu.au></param-value> </init-param> <init-param> <param-name>gateway</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS Validation Filter</filter-name> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> <init-param> <param-name>casServerUrlPrefix</param-name> <param-value>https://login-dev.une.edu.au</param-value> </init-param> <init-param> <param-name>serverName</param-name> <param-value>login-dev.une.edu.au<http://login-dev.une.edu.au></param-value> </init-param> <init-param> <param-name>redirectAfterValidation</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>useSession</param-name> <param-value>true</param-value> </init-param> </filter> <filter> <filter-name>CAS Single Sign Out Filter</filter-name> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> </filter> <filter> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> </filter> ... <filter-mapping> <filter-name>CAS Single Sign Out Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Authentication Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS Validation Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> cheers Brendan Web Group Analyst Information Technology Directorate University of New England P: 6773 2229 _______________________________________________ Yale CAS mailing list [email protected]<mailto:[email protected]> http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
