Hi again. I changed the log level to DEBUG and got the following log. I
can't find any mentions of errors or failures. The last rows of the log,
from "Action 'InitialFlowSetupAction' beginning execution" to "Action
'GenerateServiceTicketAction' completed execution; result is 'success'"
keep on repeating (as the browser is redirected, i presume). Could this
be caused by the setup of apps, as I have confluence at root level at
https://www.example.com/ and cas at
https://www.example.com/cas-server-webapp-3.3.1/ ?
The soulwing/confluence configurations are minimally modified from the
ones presented at soulwing site. Minimally as in I've changed
confluence's web.xml to have
casServerUrl->https://example.com/cas-server-webapp-3.3.1 and
casServiceUrl->https://example.com .
I might consider using the JASIG Cas Client instead of soulwing, but did
Scott's last message mean it won't work with Jira before the 3.1.5
release? When is that scheduled to be released?
The log follows:
2008-12-18 11:35:07,710 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' beginning execution>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing
form object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
scope Flow>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property
editor registrar set, no custom editors to register>
2008-12-18 11:35:07,728 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed
request parameters in map['lt' ->
'_c33FDA2F2-B35A-08A2-9490-CE12DA55BBA3_k329C7DD3-0454-C045-3015-90BD89DE9AEB',
'service' -> 'https://example.com/', '_eventId' -> 'submit', 'password'
-> 'xxxxxx', 'submit' -> 'LOGIN', 'username' -> 'me'] to form object
with name 'credentials', pre-bind formObject toString = [username: null]>
2008-12-18 11:35:07,728 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is
allowed)>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding
completed for form object with name 'credentials', post-bind formObject
toString = [username: me]>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
errors, details: []>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing
validation>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking
validator
org.jasig.cas.validation.usernamepasswordcredentialsvalida...@19bb21f>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation
completed for form object>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
errors, details: []>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form
errors instance in scope Flash>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is 'success'>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' beginning execution>
2008-12-18 11:35:07,769 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing
form object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
scope Flow>
2008-12-18 11:35:07,769 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
TicketGrantingTicket for [username: me]>
2008-12-18 11:35:07,849 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials:
[username: me]>
2008-12-18 11:35:07,850 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Attempting to resolve a principal...>
2008-12-18 11:35:07,850 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Creating SimplePrincipal for [me]>
2008-12-18 11:35:07,856 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] to registry.>
2008-12-18 11:35:07,856 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is 'success'>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' beginning execution>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added
cookie with name [CASTGC] and value
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket
[TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas] from
registry.>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:07,858 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:07,859 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:07,859 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:07,860 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] to registry.>
2008-12-18 11:35:07,860 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:07,860 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,172 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,176 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,187 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
2008-12-18 11:35:08,187 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' completed execution; result is 'success'>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:08,208 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-2-N6GJpWo5PHWLbucyeKyz-cas] to registry.>
2008-12-18 11:35:08,208 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-2-N6GJpWo5PHWLbucyeKyz-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:08,212 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' completed execution; result is 'success'>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-3-e1M7LpACeQiGV3cS5mBA-cas] to registry.>
2008-12-18 11:35:08,341 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-3-e1M7LpACeQiGV3cS5mBA-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
Iikku
Scott Battaglia wrote:
Is the ticket validation failing? Turning on DEBUG on the cas server
should indicate what's happening (also on the client side). Your
client might be incorrectly configured and redirecting if there is a
ticket failure.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Wed, Dec 17, 2008 at 10:36 AM, Iikku Mattila
<[email protected] <mailto:[email protected]>> wrote:
Thanks for the https tip! I changed my setup a bit, but only
encountered
new problems. I now have Apache frontend with mod_ssl proxying
requests
from https://example.com/ to ajp://localhost:8009/, which is where
tomcat is answering.
Now https://example.com/jira/ is redirected to the cas login screen,
where user enters correct username&password and here it gets
interesting: instead of logging in, the request goes into an
endless loop.
Apache access_log alternates between
"GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 -
"...
"GET
/cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F
HTTP/1.1" 302 - "...
and tomcat's catalina.out says
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted
service
ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service
[https://example.com/jira/] for user [me]>
about a ten times - which is when firefox stops the redirection cycle.
Retrying https://example.com/jira/ enters the redirection cycle
immediately.
Is it possible to get CAS working with this setup? Have I made
somekind
of obvious&common setup error, that somebody might have fixed for
themselves? Any ideas?
Iikku
Scott Battaglia wrote:
> Are you running CAS over HTTPS or HTTP? If you're running over
HTTP,
> then you won't get SSO.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila
<[email protected] <mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>>>
wrote:
>
> Hi,
> I have a (seemingly) working CAS installation with
> BindLdapAuthenticationHandler, setup like
> http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified
Confluence
> and Jira with Soulwing as per instructions on
> http://soulwing.org/confluence-cas.jsp and
> http://soulwing.org/jira-cas.jsp . When user logs on to
either of
> those
> apps, he's redirected to CAS login screen, he logs on
successfully and
> is redirected to the app. So all is okay with both individual
> applications. However, after the user has logged on to one
of the apps
> and tries to use the other, he is not logged in
automatically via CAS,
> but instead redirected to the CAS login screen, where he can
login
> normally with username/password.
>
> So there is no single sign on, but instead two individuals
logins both
> handled through CAS. I'd rather have the sso. Is there perhaps
> some kind
> of a switch that I've missed?
>
> Thanks,
> Iikku Mattila
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
************************************************************************
Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet
TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten
psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän
toiveidensa mukaisesti.
Toivotamme teille rauhallista joulunaikaa sekä menestystä
alkavalle vuodelle 2009!
************************************************************************
_______________________________________________
Yale CAS mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas
------------------------------------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
************************************************************************
Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet
TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten
psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän
toiveidensa mukaisesti.
Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle vuodelle
2009!
************************************************************************
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
