Re: [cas-user] Gateway feature
Hi, It should work as you returned to your application with a service ticket. Don't you have something relevant in your logs? Would you mind enabling logs on org.jasig.cas? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-28 9:55 GMT+02:00 Baldur Dae baldur@gmail.com: Hi, I'm using CAS distribution based on version 3.4.1. So far client webapps have used CAS in non gateway mode. I'd like to configure gateway mode for a new webapp which serves public pages. However I can't make it run correctly. I paste my current configuration. *web.xml:* filter filter-nameCAS Authentication Filter/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/filter-class init-param param-nametargetBeanName/param-name param-valuecasAuthenticationFilter/param-value /init-param /filter *casAuthenticationFilter Spring bean:* bean id=casAuthenticationFilter class=org.jasig.cas.client.authentication.Saml11AuthenticationFilter property name=casServerLoginUrl value=https://server/sso/login; / property name=serverName value=https://client/; / property name=gateway value=true / /bean The result is OK when the user isn't logged in but when the user has a validated CAS session it doesn't show user information. Resulting flow is like this: - User goes to /portal/cms (webapp in gateway mode) - Browser gets a redirect (302) to /cas/login ?service=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcmsgateway=true - Browser gets a new redirect (302) to /portal/cms/aa?ticket=ST-35-4GbGiDc... - The process stops here but there's no user information available Please help me, I can't figure out what I'm doing wrong Thanks very much -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Gateway feature
Thank you very much for your quick response. For the time being, I only get the following log: [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-12-XX] for service [https://localhost:8043/portal/cms] for user [baldur] 2014-08-28 10:47:10,648 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: baldur WHAT:ST-12-XX for https://localhost:8043/portal/cms ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS Checking my log configuration again... 2014-08-28 10:15 GMT+02:00 Jérôme LELEU lel...@gmail.com: Hi, It should work as you returned to your application with a service ticket. Don't you have something relevant in your logs? Would you mind enabling logs on org.jasig.cas? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-28 9:55 GMT+02:00 Baldur Dae baldur@gmail.com: Hi, I'm using CAS distribution based on version 3.4.1. So far client webapps have used CAS in non gateway mode. I'd like to configure gateway mode for a new webapp which serves public pages. However I can't make it run correctly. I paste my current configuration. *web.xml:* filter filter-nameCAS Authentication Filter/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/filter-class init-param param-nametargetBeanName/param-name param-valuecasAuthenticationFilter/param-value /init-param /filter *casAuthenticationFilter Spring bean:* bean id=casAuthenticationFilter class=org.jasig.cas.client.authentication.Saml11AuthenticationFilter property name=casServerLoginUrl value= https://server/sso/login; / property name=serverName value=https://client/; / property name=gateway value=true / /bean The result is OK when the user isn't logged in but when the user has a validated CAS session it doesn't show user information. Resulting flow is like this: - User goes to /portal/cms (webapp in gateway mode) - Browser gets a redirect (302) to /cas/login ?service=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcmsgateway=true - Browser gets a new redirect (302) to /portal/cms/aa?ticket=ST-35-4GbGiDc... - The process stops here but there's no user information available Please help me, I can't figure out what I'm doing wrong Thanks very much -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: baldur@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Gateway feature
I meant: your logs on the CAS client / application side, to see if the service ticket has been properly validated. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-28 10:54 GMT+02:00 Baldur Dae baldur@gmail.com: Thank you very much for your quick response. For the time being, I only get the following log: [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-12-XX] for service [https://localhost:8043/portal/cms] for user [baldur] 2014-08-28 10:47:10,648 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: baldur WHAT:ST-12-XX for https://localhost:8043/portal/cms ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS Checking my log configuration again... 2014-08-28 10:15 GMT+02:00 Jérôme LELEU lel...@gmail.com: Hi, It should work as you returned to your application with a service ticket. Don't you have something relevant in your logs? Would you mind enabling logs on org.jasig.cas? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-28 9:55 GMT+02:00 Baldur Dae baldur@gmail.com: Hi, I'm using CAS distribution based on version 3.4.1. So far client webapps have used CAS in non gateway mode. I'd like to configure gateway mode for a new webapp which serves public pages. However I can't make it run correctly. I paste my current configuration. *web.xml:* filter filter-nameCAS Authentication Filter/filter-name filter-classorg.springframework.web.filter.DelegatingFilterProxy/filter-class init-param param-nametargetBeanName/param-name param-valuecasAuthenticationFilter/param-value /init-param /filter *casAuthenticationFilter Spring bean:* bean id=casAuthenticationFilter class=org.jasig.cas.client.authentication.Saml11AuthenticationFilter property name=casServerLoginUrl value= https://server/sso/login; / property name=serverName value=https://client/; / property name=gateway value=true / /bean The result is OK when the user isn't logged in but when the user has a validated CAS session it doesn't show user information. Resulting flow is like this: - User goes to /portal/cms (webapp in gateway mode) - Browser gets a redirect (302) to /cas/login ?service=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcmsgateway=true - Browser gets a new redirect (302) to /portal/cms/aa?ticket=ST-35-4GbGiDc... - The process stops here but there's no user information available Please help me, I can't figure out what I'm doing wrong Thanks very much -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: baldur@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Gateway feature
Hi Jérôme, I've reset my configuration and get rid of Spring DelegatingFilterProxy in web.xml. So now this is the only change in web.xml: filter filter-nameCAS Authentication Filter/filter-name *init-param param-namegateway/param-name param-valuetrue/param-value/init-param * And voila, it works fine. The only issue is when the user hasn't logged yet. In this case the browser always get redirected with the TARGET parameter in the url but this is a minor problem. Thank you very much for your help. I was really stuck... BTW, here's the log: 12:07:39,832 org.jasig.cas.client.session.SingleSignOutFilter TRACE: Ignoring URI /portal/cms/aa 12:07:39,833 org.jasig.cas.client.util.CommonUtils DEBUG: serviceUrl generated: https://localhost:8043/portal/cms/aa 12:07:39,833 org.jasig.cas.client.authentication.AuthenticationFilter DEBUG: no ticket and no assertion found 12:07:39,833 org.jasig.cas.client.authentication.AuthenticationFilter DEBUG: setting gateway attribute in session 12:07:39,833 org.jasig.cas.client.authentication.AuthenticationFilter DEBUG: Constructed service url: https://localhost:8043/portal/cms/aa 12:07:39,834 org.jasig.cas.client.authentication.AuthenticationFilter DEBUG: redirecting to https://cas.dev.server.org:444/cas/login?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcms%2Faagateway=true 12:07:39,854 org.jasig.cas.client.session.SingleSignOutHandler DEBUG: Recording session for token AAFSsPYAkNKN6Mb0Q6Li8D8gawrtLNmfJ9BTNMav6OOBw47o6YsDPr8W 12:07:39,855 org.jasig.cas.client.session.HashMapBackedSessionMappingStorage DEBUG: Attempting to remove Session=[727EC7E0A0099D4FA8D4F5188402FB56 12:07:39,855 org.jasig.cas.client.session.HashMapBackedSessionMappingStorage DEBUG: No mapping for session found. Ignoring. 12:07:39,855 org.jasig.cas.client.util.CommonUtils DEBUG: serviceUrl generated: https://localhost:8043/portal/cms/aa?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcms%2Faa 12:07:39,855 org.jasig.cas.client.validation.AbstractTicketValidationFilter DEBUG: Attempting to validate ticket: AAFSsPYAkNKN6Mb0Q6Li8D8gawrtLNmfJ9BTNMav6OOBw47o6YsDPr8W 12:07:39,855 org.jasig.cas.client.util.CommonUtils DEBUG: serviceUrl generated: https://localhost:8043/portal/cms/aa?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcms%2Faa 12:07:39,855 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Placing URL parameters in map. 12:07:39,855 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Calling template URL attribute map. 12:07:39,855 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Loading custom parameters from configuration. 12:07:39,856 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Constructing validation url: https://cas.dev.server.org:444/cas/samlValidate?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcms%2Faa%3FTARGET%3Dhttps%253A%252F%252Flocalhost%253A8043%252Fportal%252Fcms%252Faa 12:07:39,856 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Retrieving response from server. 12:07:39,885 org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator DEBUG: Server response: ?xml version=1.0 encoding=UTF-8?SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/ SOAP-ENV:Bodysaml1p:Response. 12:07:39,901 org.jasig.cas.client.validation.AbstractTicketValidationFilter DEBUG: Successfully authenticated user: baldur 12:07:39,901 org.jasig.cas.client.validation.AbstractTicketValidationFilter DEBUG: Redirecting after successful ticket validation. 12:07:39,901 org.jasig.cas.client.util.CommonUtils DEBUG: serviceUrl generated: https://localhost:8043/portal/cms/aa?TARGET=https%3A%2F%2Flocalhost%3A8043%2Fportal%2Fcms%2Faa 12:07:39,904 org.jasig.cas.client.session.SingleSignOutFilter TRACE: Ignoring URI /portal/cms/aa 2014-08-28 11:35 GMT+02:00 Jérôme LELEU lel...@gmail.com: I meant: your logs on the CAS client / application side, to see if the service ticket has been properly validated. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-08-28 10:54 GMT+02:00 Baldur Dae baldur@gmail.com: Thank you very much for your quick response. For the time being, I only get the following log: [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-12-XX] for service [https://localhost:8043/portal/cms] for user [baldur] 2014-08-28 10:47:10,648 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN = WHO: baldur WHAT:ST-12-XX for https://localhost:8043/portal/cms ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS Checking my log configuration again... 2014-08-28 10:15 GMT+02:00 Jérôme LELEU lel...@gmail.com: Hi, It should