Hello, initially I posted this question in StackOverflow "I'm trying to set up a SSO between a webapp and a REST API, to do this I'm using Apache Shiro + Jasig CAS but now I'm having a problem related to the authentication of the REST API. I'm using CASRealm + CASFilter in the Webapp and trying to use the session created there to access the REST API, I've tried 2 approaches:
propagating the CAS service ticket from the webapp to the REST API through the request header (does not work, it says the service ticket is invalid because it belongs to another app, maybe the TGT would work) store the username and password in the webapp and use them in http basic authentication (this might be a big security flaw, I'm trying to avoid it) What other approach can I use to authenticate the user in the REST API?" Now I'm using *buji-pac4j* by jleleu recomendation and following this post http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-td7579694.html <http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-td7579694.html> but I'm having a problem getting the proxy ticket in the proxy application. I get the following log /INFO [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - <No Proxy Ticket found for [PGTIOU-15-d4Cm3cF2StBgXXqF4dt1-cas01.example.org].>/ and /casProxyProfile.getProxyTicketFor(serviceName)/ returns null. Any ideas? These are my configurations *proxy* [main] #proxy proxyReceptor=org.pac4j.cas.client.CasProxyReceptor proxyReceptor.callbackUrl=https://localhost:8181/WebAppB/proxyReceptor.xhtml?client_name=CasClient casClient = org.pac4j.cas.client.CasClient casClient.casLoginUrl = https://localhost:8181/cas/login casClient.casProxyReceptor = $proxyReceptor clients = org.pac4j.core.client.Clients clients.callbackUrl = https://localhost:8181/WebAppB/shiro-cas clients.clientsList = $casClient, $proxyReceptor clientsRealm = io.buji.pac4j.ClientRealm #clientsRealm.defaultRoles = ROLE_USER clientsRealm.clients = $clients clientsFilter = io.buji.pac4j.ClientFilter clientsFilter.clients = $clients clientsFilter.failureUrl = /error.xhtml casUsers = io.buji.pac4j.filter.ClientUserFilter casUsers.client = $casClient securityManager.realms = $clientsRealm [urls] /proxyReceptor.xhtml = anon /shiro-cas = clientsFilter /error.xhtml = anon /app/** = casUsers /** = anon *proxied* [main] #proxied # configure CAS realm casFilter = org.apache.shiro.cas.CasFilter casFilter.failureUrl = /error.xhtml casRealm = org.apache.shiro.cas.CasRealm #casRealm.defaultRoles = ROLE_USER casRealm.casServerUrlPrefix = https://localhost:8181/cas casRealm.casService = https://localhost:8181/WebAppC/shiro-cas casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory securityManager.subjectFactory = $casSubjectFactory casClient = org.pac4j.cas.client.CasClient casClient.casLoginUrl = https://localhost:8181/cas/login casClient.acceptAnyProxy=true clients = org.pac4j.core.client.Clients clients.callbackUrl = https://localhost:8181/WebAppC/shiro-cas-proxied clients.clientsList = $casClient clientsRealm = io.buji.pac4j.ClientRealm #clientsRealm.defaultRoles = ROLE_USER clientsRealm.clients = $clients clientsFilter = io.buji.pac4j.ClientFilter clientsFilter.clients = $clients clientsFilter.failureUrl = /error.html #casUsers = io.buji.pac4j.filter.ClientUserFilter #casUsers.client = $casClient securityManager.realms = $casRealm, $clientsRealm authc.loginUrl = https://localhost:8181/cas/login?service=https://localhost:8181/WebAppC/shiro-cas [urls] /shiro-cas-proxied = clientsFilter /shiro-cas = casFilter /error.html = anon /api/** = authc /** = anon Thanks -- View this message in context: http://shiro-user.582556.n2.nabble.com/SSO-between-Webapp-and-REST-API-using-apache-shiro-tp7579861.html Sent from the Shiro User mailing list archive at Nabble.com.
