Hi, It's always hard to see something wrong in all those configurations. Though, the proxy receptor endpoint (/proxyReceptor.xhtml url) should have the *clientsFilter* associated.
Would you mind re-testing that way? Thanks. Best regards, Jérôme 2014-04-03 12:00 GMT+02:00 abip [via Shiro User] < [email protected]>: > Hello, initially I posted this question in StackOverflow > > "I'm trying to set up a SSO between a webapp and a REST API, to do this > I'm using Apache Shiro + Jasig CAS but now I'm having a problem related to > the authentication of the REST API. I'm using CASRealm + CASFilter in the > Webapp and trying to use the session created there to access the REST API, > I've tried 2 approaches: > > propagating the CAS service ticket from the webapp to the REST API through > the request header (does not work, it says the service ticket is invalid > because it belongs to another app, maybe the TGT would work) > > store the username and password in the webapp and use them in http basic > authentication (this might be a big security flaw, I'm trying to avoid it) > > What other approach can I use to authenticate the user in the REST API?" > > Now I'm using *buji-pac4j* by jleleu recomendation and following this > post > http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-td7579694.html but > I'm having a problem getting the proxy ticket in the proxy application. I > get the following log *INFO > [org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl] - <No Proxy > Ticket found for [PGTIOU-15-d4Cm3cF2StBgXXqF4dt1-cas01.example.org > <http://PGTIOU-15-d4Cm3cF2StBgXXqF4dt1-cas01.example.org>].>* and > *casProxyProfile.getProxyTicketFor(serviceName)* returns null. Any ideas? > > These are my configurations > *proxy* > [main] > #proxy > > proxyReceptor=org.pac4j.cas.client.CasProxyReceptor > proxyReceptor.callbackUrl= > https://localhost:8181/WebAppB/proxyReceptor.xhtml?client_name=CasClient > > casClient = org.pac4j.cas.client.CasClient > casClient.casLoginUrl = https://localhost:8181/cas/login > casClient.casProxyReceptor = $proxyReceptor > > clients = org.pac4j.core.client.Clients > clients.callbackUrl = https://localhost:8181/WebAppB/shiro-cas > clients.clientsList = $casClient, $proxyReceptor > > clientsRealm = io.buji.pac4j.ClientRealm > #clientsRealm.defaultRoles = ROLE_USER > clientsRealm.clients = $clients > > clientsFilter = io.buji.pac4j.ClientFilter > clientsFilter.clients = $clients > clientsFilter.failureUrl = /error.xhtml > > casUsers = io.buji.pac4j.filter.ClientUserFilter > casUsers.client = $casClient > > securityManager.realms = $clientsRealm > > [urls] > /proxyReceptor.xhtml = anon > /shiro-cas = clientsFilter > /error.xhtml = anon > /app/** = casUsers > /** = anon > > *proxied* > [main] > #proxied > > # configure CAS realm > casFilter = org.apache.shiro.cas.CasFilter > casFilter.failureUrl = /error.xhtml > > casRealm = org.apache.shiro.cas.CasRealm > #casRealm.defaultRoles = ROLE_USER > casRealm.casServerUrlPrefix = https://localhost:8181/cas > casRealm.casService = https://localhost:8181/WebAppC/shiro-cas > > casSubjectFactory = org.apache.shiro.cas.CasSubjectFactory > securityManager.subjectFactory = $casSubjectFactory > > casClient = org.pac4j.cas.client.CasClient > casClient.casLoginUrl = https://localhost:8181/cas/login > casClient.acceptAnyProxy=true > > clients = org.pac4j.core.client.Clients > clients.callbackUrl = https://localhost:8181/WebAppC/shiro-cas-proxied > clients.clientsList = $casClient > > clientsRealm = io.buji.pac4j.ClientRealm > #clientsRealm.defaultRoles = ROLE_USER > clientsRealm.clients = $clients > > clientsFilter = io.buji.pac4j.ClientFilter > clientsFilter.clients = $clients > clientsFilter.failureUrl = /error.html > > #casUsers = io.buji.pac4j.filter.ClientUserFilter > #casUsers.client = $casClient > > securityManager.realms = $casRealm, $clientsRealm > > authc.loginUrl = > https://localhost:8181/cas/login?service=https://localhost:8181/WebAppC/shiro-cas > > [urls] > /shiro-cas-proxied = clientsFilter > /shiro-cas = casFilter > /error.html = anon > /api/** = authc > /** = anon > > > Thanks > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/SSO-between-Webapp-and-REST-API-using-apache-shiro-tp7579861.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/SSO-between-Webapp-and-REST-API-using-apache-shiro-tp7579861p7579863.html Sent from the Shiro User mailing list archive at Nabble.com.
