proxy use

Henrik Genssen henrik.genssen at mediafactory.de
Wed Aug 23 13:54:27 EDT 2006 

I have already filed a bug on sf.
Thanks for your help.

Hinnack

>reply to message:
>date: 23.08.2006 19:33:32
>from: "Scott Battaglia" <scott.battaglia at gmail.com>
>to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
>subject: Re: Re: Re: proxy use
>
>We may have to bring this up on the phpCAS mailing list.  The official CAS
>specification says that "ST-" is okay for a proxy ticket:
>
>"Proxy tickets SHOULD begin with the characters, "PT-". Proxy tickets MUST
>begin with either the characters, "ST-" or "PT-"."
>http://www.ja-sig.org/products/cas/overview/protocol/index.html
>
>For the short term, you can modify phpCAS locally to go to proxyValidate.
>
>-Scott
>
>On 8/23/06, Henrik Genssen <henrik.genssen at mediafactory.de> wrote:
>>
>> OK,
>> thanks, now I see...
>>
>> on changing PT to ST you have lost phpCAS support for proxy, as they do
>> switch between proxy- and serviceticket by the first 2 letters of the
>> ticket.
>> Will that stay and you give up backward-compability? If you do, you should
>> at least notice that somewhere (I think,I read somewhere, that it is
>> compatible to older versions).
>> I will look into it, anyway..
>>
>> Hinnack
>>
>> >reply to message:
>> >date: 23.08.2006 13:52:41
>> >from: "Scott Battaglia" <scott.battaglia at gmail.com>
>> >to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
>> >subject: Re: Re: proxy use
>> >
>> >If you're trying to validate a proxy ticket, you'll need to use the
>> >proxyValidate and not the serviceValidate url.
>> >
>> >-Scott
>> >
>> >On 8/23/06, Henrik Genssen <henrik.genssen at mediafactory.de> wrote:
>> >>
>> >> Hi,
>> >>
>> >> i do not know, if this list allowes attachments, but I try:
>> >> see my log in the attachment - maybe you can see here, why the ticket
>> >> is  not accepted...
>> >>
>> >> - Hinnack
>> >>
>> >> >reply to message:
>> >> >date: 22.08.2006 23:00:54
>> >> >from: "Scott Battaglia" <scott_battaglia at rutgers.edu>
>> >> >to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
>> >> >subject: Re: proxy use
>> >> >
>> >> >I meant CAS Server 3.  Both CAS2 and 3 use the version 2 protocol.
>> >> >
>> >> >Does your backend service trust the certificate?
>> >> >
>> >> >-Scott
>> >> >
>> >> >
>> >> >Henrik Genssen wrote:
>> >> >> Hi Scott,
>> >> >>
>> >> >> what do you mean by CAS3?
>> >> >> Protocol version 3 or CAS Server Version 3.xx?
>> >> >> I think php uses protocol version 2.
>> >> >>
>> >> >> Any idea, why the backend-service says, the ticket is invalid?
>> (beckend
>> >> service is again a web-site with php-cas).
>> >> >>
>> >> >> Hinnack
>> >> >>
>> >> >>
>> >> >>> reply to message:
>> >> >>> date: 22.08.2006 21:48:13
>> >> >>> from: "Scott Battaglia" <scott_battaglia at rutgers.edu>
>> >> >>> to: "Yale CAS mailing list" <cas at tp.its.yale.edu>
>> >> >>> subject: Re: proxy use
>> >> >>>
>> >> >>> Henrik,
>> >> >>>
>> >> >>> In CAS3, we treat ProxyTickets as ServiceTickets which is why you
>> see
>> >> >>> the ST instead of PT.
>> >> >>>
>> >> >>> -Scott
>> >> >>>
>> >> >>> Scott Battaglia
>> >> >>> Application Developer, Architecture & Engineering Team
>> >> >>> Enterprise Systems and Services, Rutgers University
>> >> >>> v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> Henrik Genssen wrote:
>> >> >>>
>> >> >>>> Hi,
>> >> >>>>
>> >> >>>> I am using the phpCAS 0.4.23-1 with CAS 3.0.5.
>> >> >>>>
>> >> >>>> in comparison to
>> >> http://www.ja-sig.org/wiki/display/CAS/Proxy+CAS+Walkthrough
>> >> >>>>
>> >> >>>> everything works fine - except, that I get a
>> >> ST-8-wXaVt7fHpgKzeX9BCibr9cLRp5T5OmHgbBX-20 in step 4 instead of a PT
>> >> ticket.
>> >> >>>>
>> >> >>>> with this I can not authenticate with the backend!
>> >> >>>>
>> >> >>>> CASClient::retrievePT('
>> >> http://192.168.1.2:8553/cas/source/examples/example_service.php', NULL,
>> >> NULL) [client.php:1609]
>> >> >>>> CASClient::readURL('
>> >>
>> https://io:8443/cas-db/proxy?targetService=http://192.168.1.2:8553/cas/source/examples/example_service.php&pgt=TGT-3-3eoMIKUKAHFwlSNTUWFuvpDnvoCcjaLWa1C-50
>> ',
>> >> '', NULL, NULL, '') [client.php:1420]
>> >> >>>> <= true
>> >> >>>> <= 'ST-8-wXaVt7fHpgKzeX9BCibr9cLRp5T5OmHgbBX-20'
>> >> >>>>
>> >> >>>>
>> >> >>>> any hints?
>> >> >>>>
>> >> >>>> Hinnack
>> >> >>>> _______________________________________________
>> >> >>>> Yale CAS mailing list
>> >> >>>> cas at tp.its.yale.edu
>> >> >>>> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >>>>
>> >> >>>>
>> >> >>> _______________________________________________
>> >> >>> Yale CAS mailing list
>> >> >>> cas at tp.its.yale.edu
>> >> >>> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >>>
>> >> >>>
>> >> >> _______________________________________________
>> >> >> Yale CAS mailing list
>> >> >> cas at tp.its.yale.edu
>> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >>
>> >> >_______________________________________________
>> >> >Yale CAS mailing list
>> >> >cas at tp.its.yale.edu
>> >> >http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >
>> >>
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> cas at tp.its.yale.edu
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >>
>> >>
>> >>
>> >
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>

More information about the cas mailing list