JA-SIG CAS Client 3 setup
Scott Battaglia
scott.battaglia at gmail.com
Tue May 22 13:26:33 EDT 2007
On 5/22/07, Andrew William Petro <apetro at unicon.net> wrote:
>
> Andrew,
>
> > However, my boss wants the JA-SIG client as it wraps the
> HttpServletResponse to override the getRemoteUser method.
>
> The Yale Java CAS Client does this as well. There's an initialization
> parameter to the CASFilter governing whether it wraps the response.
>
> > After removing this, the issue became clear that my
> Cas20ProxyTicketValidator needed to be configured to accept any proxy.
>
> If you do not discriminate among incoming proxy tickets' proxying
> applications, you open yourself to illicit proxies through any application
> using your CAS server. You must examine the identity of the proxying
> application.
>
> The Yale Java CAS Client CASFilter implements this behavior by allowing
> you to specify allowed proxies, again as an initialization parameter.
>
The JA-SIG CAS Client also implements this behavior as a parameter. It also
gives you the option of accepting any proxy.
-Scott
Andrew
>
>
> Andrew R Feller wrote:
>
> I figured out the issue. =P With the JA-SIG 3.0 client, I included all
> of the JARs in the bin directory to the webapp's WEB-INF/lib directory
> instead of just the cas-client-core JAR. After removing this, the issue
> became clear that my Cas20ProxyTicketValidator needed to be configured to
> accept any proxy.
>
>
>
> Thanks regardless,
>
> A-
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
> ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu<cas-bounces at tp.its.yale.edu>]
> *On Behalf Of *Andrew R Feller
> *Sent:* Tuesday, May 22, 2007 8:38 AM
> *To:* cas at tp.its.yale.edu
> *Subject:* JA-SIG CAS Client 3 setup
>
>
>
> Good morning,
>
>
>
> When I originally started setting up a test instance of the CAS server and
> clients, I could not get the JA-SIG 3.0 client working, so I ended going
> with the Yale CAS Java client. However, my boss wants the JA-SIG client as
> it wraps the HttpServletResponse to override the getRemoteUser method.
> Whenever I go to CAS-ify a simple Hello World application, I get errors
> related to the ContextLoaderListener. I have pasted my web.xml,
> securityConfiguration.xml, and the errors logged in hopes that someone
> could help get me straight; I would appreciate any help!
>
>
>
> Thank you,
>
> Andy
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070522/f51df57c/attachment.html
More information about the cas
mailing list