CAS JASIG filter not working for me.
Scott Battaglia
scott.battaglia at gmail.com
Thu Sep 13 15:07:48 EDT 2007
You can front Apache Tomcat with Apache if you'd like. You can still use
the Java client if you want (or you can use the new mod_auth_cas).
-Scott
On 9/13/07, Clifford Bryant <CBryant at edgewater.com> wrote:
>
> Actually, yes we are in production. That was the other issue that I
> wanted to explore, if I had the time. Most of our stuff is JSPs, so tying
> into Tomcat should be OK, right?
>
>
> ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Andrew R Feller
> *Sent:* Thursday, September 13, 2007 2:43 PM
> *To:* Yale CAS mailing list
> *Subject:* RE: CAS JASIG filter not working for me.
>
>
>
> I take you aren't front-ending Apache Tomcat with Apache HTTPD for
> connections, are you?
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
> ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Healey, Thomas
> *Sent:* Thursday, September 13, 2007 1:28 PM
> *To:* cas at tp.its.yale.edu
> *Subject:* CAS JASIG filter not working for me.
>
>
>
> All,
>
> I have performed the following steps in order to get the CAS Filter to
> work on my Tapestry App.
>
> 1) I downloaded and installed the CAS Java filter and followed the steps
> from
>
> http://www.ja-sig.org/products/cas/client/javaclient/index.html
>
> 2) redeployed the app with the new web.xml
>
> 3) Attempted to go to my login page and my login page still comes up. I
> thought installing the CAS Filter and properly configuring it would cause my
> app to redirect to
>
> the CAS Login page.
>
> 4) Much grinding and gnashing. Just for the record I do have my rails app
> running using the ruby version of a CAS Filter and thats what it does.
>
> 5) My config params look like this.
>
> **************************************************
>
>
>
> <filter>
>
> <filter-name>CASFilter</filter-name>
>
> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter
> </filter-class>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl
> </param-name>
>
> <param-value>https://<myservername>:8443/cas/login</param-value>
>
> </init-param>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> </param-name>
>
>
> <param-value>https://<myservername>:8443/cas/proxyValidate</param-value>
>
> </init-param>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.proxyCallbackUrl
> </param-name>
>
>
> <param-value>https://<myservername>:3001/cas_proxy_callback/receive_pgt</param-value>
>
> </init-param>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.authorizedProxy
> </param-name>
>
>
> <param-value>https://<myservername>:3001/cas_proxy_callback</param-value>
>
> </init-param>
>
>
>
>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl
> </param-name>
>
>
> <param-value>http://<myservername>:8100/career-student</param-value>
>
> </init-param>
>
>
>
>
>
> <init-param>
>
> <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest
> </param-name>
>
> <param-value>true</param-value>
>
> </init-param>
>
>
>
> </filter>
>
>
>
>
>
> <filter-mapping>
>
> <filter-name>CASFilter</filter-name>
>
> <url-pattern>/*</url-pattern>
>
> </filter-mapping>
>
> **************************************************
>
>
>
> 6) I then tried the JASIG java client following the directions from here:
>
>
>
> http://www.ja-sig.org/products/cas/client/client-java/index.html
>
>
>
> The webxml looks like this:
>
> **************************************************
>
>
>
> <context-param>
>
> <param-name>contextConfigLocation</param-name>
>
> <param-value>
>
> /WEB-INF/securityConfiguration.xml
>
> </param-value>
>
> </context-param>
>
>
>
> <filter>
>
> <filter-name>CAS Authentication Filter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy
> </filter-class>
>
> <init-param>
>
> <param-name>targetBeanName</param-name>
>
> <param-value>casAuthenticationFilter</param-value>
>
> </init-param>
>
> </filter>
>
>
>
> <filter>
>
> <filter-name>CAS Validation Filter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy
> </filter-class>
>
> <init-param>
>
> <param-name>targetBeanName</param-name>
>
> <param-value>casValidationFilter</param-value>
>
> </init-param>
>
> </filter>
>
>
>
> <filter-mapping>
>
> <filter-name>CAS Authentication Filter</filter-name>
>
> <url-pattern>/*</url-pattern>
>
> </filter-mapping>
>
>
>
> <filter-mapping>
>
> <filter-name>CAS Validation Filter</filter-name>
>
> <url-pattern>/*</url-pattern>
>
> </filter-mapping>
>
>
>
> <listener>
>
> <listener-class>org.springframework.
> web.context.ContextLoaderListener</listener-class>
>
> </listener>
>
> <filter>
>
> <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy
> </filter-class>
>
> <init-param>
>
> <param-name>targetBeanName</param-name>
>
> <param-value>casHttpServletRequestWrapperFilter</param-value>
>
> </init-param>
>
> </filter>
>
>
>
> <filter-mapping>
>
> <filter-name>CAS HttpServletRequestWrapperFilter</filter-name>
>
> <url-pattern>/*</url-pattern>
>
> </filter-mapping>
>
>
>
> **************************************************
>
>
>
> and the securityConfiguration.xml looks lik:
>
>
>
> **************************************************
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
>
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd">
>
>
>
> <bean id="propertyPlaceholderConfigurer" class="
> org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
>
> <property name="location" value="/WEB-INF/cas-client.properties"/>
>
> </bean>
>
>
>
> <bean id="authorizedDecider" class="
> org.jasig.cas.client.authorization.DefaultAuthorizedDeciderImpl">
>
> <constructor-arg index="0">
>
> <list>
>
> <value>scott</value>
>
> <value>velpi</value>
>
> <value>apetro</value>
>
> </list>
>
> </constructor-arg>
>
> </bean>
>
>
>
> <bean id="httpClient" class="org.jasig.cas.util.HttpClient3FactoryBean
> "/>
>
>
>
> <bean id="proxyRetriever" class="
> org.jasig.cas.client.proxy.Cas20ProxyRetriever">
>
> <constructor-arg index="0" value="${cas.server.url}"/>
>
> <constructor-arg index="1" ref="httpClient"/>
>
> </bean>
>
>
>
> <bean id="proxyGrantingTicketStorage" class="
> org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl"/>
>
>
>
> <bean id="ticketValidator" class="
> org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
>
> <constructor-arg index="0" value="${cas.server.url}"/>
>
> <constructor-arg index="1" value="${cas.server.renew}"/>
>
> <constructor-arg index="2" ref="httpClient"/>
>
> <constructor-arg index="3"><list></list></constructor-arg>
>
> <constructor-arg index="4" value="true"/>
>
> </bean>
>
>
>
> <bean id="casHttpServletRequestWrapperFilter" class="
> org.jasig.cas.client.web.filter.HttpServletRequestWrapperFilter"/>
>
>
>
> <bean id="casValidationFilter" class="org.jasig.cas.client.
> web.filter.TicketValidationFilter">
>
> <constructor-arg index="0" value="${cas.client.serverName}"/>
>
> <constructor-arg index="1"><null/></constructor-arg>
>
> <constructor-arg index="2" ref="ticketValidator"/>
>
> </bean>
>
>
>
> <bean id="casAuthenticationFilter" class="org.jasig.cas.client.
> web.filter.AuthenticationFilter">
>
> <constructor-arg index="0" value="${cas.client.serverName}"/>
>
> <constructor-arg index="1"><null/></constructor-arg>
>
> <constructor-arg index="2" value="${cas.server.url}login"/>
>
> <constructor-arg index="3" value="${cas.server.renew}"/>
>
> <constructor-arg index="4" value="${cas.server.gateway}"/>
>
> </bean>
>
>
>
> <bean id="casAuthorizationFilter" class="org.jasig.cas.client.
> web.filter.AuthorizationFilter">
>
> <constructor-arg index="0" ref="authorizedDecider" />
>
> </bean>
>
> </beans>
>
> **************************************************
>
>
>
> and the cas-client.properties looks like:
>
>
>
> **************************************************
>
> cas.server.gateway=false
>
> cas.server.renew=false
>
> cas.server.url=https://<myservername>:8443/cas/
>
> cas.server.proxyCallbackUrl=https://<myservername>:3001/cas_proxy_callback
>
> cas.client.serverName=<myservername>:8100
>
> cas.client.proxyCallbackUrl=https://<myservername>:3001/cas_proxy_callback
>
> **************************************************
>
>
>
>
>
> 7) I tried to go to the home page of my client app and it still shows up
> instead of redirecting to the cas server.
>
> 8) I have don't nothing to the app at this point to get the username from
> the request. I was just seeing if the filter would work.
>
> Am I missing something?
>
>
>
> Sorry about the looooong message but I didn't know how else to show the
> config.
>
>
>
> Thanks in advance,
>
> Tom
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain information that is protected from disclosure by applicable law. If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070913/d1efae75/attachment.html
More information about the cas
mailing list