Confluence & Jira SSO with Soulwing
Iikku Mattila
iikku.mattila at eduix.fi
Thu Dec 18 05:05:44 EST 2008
Hi again. I changed the log level to DEBUG and got the following log. I
can't find any mentions of errors or failures. The last rows of the log,
from "Action 'InitialFlowSetupAction' beginning execution" to "Action
'GenerateServiceTicketAction' completed execution; result is 'success'"
keep on repeating (as the browser is redirected, i presume). Could this
be caused by the setup of apps, as I have confluence at root level at
https://www.example.com/ and cas at
https://www.example.com/cas-server-webapp-3.3.1/ ?
The soulwing/confluence configurations are minimally modified from the
ones presented at soulwing site. Minimally as in I've changed
confluence's web.xml to have
casServerUrl->https://example.com/cas-server-webapp-3.3.1 and
casServiceUrl->https://example.com .
I might consider using the JASIG Cas Client instead of soulwing, but did
Scott's last message mean it won't work with Jira before the 3.1.5
release? When is that scheduled to be released?
The log follows:
2008-12-18 11:35:07,710 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' beginning execution>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing
form object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
scope Flow>
2008-12-18 11:35:07,725 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property
editor registrar set, no custom editors to register>
2008-12-18 11:35:07,728 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed
request parameters in map['lt' ->
'_c33FDA2F2-B35A-08A2-9490-CE12DA55BBA3_k329C7DD3-0454-C045-3015-90BD89DE9AEB',
'service' -> 'https://example.com/', '_eventId' -> 'submit', 'password'
-> 'xxxxxx', 'submit' -> 'LOGIN', 'username' -> 'me'] to form object
with name 'credentials', pre-bind formObject toString = [username: null]>
2008-12-18 11:35:07,728 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is
allowed)>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding
completed for form object with name 'credentials', post-bind formObject
toString = [username: me]>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
errors, details: []>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing
validation>
2008-12-18 11:35:07,752 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking
validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator at 19bb21f>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation
completed for form object>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0]
errors, details: []>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form
errors instance in scope Flash>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is 'success'>
2008-12-18 11:35:07,768 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' beginning execution>
2008-12-18 11:35:07,769 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing
form object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
scope Flow>
2008-12-18 11:35:07,769 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create
TicketGrantingTicket for [username: me]>
2008-12-18 11:35:07,849 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials:
[username: me]>
2008-12-18 11:35:07,850 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Attempting to resolve a principal...>
2008-12-18 11:35:07,850 DEBUG
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver]
- <Creating SimplePrincipal for [me]>
2008-12-18 11:35:07,856 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] to registry.>
2008-12-18 11:35:07,856 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed
cookie with name [CASPRIVACY]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action
'AuthenticationViaFormAction' completed execution; result is 'success'>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' beginning execution>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added
cookie with name [CASTGC] and value
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Removing ticket
[TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas] from
registry.>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-QvrLgnGqZQifCunOZg9PO3K0cDofDsVeEHwtvJQaXqSwxZceLQ-cas]>
2008-12-18 11:35:07,857 DEBUG
[org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action
'SendTicketGrantingTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:07,858 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:07,859 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:07,859 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:07,860 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] to registry.>
2008-12-18 11:35:07,860 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-1-7QoibuQ6y4wZhfEhZZJJ-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:07,860 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,172 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,176 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,187 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
2008-12-18 11:35:08,187 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' completed execution; result is 'success'>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:08,196 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:08,208 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-2-N6GJpWo5PHWLbucyeKyz-cas] to registry.>
2008-12-18 11:35:08,208 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-2-N6GJpWo5PHWLbucyeKyz-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:08,212 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' completed execution; result is 'success'>
2008-12-18 11:35:08,340 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' beginning execution>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to
retrieve ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas]>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket
[TGT-1-S3mXnt0QtQVLuafnEdUCNCLQrNxCsafcJbnFcSbRocnsArKckO-cas] found in
registry.>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket
[ST-3-e1M7LpACeQiGV3cS5mBA-cas] to registry.>
2008-12-18 11:35:08,341 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-3-e1M7LpACeQiGV3cS5mBA-cas] for service
[https://example.com/] for user [me]>
2008-12-18 11:35:08,341 DEBUG
[org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action
'GenerateServiceTicketAction' completed execution; result is 'success'>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action
'InitialFlowSetupAction' beginning execution>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated
service for: https://example.com/>
2008-12-18 11:35:08,417 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in
FlowScope: https://example.com/>
Iikku
Scott Battaglia wrote:
> Is the ticket validation failing? Turning on DEBUG on the cas server
> should indicate what's happening (also on the client side). Your
> client might be incorrectly configured and redirecting if there is a
> ticket failure.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Wed, Dec 17, 2008 at 10:36 AM, Iikku Mattila
> <iikku.mattila at eduix.fi <mailto:iikku.mattila at eduix.fi>> wrote:
>
> Thanks for the https tip! I changed my setup a bit, but only
> encountered
> new problems. I now have Apache frontend with mod_ssl proxying
> requests
> from https://example.com/ to ajp://localhost:8009/, which is where
> tomcat is answering.
>
> Now https://example.com/jira/ is redirected to the cas login screen,
> where user enters correct username&password and here it gets
> interesting: instead of logging in, the request goes into an
> endless loop.
>
> Apache access_log alternates between
>
> "GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 -
> "...
> "GET
> /cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F
> HTTP/1.1" 302 - "...
>
> and tomcat's catalina.out says
> INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted
> service
> ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service
> [https://example.com/jira/] for user [me]>
> about a ten times - which is when firefox stops the redirection cycle.
>
> Retrying https://example.com/jira/ enters the redirection cycle
> immediately.
>
> Is it possible to get CAS working with this setup? Have I made
> somekind
> of obvious&common setup error, that somebody might have fixed for
> themselves? Any ideas?
>
> Iikku
>
> Scott Battaglia wrote:
> > Are you running CAS over HTTPS or HTTP? If you're running over
> HTTP,
> > then you won't get SSO.
> >
> > -Scott
> >
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> >
> > On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila
> <iikku.mattila at eduix.fi <mailto:iikku.mattila at eduix.fi>
> > <mailto:iikku.mattila at eduix.fi <mailto:iikku.mattila at eduix.fi>>>
> wrote:
> >
> > Hi,
> > I have a (seemingly) working CAS installation with
> > BindLdapAuthenticationHandler, setup like
> > http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified
> Confluence
> > and Jira with Soulwing as per instructions on
> > http://soulwing.org/confluence-cas.jsp and
> > http://soulwing.org/jira-cas.jsp . When user logs on to
> either of
> > those
> > apps, he's redirected to CAS login screen, he logs on
> successfully and
> > is redirected to the app. So all is okay with both individual
> > applications. However, after the user has logged on to one
> of the apps
> > and tries to use the other, he is not logged in
> automatically via CAS,
> > but instead redirected to the CAS login screen, where he can
> login
> > normally with username/password.
> >
> > So there is no single sign on, but instead two individuals
> logins both
> > handled through CAS. I'd rather have the sso. Is there perhaps
> > some kind
> > of a switch that I've missed?
> >
> > Thanks,
> > Iikku Mattila
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
> --
> ************************************************************************
> Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet
> TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten
> psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän
> toiveidensa mukaisesti.
> Toivotamme teille rauhallista joulunaikaa sekä menestystä
> alkavalle vuodelle 2009!
> ************************************************************************
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
************************************************************************
Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet
TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten
psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän
toiveidensa mukaisesti.
Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle vuodelle 2009!
************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081218/0154195f/attachment.html
More information about the cas
mailing list