CAS OpenID log in fails
Sudirikku Mohanjith
moha at mohanjith.net
Mon Feb 18 11:17:30 EST 2008
Hi Scott,
There are no errors in the error log. It just fails complaining that
"Application Not Authorized to Use CAS". Also note that this happens
when a service that is not listed in the service registry tries to
authenticate against CAS via OpenID. I just went over the instructions
at http://www.ja-sig.org/wiki/display/CASUM/OpenID, I seem to have
implemented everything correct.
One otherthing I'm using the JDBC Authentication, I don't think there
are any issues with that because, I have no issue in authenticating
autherized web applications with CAS 2.0 protocol.
/Mohanjith
On Feb 18, 2008 8:27 PM, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> As far as I know those instructions should work. We just had someone try
> them recently and everything seemed okay.
>
> Are you getting any specific errors in any of the logs?
>
> -Scott
>
>
>
> On Feb 18, 2008 9:50 AM, Sudirikku Mohanjith <moha at mohanjith.net> wrote:
> > Hi Scott,
> > Thanks for the quick reply.
> >
> > Yep I'm following instructions in
> > http://www.ja-sig.org/wiki/display/CASUM/OpenID. You might notice that
> > under login-webflow.xml, you would find the same action-state block
> >
> > Cheers,
> > Mohanjith
> >
> >
> >
> >
> > On Feb 18, 2008 8:10 PM, Scott Battaglia <scott.battaglia at gmail.com>
> wrote:
> > > Mohanjith,
> > >
> > > Are you following the instructions at:
> > > http://www.ja-sig.org/wiki/display/CASUM/OpenID
> > >
> > > -Scott
> > >
> > >
> > >
> > > On Feb 18, 2008 12:59 AM, Sudirikku Mohanjith <moha at mohanjith.net>
> wrote:
> > >
> > > >
> > > >
> > > >
> > > > Hi,
> > > > I have setup the CAS services registry and when a external service
> > > > tries to sign in via CAS as the OpenID idp, CAS complains that the
> > > > "Application Not Authorized to Use CAS". It shouldn't be the case with
> > > > OpenID, any Application/Service should be allowed to authenticate
> > > > against CAS if using OpenID.
> > > >
> > > > I think it is caused by the following in login-webflow.xml
> > > >
> > > > <action-state id="openIdSingleSignOnAction">
> > > > <action bean="openIdSingleSignOnAction" />
> > > > <transition on="success" to="sendTicketGrantingTicket"
> />
> > > > <transition on="error" to="viewLoginForm" />
> > > > <transition on="warn" to="warn" />
> > > > </action-state>
> > > >
> > > > I do not think on success the flow should be to
> > > > sendTicketGrantingTicket, instead it should be some OpenID specific
> > > > transition.
> > > >
> > > > It would be nice to have OpenID idp support, I'm in the process of
> > > > deploying CAS for a major developer portal. So far the things have
> > > > been smooth. Drupal, Confluence and JIRA will be using CAS to
> > > > authenticate against. I want to give all the users in the developer
> > > > portal OpenID endpoints, right now I'm making use of home brewed
> > > > Drupal module. To my disappointment external services are not able to
> > > > authenticate via the CAS OpenID idp. :(
> > > >
> > > > Hope some one can help me.
> > > >
> > > > Cheers,
> > > > Mohanjith
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > >
> > >
> > >
> > > --
> > > -Scott Battaglia
> > > PGP Public Key Id: 0x383733AA
> > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
More information about the cas
mailing list