CAS OpenID log in fails

Scott Battaglia scott.battaglia at gmail.com
Mon Feb 18 18:31:16 EST 2008 

The Services Management tool can use Ant pattern matching so anything like:
https://myservice.com/** or stuff like that

-Scott

On Feb 18, 2008 11:59 AM, Sudirikku Mohanjith <moha at mohanjith.net> wrote:

> Hi Scott,
> I did try to match the URL of the services that were trying to
> authenticate via OpenID but it was not a exactly successful. I could
> not find any instructions how I can match URLs of services trying to
> authenticate via OpenID, hope you could give some guideline.
>
> Regards,
> Mohanjith
>
> On Feb 18, 2008 10:11 PM, Scott Battaglia <scott.battaglia at gmail.com>
> wrote:
> > If you're getting that error that means that you're using the Services
> > Management tool and the URL pattern you're attempting to use as the
> service
> > url is not in the Services Management tool.  You may need to update one
> of
> > your services in the tool to be a pattern-matched URL.
> >
> > -Scott
> >
> >
> >
> > On Feb 18, 2008 11:17 AM, Sudirikku Mohanjith <moha at mohanjith.net>
> wrote:
> > > Hi Scott,
> > > There are no errors in the error log. It just fails complaining that
> > > "Application Not Authorized to Use CAS". Also note that this happens
> > > when a service that is not listed in the service registry tries to
> > > authenticate against CAS via OpenID. I just went over the instructions
> > > at http://www.ja-sig.org/wiki/display/CASUM/OpenID, I seem to have
> > > implemented everything correct.
> > >
> > > One otherthing I'm using the JDBC Authentication, I don't think there
> > > are any issues with that because, I have no issue in authenticating
> > > autherized web applications with CAS 2.0 protocol.
> > >
> > > /Mohanjith
> > >
> > >
> > >
> > >
> > > On Feb 18, 2008 8:27 PM, Scott Battaglia <scott.battaglia at gmail.com>
> > wrote:
> > > > As far as I know those instructions should work.  We just had
> someone
> > try
> > > > them recently and everything seemed okay.
> > > >
> > > > Are you getting any specific errors in any of the logs?
> > > >
> > > > -Scott
> > > >
> > > >
> > > >
> > > >  On Feb 18, 2008 9:50 AM, Sudirikku Mohanjith <moha at mohanjith.net>
> > wrote:
> > > > > Hi Scott,
> > > > > Thanks for the quick reply.
> > > > >
> > > > > Yep I'm following instructions in
> > > > > http://www.ja-sig.org/wiki/display/CASUM/OpenID. You might notice
> that
> > > > > under login-webflow.xml, you would find the same action-state
> block
> > > > >
> > > > > Cheers,
> > > > > Mohanjith
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On Feb 18, 2008 8:10 PM, Scott Battaglia <
> scott.battaglia at gmail.com>
> > > > wrote:
> > > > > > Mohanjith,
> > > > > >
> > > > > > Are you following the instructions at:
> > > > > > http://www.ja-sig.org/wiki/display/CASUM/OpenID
> > > > > >
> > > > > > -Scott
> > > > > >
> > > > > >
> > > > > >
> > > > > > On Feb 18, 2008 12:59 AM, Sudirikku Mohanjith <
> moha at mohanjith.net>
> > > > wrote:
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Hi,
> > > > > > > I have setup the CAS services registry and when a external
> service
> > > > > > > tries to sign in via CAS as the OpenID idp, CAS complains that
> the
> > > > > > > "Application Not Authorized to Use CAS". It shouldn't be the
> case
> > with
> > > > > > > OpenID, any Application/Service should be allowed to
> authenticate
> > > > > > > against CAS if using OpenID.
> > > > > > >
> > > > > > > I think it is caused by the following in login-webflow.xml
> > > > > > >
> > > > > > >        <action-state id="openIdSingleSignOnAction">
> > > > > > >                <action bean="openIdSingleSignOnAction" />
> > > > > > >                <transition on="success"
> > to="sendTicketGrantingTicket"
> > > > />
> > > > > > >                <transition on="error" to="viewLoginForm" />
> > > > > > >                <transition on="warn" to="warn" />
> > > > > > >        </action-state>
> > > > > > >
> > > > > > > I do not think on success the flow should be to
> > > > > > > sendTicketGrantingTicket, instead it should be some OpenID
> > specific
> > > > > > > transition.
> > > > > > >
> > > > > > > It would be nice to have OpenID idp support, I'm in the
> process of
> > > > > > > deploying CAS for a major developer portal. So far the things
> have
> > > > > > > been smooth. Drupal, Confluence and JIRA will be using CAS to
> > > > > > > authenticate against. I want to give all the users in the
> > developer
> > > > > > > portal OpenID endpoints, right now I'm making use of home
> brewed
> > > > > > > Drupal module. To my disappointment external services are not
> able
> > to
> > > > > > > authenticate via the CAS OpenID idp. :(
> > > > > > >
> > > > > > > Hope some one can help me.
> > > > > > >
> > > > > > > Cheers,
> > > > > > > Mohanjith
> > > > > > > _______________________________________________
> > > > > > > Yale CAS mailing list
> > > > > > > cas at tp.its.yale.edu
> > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > -Scott Battaglia
> > > > > > PGP Public Key Id: 0x383733AA
> > > > > >  LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > > >
> > > > > _______________________________________________
> > > > > Yale CAS mailing list
> > > > > cas at tp.its.yale.edu
> > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > -Scott Battaglia
> > > > PGP Public Key Id: 0x383733AA
> > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080218/bc0d5d32/attachment.html

More information about the cas mailing list