Proxy Login
Scott Battaglia
scott.battaglia at gmail.com
Mon Jul 21 10:50:28 EDT 2008
Robert,
I think the problem is that our documentation says to put the
AuthenticationFilter first which works in the majority of the cases. In
your case you would need to put the ValidationFilter first. I think there
was a similar discussion on-list a while back but the documentation in the
wiki was never updated to reflect that you can configure the Validation
Filter first.
There doesn't appear to be a reason that you can't configure the validation
filter first.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Mon, Jul 21, 2008 at 10:29 AM, Robert R <robert.jboss at gmail.com> wrote:
> I am trying to implement Proxy Login using the Java CAS Client 3.1. Below
> you'll find my filters for authentication and validation. The regular
> authentication is happening fine. The service URL is: "
> http://sp.dev.synapse.com/petclinic/", the user logs on, a service ticket
> is returned an everything is happy.
>
> However, the proxy is not working, and I'm not sure exactly what I am doing
> wrong. While debugging, I see that the callback is getting called with the
> PGTIOU and the PGT from CAS. However, the Authentication Filter is the
> first to grab this incoming service URL: "
> http://sp.dev.pearsonsynapse.com/petclinic/proxyCallback," it is not
> finding a service ticket, and tries presenting the CAS login screen. This
> CAS login screen is ultimately return to CAS's own proxy call (which of
> course is never looked at) - and the whole process never makes it to the
> proxy validation.
>
> The trouble is - now that I have this set up - what is happening makes
> sense to me. Of course - it is not letting the actualy proxy granting
> ticket to come through - which is a problem. So - what am I doing wrong -
> and how can I correct this?
>
> Thanks so much for any thoughts.
>
> - Robert
>
> <filter>
> <filter-name>CAS Authentication Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
> <init-param>
> <param-name>casServerLoginUrl</param-name>
> <param-value>https://sso.dev.synapse.net/cas/login
> </param-value>
> </init-param>
> <init-param>
> <param-name>serverName</param-name>
> <param-value>http://sp.dev.synapse.com</param-value>
> </init-param>
> <init-param>
> <param-name>renew</param-name>
> <param-value>false</param-value>
> </init-param>
> <init-param>
> <param-name>gateway</param-name>
> <param-value>false</param-value>
> </init-param>
> </filter>
>
> <filter>
> <filter-name>CAS Validation Filter</filter-name>
>
> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
> <init-param>
> <param-name>casServerUrlPrefix</param-name>
> <param-value>https://sso.dev.synapse.net/cas/</param-value>
> </init-param>
> <init-param>
> <param-name>serverName</param-name>
> <param-value>http://sp.dev.synapse.com</param-value>
> </init-param>
> <init-param>
> <param-name>allowAnyProxy</param-name>
> <param-value>true</param-value>
> </init-param>
> <init-param>
> <param-name>proxyCallbackUrl</param-name>
> <param-value>
> https://sp.dev.synapse.com/petclinic/proxyCallback</param-value>
> </init-param>
> <init-param>
> <param-name>proxyReceptorUrl</param-name>
> <param-value>/petclinic/proxyCallback</param-value>
> </init-param>
> </filter>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080721/a9f65e87/attachment.html
More information about the cas
mailing list