Problem with CAS-Service-Response - Using ACEGI-SECURITY

Scott Battaglia scott.battaglia at gmail.com
Thu Mar 6 09:38:05 EST 2008 

The custom attributes you defined are not recognized by the CAS client used
by Acegi (because, well, they're custom).  The CAS client used by Acegi by
default interprets the protocol exactly and ignores anything that's extra.

The upcoming Spring Security 2 will utilize the newer CAS Client for Java
3.1.1 which would make it easier to inject a custom ticket validator to
retrieve those attributes.  In addition, the Assertion (which holds the
Principal and the attributes) will be available as part of the
CasAuthenticationToken.  This won't be ready until Spring Security 2.0 comes
out though.

-Scott

On Thu, Mar 6, 2008 at 7:37 AM, Stefan Dürr <duerr at elc.tu-darmstadt.de>
wrote:

> I'm still having the same problem. Here is a sentence from the
> acegi-tutorial(http://www.acegisecurity.org/guide/springsecurity.html):
>
> "The |CasProxyTicketValidator| will parse the XML received from the CAS
> server. It will return to the |CasAuthenticationProvider| a
> |TicketResponse|, which includes the username (mandatory), proxy list
> (if any were involved), and proxy-granting ticket IOU (if the proxy
> callback was requested)."
>
>
> Does someone know anything about this? I turned the log4j-level to DEBUG
> for all org.acegisecurity and org.jasig-classes. But I can't find
> anything about this "TicketResponse", which is mentioned above, in my
> logging-data. The Acegi-Application knows my login-name, but I can not
> see, where it is received from the CAS-Server. It would be great if
> someone could give me a hint. Thanks"
>
> Regards Stefan
>
>
>
> Stefan Dürr schrieb:
> > Hi,
> > I am writing a test-application with Java+Acegi. There are some public
> > pages and some secured pages. When the user tries to access one of the
> > secured pages, he will be redirected to CAS-Login. After successful
> > login he is redirected to this page again. This works really fine.
> > Now my problem: We defined some additional user-attributes in the
> > CAS-Server (like e-mail adress etc.), which are sent with the
> > CAS-Service-Response after a successful login and which I would like to
> > use in my Acegi-Application.
> > I have been trying very long now to print this response with the
> > Acegi-Framework, but it does not work. I read some instructions now and
> > nearly all threads about this topic in the spring- and acegi-forum and
> > this mailing-list, but i can't find anything about printing the
> > CAS-Service-Response with my Acegi-Application. As Acegi works with
> > Java-Beans, is it possible that I must create a special bean, which
> > stores the Service-Response? Or does another bean, like
> > CasAuthenticvationProvider, already store the response?
> >
> > A strange thing is, that I can see the response in my browser, when I do
> > these steps (CAS-Server: https://localhost; Secured-Page:
> > https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp):
> > 1. Access this with my Browser:
> >
> https://localhost/proxy?pgt=TGT-1-AsDFUJOLU1wwbka4nLzXdR3UWxY3UhNb7W0-50&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp
> >
> > this shows me a new Service-Ticket:
> > ST-13-iVqAlqSclCCdgMtASg07Cu75ETj9NN0pGPF-20
> >
> > 2. Access this with my Browser:
> >
> https://localhost/serviceValidate?ticket=ST-13-iVqAlqSclCCdgMtASg07Cu75ETj9NN0pGPF-20&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp
> >
> > this shows me all the attributes, that we defined in our CAS-Server. The
> > HTML-Source shows the whole response with XML-Tags
> >
> >
> > This is really strange, because I can't see any possibility, to acces
> > this response by using the acegi-beans.
> >
> > I am happy about all hints!!
> >
> > Regards Stefan
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> <<Bitte Beachten: Neue Anschrift, Telefon- und Faxnummer>>
>
> BA-Student Informationstechnik
> Stefan Dürr
> \TU-Darmstadt
> \\Hochschulrechenzentrum
> \\\(e-learning center)
> Petersenstraße 30
> 64287 Darmstadt
>
> Mail:    duerr at elc.tu-darmstadt.de
> Telefon: +49 6151 16 5638
> Fax:     +49 6151 16 3050
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080306/890ae175/attachment.html

More information about the cas mailing list