Problem with CAS-Service-Response - Using ACEGI-SECURITY
Stefan Dürr
duerr at elc.tu-darmstadt.de
Thu Mar 20 11:34:49 EDT 2008
ok, thanks for your answer. we solved the problem now by updating the
cas-client jars to 3.1.1 and customizing the cas20ServiceTicketValidator
for the further attributes which are sent with the
cas-server-xml-response. this new ticket validator is part of a servlet,
which is used by the java/acegi-application. so far...for all of you who
have the same problem with customizing the server-response ;)
regards, stefan
Scott Battaglia schrieb:
> The custom attributes you defined are not recognized by the CAS client
> used by Acegi (because, well, they're custom). The CAS client used by
> Acegi by default interprets the protocol exactly and ignores anything
> that's extra.
>
> The upcoming Spring Security 2 will utilize the newer CAS Client for
> Java 3.1.1 which would make it easier to inject a custom ticket
> validator to retrieve those attributes. In addition, the Assertion
> (which holds the Principal and the attributes) will be available as
> part of the CasAuthenticationToken. This won't be ready until Spring
> Security 2.0 comes out though.
>
> -Scott
>
> On Thu, Mar 6, 2008 at 7:37 AM, Stefan Dürr <duerr at elc.tu-darmstadt.de
> <mailto:duerr at elc.tu-darmstadt.de>> wrote:
>
> I'm still having the same problem. Here is a sentence from the
> acegi-tutorial(http://www.acegisecurity.org/guide/springsecurity.html):
>
> "The |CasProxyTicketValidator| will parse the XML received from
> the CAS
> server. It will return to the |CasAuthenticationProvider| a
> |TicketResponse|, which includes the username (mandatory), proxy list
> (if any were involved), and proxy-granting ticket IOU (if the proxy
> callback was requested)."
>
>
> Does someone know anything about this? I turned the log4j-level to
> DEBUG
> for all org.acegisecurity and org.jasig-classes. But I can't find
> anything about this "TicketResponse", which is mentioned above, in my
> logging-data. The Acegi-Application knows my login-name, but I can not
> see, where it is received from the CAS-Server. It would be great if
> someone could give me a hint. Thanks"
>
> Regards Stefan
>
>
>
> Stefan Dürr schrieb:
> > Hi,
> > I am writing a test-application with Java+Acegi. There are some
> public
> > pages and some secured pages. When the user tries to access one
> of the
> > secured pages, he will be redirected to CAS-Login. After successful
> > login he is redirected to this page again. This works really fine.
> > Now my problem: We defined some additional user-attributes in the
> > CAS-Server (like e-mail adress etc.), which are sent with the
> > CAS-Service-Response after a successful login and which I would
> like to
> > use in my Acegi-Application.
> > I have been trying very long now to print this response with the
> > Acegi-Framework, but it does not work. I read some instructions
> now and
> > nearly all threads about this topic in the spring- and
> acegi-forum and
> > this mailing-list, but i can't find anything about printing the
> > CAS-Service-Response with my Acegi-Application. As Acegi works with
> > Java-Beans, is it possible that I must create a special bean, which
> > stores the Service-Response? Or does another bean, like
> > CasAuthenticvationProvider, already store the response?
> >
> > A strange thing is, that I can see the response in my browser,
> when I do
> > these steps (CAS-Server: https://localhost; Secured-Page:
> > https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp):
> > 1. Access this with my Browser:
> >
> https://localhost/proxy?pgt=TGT-1-AsDFUJOLU1wwbka4nLzXdR3UWxY3UhNb7W0-50&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp
> <https://localhost/proxy?pgt=TGT-1-AsDFUJOLU1wwbka4nLzXdR3UWxY3UhNb7W0-50&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp>
> >
> > this shows me a new Service-Ticket:
> > ST-13-iVqAlqSclCCdgMtASg07Cu75ETj9NN0pGPF-20
> >
> > 2. Access this with my Browser:
> >
> https://localhost/serviceValidate?ticket=ST-13-iVqAlqSclCCdgMtASg07Cu75ETj9NN0pGPF-20&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp
> <https://localhost/serviceValidate?ticket=ST-13-iVqAlqSclCCdgMtASg07Cu75ETj9NN0pGPF-20&service=https://localhost/testSpringAcegiCasTomcat/secure_irgendwas.jsp>
> >
> > this shows me all the attributes, that we defined in our
> CAS-Server. The
> > HTML-Source shows the whole response with XML-Tags
> >
> >
> > This is really strange, because I can't see any possibility, to
> acces
> > this response by using the acegi-beans.
> >
> > I am happy about all hints!!
> >
> > Regards Stefan
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> <<Bitte Beachten: Neue Anschrift, Telefon- und Faxnummer>>
>
> BA-Student Informationstechnik
> Stefan Dürr
> \TU-Darmstadt
> \\Hochschulrechenzentrum
> \\\(e-learning center)
> Petersenstraße 30
> 64287 Darmstadt
>
> Mail: duerr at elc.tu-darmstadt.de <mailto:duerr at elc.tu-darmstadt.de>
> Telefon: +49 6151 16 5638
> Fax: +49 6151 16 3050
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list