CAS 3.21 + application -- very urgent help needed please !!
Andrew R Feller
afelle1 at lsu.edu
Wed May 21 07:27:43 EDT 2008
Edward,
You are on the right track: you must integrate a CAS client with you
Java web app and configure the CAS client to communicate with a CAS
server. Here are links for each within the JA-SIG wiki:
Latest CAS client: 3.1.1
(http://www.ja-sig.org/wiki/display/CASC/CAS+Client+for+Java+3.1)
In order to get the authenticated user via request.getRemoteUser(), you
must declare the HttpServletRequestWrapperFilter filter along with the
AuthenticationFilter and TicketValidationFilter filters. For a simple
configuration, try using the web.xml configuration over Spring.
Andrew R Feller, Analyst
University Information Systems
200 Fred Frey Building
Louisiana State University
Baton Rouge, LA, 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
-----Original Message-----
From: cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu]
On Behalf Of Edward Chen
Sent: Tuesday, May 20, 2008 11:24 PM
To: Yale CAS mailing list
Subject: Re: CAS 3.21 + application -- very urgent help needed please !!
I am kind of understanding...
In order to display request.getRemoteUser() value in my test.jsp, I need
to integrate cas client 3.1.1 to my application, for Recruiting
application. The reason why my current test.jsp returns null value is
because I haven't integrate cas client 3.21 with my application, Is it
correct?
I am done with the server side configuration, right?
If so, how to integrate cas client 3.11 to my java/jsp application? do
you have an instruction?
Edward
Scott Battaglia wrote:
> When CASifying an application, you integrate the CAS client with your
> application. You don't integrate the CAS client with the CAS server
> software. The CAS client library is what allows the application to
> communicate with the CAS server.
>
> You should be configuring the wrapper on YOUR application if you want
> access to request.getRemoteUser().
>
> -Scott
>
> On Tue, May 20, 2008 at 11:22 PM, Edward Chen <edwardc at wolfram.com
> <mailto:edwardc at wolfram.com>> wrote:
>
> Adam and Scott,
>
> It seems to me that I missing the client configuration. I tried to
> locate HttpServletRequestWrapperFilter file but I don't find them
> in my
> cas 3.21 folder. So, I download "cas-client-3.1.1-release" and I
find
> HttpServletRequestWrapperFilter file in it. I wonder if I need to
> integrate client into server. If yes, how to integrate
> case-client-3.1.1? using maven? ??
>
> I am stuck in this problem.
>
> Edward
>
> Adam Rybicki wrote:
> > Edward,
> >
> > It's hard to tell what effect your cas.war file custom build may
> have
> > on CAS itself. Let's assume for the time being, that this is
fine.
> >
> > Did you have a chance to look inside the Tomcat logs as the
error
> > message was suggesting? Getting no response from CAS could be
> caused
> > by a certificate error. I looked at
> > AbstractCasProtocolUrlBasedTicketValidator, and it is possible
that
> > this class would return null on a communication error with CAS
> > server. It logs the error and returns null. Can you locate the
log
> > file? I think that the CAS Client may be actually using the log
> file
> > of your application.
> >
> > Adam
> >
> > Edward Chen wrote:
> >> Hi Scott and other experts,
> >>
> >> Hi,
> >>
> >> Just a thought about this problem. I don't know if it will
make a
> >> difference.
> >>
> >> I think maybe the CAS in my tomcat is different. Why?
> >>
> >> I deployed my CAS to Tomcat by other method - our own
build.xml.
> >>
> >> CAS 3.2.1 is built with Maven 2.0.9. <http://2.0.9.> I generate
> cas.war not by Maven,
> >> but by my build.xml
> >>
> >> The current problem seems to me that the CAS only talks itself
> and not
> >> react to any applications. That is why there is
> >>
> >> "...The CAS server returned no response...." when CAS linking
to an
> >> application.
> >>
> >> What do you think?
> >>
> >> Edward
> >>
> >>
> >> Scott Battaglia wrote:
> >>
> >>> Edward,
> >>>
> >>> Can you try using the CAS 20 filter and see if that works?
> >>>
> >>> -Scott
> >>>
> >>> On Fri, May 16, 2008 at 11:52 PM, Edward Chen
> <edwardc at wolfram.com <mailto:edwardc at wolfram.com>
> >>> <mailto:edwardc at wolfram.com <mailto:edwardc at wolfram.com>>>
wrote:
> >>>
> >>> Here it's what I modify below. But it still doesn't work.
> I have the
> >>> following exception. Can you tell what 's wrong with it?
> Anything
> >>> wrong
> >>> with my cas filter?? Please help--very urgent
> >>>
> >>>
> >>> HTTP Status 500 -
> >>>
> >>>
>
------------------------------------------------------------------------
> >>>
> >>> *type* Exception report
> >>>
> >>> *message*
> >>>
> >>> *description* _The server encountered an internal error ()
> that
> >>> prevented it from fulfilling this request._
> >>>
> >>> *exception*
> >>>
> >>> javax.servlet.ServletException: The CAS server returned no
> response.
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(
AbstractTicketValidationFilter.java:152)
> >>>
> >>>
>
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authen
ticationFilter.java:103)
> >>>
> >>> *root cause*
> >>>
> >>> org.jasig.cas.client.validation.TicketValidationException:
> The CAS
> >>> server returned no response.
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate
(AbstractUrlBasedTicketValidator.java:162)
> >>>
> >>>
>
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(
AbstractTicketValidationFilter.java:129)
> >>>
> >>>
>
org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(Authen
ticationFilter.java:103)
> >>>
> >>> *note* _The full stack trace of the root cause is
> available in the
> >>> Apache Tomcat/5.5.25 logs._
> >>>
> >>>
>
------------------------------------------------------------------------
> >>>
> >>>
> >>> Apache Tomcat/5.5.25
> >>>
> >>>
> >>>
> >>> ..........
> >>> <filter>
> >>> <filter-name>CAS Authentication Filter</filter-name>
> >>>
> >>>
>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</
filter-class>
> >>> <init-param>
> >>> <param-name>casServerLoginUrl</param-name>
> >>>
> <param-value>https://casserver:8443/CAS/login</param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>service</param-name>
> >>>
> >>>
>
<param-value>http://casserver:8080/Recruiting/test.jsp</param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>serverName</param-name>
> >>> <param-value>casserver:8080</param-value>
> >>> </init-param>
> >>> </filter>
> >>>
> >>> <filter>
> >>> <filter-name>CAS Validation Filter</filter-name>
> >>>
> >>>
>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilte
r</filter-class>
> >>> <init-param>
> >>> <param-name>casUrlServerPrefix</param-name>
> >>>
<param-value>https://casserver:8443/CAS</param-value>
> >>> </init-param>
> >>> <init-param>
> >>> <param-name>serverName</param-name>
> >>> <param-value>casserver:8080</param-value>
> >>> </init-param>
> >>> </filter>
> >>>
> >>> <filter>
> >>> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>>
> >>>
>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter<
/filter-class>
> >>> </filter>
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS Authentication Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping>
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS Validation Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping >
> >>>
> >>> <filter-mapping>
> >>> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
> >>> <url-pattern>/*</url-pattern>
> >>> </filter-mapping >
> >>> .............
> >>>
> >>>
> >>> Edward
> >>>
> >>> Adam Rybicki wrote:
> >>> > Scott's right, of course. The Thread Local filter is
> not needed for
> >>> > what you need. It becomes handy if you don't have
> access to the
> >>> > HttpServletRequest.
> >>> >
> >>> > Adam
> >>> >
> >>> > Scott Battaglia wrote:
> >>> >> On Fri, May 16, 2008 at 7:32 PM, Adam Rybicki
> >>> <arybicki at unicon.net <mailto:arybicki at unicon.net>
> <mailto:arybicki at unicon.net <mailto:arybicki at unicon.net>>
> >>> >> <mailto:arybicki at unicon.net
> <mailto:arybicki at unicon.net> <mailto:arybicki at unicon.net
> <mailto:arybicki at unicon.net>>>> wrote:
> >>> >>
> >>> >> Edward,
> >>> >>
> >>> >> Cross-posting to the wrong list (cas-dev) will not
> speed up
> >>> a reply.
> >>> >>
> >>> >> One thing you'll need is an additional filter.
> Actually,
> >>> two of
> >>> >> them, I think. To make getRemoteUser() work,
> you'll need them
> >>> >> configured similar to this:
> >>> >>
> >>> >> <filter>
> >>> >> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>> >>
> >>> >>
> >>>
>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter<
/filter-class>
> >>> >> </filter>
> >>> >>
> >>> >> <filter>
> >>> >> <filter-name>CAS Assertion Thread Local
> >>> Filter</filter-name>
> >>> >>
> >>> >>
> >>>
>
<filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filt
er-class>
> >>> >> </filter>
> >>> >>
> >>> >> <filter-mapping>
> >>> >> <filter-name>CAS HttpServletRequest Wrapper
> >>> Filter</filter-name>
> >>> >>
> >>> >> <url-pattern>/*</url-pattern>
> >>> >> </filter-mapping>
> >>> >>
> >>> >> <filter-mapping>
> >>> >> <filter-name>CAS Assertion Thread Local
> >>> Filter</filter-name>
> >>> >>
> >>> >> <url-pattern>/*</url-pattern>
> >>> >> </filter-mapping>
> >>> >>
> >>> >>
> >>> >> What concerns me is that, while you are using the
> JA-SIG CAS
> >>> >> Client, the exception message you included appears
> to have come
> >>> >> from the Yale CAS Filter. I don't think you need
both.
> >>> >>
> >>> >>
> >>> >> Adam beat me to it. But you are including the
> configuration
> >>> for the
> >>> >> JASIG CAS Client but an error message from the Yale CAS
> client.
> >>> >> That's impossible unless you have both of them
> configured, which I
> >>> >> don't think has ever been tried. I'd recommend just
> sticking with
> >>> >> one of them. If you merely wish to read the
> request.getRemoteUser,
> >>> >> you also won't need the ThreadLocal filter either.
> >>> >>
> >>> >> -Scott
> >>> >>
> >>> >>
> >>> >>
> >>> >> Adam
> >>> >>
> >>> >> Edward Chen wrote:
> >>> >>> I installed CAS 3.2.1 and deployed successfully
> with LDAP
> >>> in my
> >>> >>> Windows XP and Tomcat5.25. Now I want to link the
> simple jsp
> >>> >>> application in Tomcat to CAS. I modified the CAS
> filter in
> >>> >>> web.xml as bellow. If I comment out "CAS
> Validation Filter", I
> >>> >>> got redirected to CAS and passed CAS login and
> went back
> >>> to the
> >>> >>> application. However, I got "null" value
> >>> >>> (<%=request.getRemoteUser()%>) in my test.jsp. It
> should be
> >>> >>> supposed to have the CAS login username. If I
don't
> >>> comment out
> >>> >>> "CAS Validation Filter", I got redirected to CAS
and
> >>> passed CAS
> >>> >>> login. But when CAS went back to the application,
it
> >>> throws out
> >>> >>> exception, something like "*exception*
> >>> >>> javax.servlet.ServletException: Unable to validate
> >>> >>> ProxyTicketValidator
> >>> >>> [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> >>> >>> proxyList=[null]
> >>> >>> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> ..... " It
> >>> >>> seems to me that the validation doesn't work. What
is
> >>> wrong with
> >>> >>> it? How to fix it? any recommendation?? any thing
> wrong
> >>> with the
> >>> >>> following CAS filter?? Very urgent help needed!!!
> ........
> >>> >>> <filter> <filter-name>CAS Authentication
> Filter</filter-name>
> >>> >>>
> >>>
>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</
filter-class>
> >>> >>> <init-param>
> <param-name>casServerLoginUrl</param-name>
> >>> >>>
> <param-value>https://xxxxxxxxx:8443/CAS/login</param-value>
> >>> >>> </init-param> <init-param>
> <param-name>service</param-name>
> >>> >>>
> >>>
>
<param-value>http://xxxxxxxxx:8080/Recruiting/test.jsp</param-value>
> >>> >>> </init-param> <init-param>
> <param-name>serverName</param-name>
> >>> >>> <param-value>xxxxxxx:8080/</param-value>
</init-param>
> >>> </filter>
> >>> >>> <filter> <filter-name>CAS Validation
> Filter</filter-name>
> >>> >>>
> >>>
>
<filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilte
r</filter-class>
> >>> >>> <init-param>
> <param-name>casUrlServerPrefix</param-name>
> >>> >>>
<param-value>https://xxxxxxx:8443/CAS</param-value>
> >>> >>> </init-param> <init-param>
> <param-name>serverName</param-name>
> >>> >>> <param-value>xxxxxxxxxxx:8080/</param-value>
> </init-param>
> >>> >>> </filter> <filter-mapping> <filter-name>CAS
> Authentication
> >>> >>> Filter</filter-name> <url-pattern>/*</url-pattern>
> >>> >>> </filter-mapping> <!--filter-mapping>
<filter-name>CAS
> >>> >>> Validation Filter</filter-name>
> <url-pattern>/*</url-pattern>
> >>> >>> </filter-mapping --> ...................
> >>> >>> ______________________________
> >>> >>> _________________
> >>> >>> Yale CAS mailing list
> >>> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>>
> >>> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> >> _______________________________________________
> >>> >> Yale CAS mailing list
> >>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>>
> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> >>
> >>> >>
> >>> >>
> >>> >> --
> >>> >> -Scott Battaglia
> >>> >> PGP Public Key Id: 0x383733AA
> >>> >> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >>> >>
> >>>
>
------------------------------------------------------------------------
> >>> >>
> >>> >> _______________________________________________
> >>> >> Yale CAS mailing list
> >>> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >>
> >>> > _______________________________________________
> >>> > Yale CAS mailing list
> >>> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> > http://tp.its.yale.edu/mailman/listinfo/cas
> >>> >
> >>>
> >>> _______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> -Scott Battaglia
> >>> PGP Public Key Id: 0x383733AA
> >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >>>
>
------------------------------------------------------------------------
> >>>
> >>> _______________________________________________
> >>> Yale CAS mailing list
> >>> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> >>> http://tp.its.yale.edu/mailman/listinfo/cas
> >>>
> >>>
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >>
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
cas at tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080521/34b46902/attachment.html
More information about the cas
mailing list