Yes, CAS will not by default send back a PGT to a non-https url. You have to change the HttpCredentialAuthenticationHandler's configuration to accept a non-secure url (its one of its properties)
On Tue, Aug 14, 2012 at 1:47 PM, Roberto Carlos González Flores < iscrobertogonza...@gmail.com> wrote: > It means this happens because I'm not using https? > > I'll try to search how to change it, we're not ready to use https for the > prototype, thanks. > > > 2012/8/14 Scott Battaglia <scott.battag...@gmail.com> > >> By default, CAS will reject non-secure callback urls. There is a a way >> to change it, but I can't remember it off the top of my head. >> >> >> On Tue, Aug 14, 2012 at 1:31 PM, Roberto Carlos González Flores < >> iscrobertogonza...@gmail.com> wrote: >> >>> FirstService.war and secondService.war have the CAS Filter configured. >>> >>> If the user clicks from firstservice web app to the secondService web >>> app CAS doesn't recognize that the user is logged in and is asking for >>> credentials, so I'm sending the service ticket to call the secondService ( >>> request parameters), but it shows me that ticket isn't available for the >>> secondService ( this totally make sense), so I'm working on how to open the >>> second webapp (same browser, same webserver) without asking the user again >>> for credentials. I thought using a proxy will be a good idea ( I don't know >>> maybe I don't need the proxy). >>> >>> This is my query (I'm using CAS 3.3.5). >>> >>> http://localhost:8080/cas/serviceValidate?service=http://localhost:8080firstService/&ticket=ST-2-kfPAuEt5sxFLGW9oVGDG-cas&pgtURL=http://localhost:8080/secondService/ >>> >>> >>> >>> 2012/8/14 Scott Battaglia <scott.battag...@gmail.com> >>> >>>> It most likely means the callback did not succeed. What is the >>>> callback url that you passed? >>>> >>>> >>>> On Tue, Aug 14, 2012 at 11:59 AM, Roberto Carlos González Flores < >>>> iscrobertogonza...@gmail.com> wrote: >>>> >>>>> >>>>> Any reason of why my CAS implementation can't validate using >>>>> /serviceValidate, when I use /proxyValidate it returns >>>>> >>>>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >>>>> <cas:authenticationSuccess> >>>>> <cas:user>UserName</cas:user> >>>>> >>>>> >>>>> </cas:authenticationSuccess> >>>>> </cas:serviceResponse> >>>>> >>>>> >>>>> but there's not PGT there so I can't use CAS like a SSO, weird stuff. >>>>> >>>>> >>>>> -- >>>>> Carlos >>>>> >>>>> -- >>>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>>> scott.battag...@gmail.com >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>>> >>>>> >>>> -- >>>> You are currently subscribed to cas-dev@lists.jasig.org as: >>>> iscrobertogonza...@gmail.com >>>> >>>> >>>> >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>>> >>>> >>> >>> >>> -- >>> Carlos >>> >>> -- >>> You are currently subscribed to cas-dev@lists.jasig.org as: >>> scott.battag...@gmail.com >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-dev >>> >>> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> iscrobertogonza...@gmail.com >> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > > > -- > Carlos > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
