Something changed with CAS. They check now for what service you're asking a
PT
For uPortal, I was obliged to put this in the web.xml: for the client side
<init-param>
<param-name>*allowedProxyChains*</param-name>
<param-value>*.**</param-value>
</init-param>
In the CAS filter parameter
And for the service, you can change .* with the name of the service you're
proxying to
*proxyPolicy:*
* {*
* @class:
org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy*
* pattern: .**
* }*
and in the attributerelease section:
*authorizedToReleaseProxyGrantingTicket: true*
Le jeudi 19 avril 2018 12:47:13 UTC+2, Corsair Hxw a écrit :
>
> Hello,
>
> Thank you for guiding me to the proxy authentication link. Found tons of
> information regarding the proxying applications.
>
> I am very new to CAS world. There could be many things that could be wrong
> in my configuration. So thank you providing the information
> *attributeReleasePolicy*.
>
> I changed the service json and *authorizedToReleaseProxyGrantingTicket
> *property
> is now set to "true".
> Even after making these chagnes, null proxy ticket is returned.
>
> Is there anything else that I could be missing?
>
> Regards
>
> On Thursday, April 19, 2018 at 12:40:26 AM UTC+5:30, Manfredo Hopp wrote:
>>
>> read
>> https://apereo.github.io/cas/5.2.x/installation/Configuring-Proxy-Authentication.html
>>
>> The service must also be authorized to receive the PGT as an attribute
>> for the given attribute release policy of choice.
>>
>> 1
>> 2
>> 3
>> 4
>> 5
>> 6
>> 7
>> 8
>> 9
>> 10
>> 11
>> 12
>> 13
>> 14
>> 15
>> 16
>>
>> {
>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>> "serviceId" : "^https://.+";,
>> "name" : "test",
>> "id" : 1,
>> "evaluationOrder" : 0,
>> "attributeReleasePolicy" : {
>> "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy",
>> "authorizedToReleaseProxyGrantingTicket" : true
>> },
>>
>>
>>
>> 2018-04-18 10:08 GMT-03:00 Corsair Hxw <[email protected]>:
>>
>>> Hello,
>>>
>>> I am using CAS Maven Overlay (*version 5.2.3*) to build CAS server.
>>> The CAS server is running on http://localhost:8080/cas
>>>
>>> I have changed POM and added dependency for json service registry:
>>> <dependencies>
>>> <dependency>
>>> <groupId>org.apereo.cas</groupId>
>>> <artifactId>cas-server-support-json-service-registry
>>> </artifactId>
>>> <version>${cas.version}</version>
>>> </dependency>
>>> </dependencies>
>>>
>>> I have provided two service json files in /services:
>>> *greet-1.json*
>>> {
>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>> "serviceId" : "http://localhost:8090/greet";,
>>> "name" : "greet",
>>> "id" : 1,
>>> "evaluationOrder" : 1
>>> }
>>>
>>> *user-2.json*
>>> {
>>> "@class" : "org.apereo.cas.services.RegexRegisteredService",
>>> "serviceId" : "http://localhost:8090/user";,
>>> "name" : "user",
>>> "id" : 2,
>>> "evaluationOrder" : 2
>>> }
>>>
>>> From my web application 1, I am trying to get the proxy ticket for
>>> another web application 2.
>>> Web Application 1 Controller class is as below:
>>> package com.learn.cas.proxyticket;
>>>
>>> import org.jasig.cas.client.authentication.AttributePrincipal;
>>> import org.springframework.security.cas.authentication.
>>> CasAuthenticationToken;
>>> import org.springframework.security.core.Authentication;
>>> import org.springframework.web.bind.annotation.GetMapping;
>>> import org.springframework.web.bind.annotation.RestController;
>>>
>>> @RestController
>>> public class GreetingsController {
>>>
>>> @GetMapping("/greet")
>>> public String greetWithProxyTicket(Authentication authentication) {
>>> String proxyTicket = null;
>>>
>>>
>>> if (authentication != null && authentication instanceof
>>> CasAuthenticationToken {
>>> AttributePrincipal principal = ((CasAuthenticationToken)
>>> authentication).getAssertion().getPrincipal();
>>>
>>> if (principal != null) {
>>> proxyTicket = principal.getProxyTicketFor("
>>> http://localhost:8090/user";);
>>> }
>>> }
>>>
>>> return proxyTicket;
>>> }
>>> }
>>>
>>> Here, the returned value is always null. getProxyTicketFor always gives
>>> me *null *value.
>>> Web application 1 pom.xml and application.yml files are attached in case
>>> they are needed.
>>>
>>> Any help on this is appreciated. Stuck on this for like month now :(
>>>
>>> Best Regards,
>>> Corsair
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc0cd2d2-5eb4-4d85-af80-71ea06696044%40apereo.org
>>>
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/dc0cd2d2-5eb4-4d85-af80-71ea06696044%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>>
>>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/121ebb38-a91a-4afc-ba57-8372a2578784%40apereo.org.
