If your proxycallback url is: https://my.server.com/TESTAPPLICATION/my/receptor
And your Context Path is: TESTAPPLICATION Then your filter's receptor url (check the wiki for the exact parameter name) is: /my/receptor If you don't configure those correctly then it won't work. This isn't a matter of servlets. You can stop creating them. Don't you think if one was needed, we would have provided you with one rather than having everyone write one? :-) -Scott On Tue, Mar 10, 2009 at 5:35 PM, <[email protected]> wrote: > You don't need a servlet, which I told you already. Please configure you > filter correctly instead of telling it your proxy callback url is an > endpoint you are not listening on. Make sure you configure the receptor and > callback url correctly. The documentation specifies how to do it in its > description of the parameters. > > Sent from my Verizon Wireless BlackBerry > > ------------------------------ > *From*: tedzo > *Date*: Tue, 10 Mar 2009 14:28:02 -0700 (PDT) > *To*: <[email protected]> > *Subject*: Re: [cas-user] Proxy validation question > Ok, I am almost there now. > I implemented and configured a servlet at the proxyCallbackUrl and now CAS > responds fine with a PGTIOU/PGT. > > The ProxyGrantingTicketStorageImpl seems to have saved the pair. Now I need > to figure out to access ProxyGrantingTicketStorageImpl from my code. How do > I retrieve it from ProxyGrantingTicketStorage? Also, once I retrieve it from > ProxyGrantingTicketStorage, can I save the IOU and reuse it? The code says > ProxyGrantingTicketStorageImpl removes the IOU/PGT once retrieved... > > Thanks for your time. > > > ------------------------------ > *From:* tedzo <[email protected]> > *To:* [email protected] > *Sent:* Tuesday, March 10, 2009 1:28:53 PM > *Subject:* Re: [cas-user] Proxy validation question > > Thanks for the response. > > It looks like CAS is getting a 404 when it hits the proxyCallbackUrl (I > changed the name from PGTReceive to proxyValidate in my config). > > So, this is kind of where I started from in my first message. I thought I > needed to implement a servlet and map/configure it to the the > proxyCallbackUrl. And I thought that class (the one mapped to > /proxyValidate) would implement HttpServlet with doGet() and doPost() > methods and CAS would call it with the PGTIOU/PGT pair. However, Scott's > response seemed to suggest such a servlet is not required. So, what is CAS > now not finding (404)? > > 2009-03-10 13:01:34,864 DEBUG > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor generated > service for: http://tedzo-wxp01.bling.com:8080/Test/Test.jsp > 2009-03-10 13:01:34,864 DEBUG > [org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler] > - Attempting to resolve credentials for [callbackUrl: > https://tedzo-wxp01.bling.com:8443/Test/proxyValidate] > 2009-03-10 13:01:34,896 DEBUG [org.jasig.cas.util.HttpClient] - Response > Code did not match any of the acceptable response codes. Code returned was > 404 > 2009-03-10 13:01:34,896 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler > failed to authenticate the user which provided the following credentials: > [callbackUrl: https://tedzo-wxp01.bling.com:8443/Test/proxyValidate] > 2009-03-10 13:01:34,911 ERROR [org.jasig.cas.web.ServiceValidateController] > - TicketException generating ticket for: [callbackUrl: > https://tedzo-wxp01.bling.com:8443/Test/proxyValidate] > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > > > Thank you for your time. > > > ------------------------------ > *From:* Scott Battaglia <[email protected]> > *To:* [email protected] > *Sent:* Tuesday, March 10, 2009 11:55:47 AM > *Subject:* Re: [cas-user] Proxy validation question > > Increase the DEBUG log for CAS and you'll find out why the proxy callback > is failing. Log4j settings are in WEB-INF/classes/log4j.properties > > -Scott > > > On Tue, Mar 10, 2009 at 2:21 PM, tedzo <[email protected]> wrote: > >> You saying that I don't need a seperate servlet. Then who receives the >> PGTIOU/PGT pair? Does proxyCallbackUrl have to be a valid URL or not is what >> I don't understand. >> >> I tried logging in with my setup and I can authenticate fine, but I don't >> see PGTIOU mentioned anywhere in the logs and I see a wierd exception. I >> think I haven't configured something right. Could you kindly verify my >> config values for Cas20ProxyReceivingTicketValidationFilter? Specifically, >> <filter> >> <filter-name>CAS Cas20ProxyReceivingTicketValidation >> Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://tedzo-wxp01.bling.com:8443/cas-server-3.3 >> </param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://tedzo-wxp01.bling.com:8080</param-value> >> </init-param> >> <init-param> >> <param-name>proxyCallbackUrl</param-name> >> <param-value>https://tedzo-wxp01.bling.com:8443/Test/PGTReceive >> </param-value> >> </init-param> >> <init-param> >> <param-name>proxyReceptorUrl</param-name> >> <param-value>/PGTReceive</param-value> >> </init-param> >> <init-param> >> <param-name>acceptAnyProxy</param-name> >> <param-value>true</param-value> >> </init-param> >> </filter> >> >> In the logs I see an exception- >> >> 2009-03-10 10:59:57,343 DEBUG >> [org.jasig.cas.client.validation.Cas20ProxyTicketV >> alidator] - <Constructing validation url: >> https://tedzo-wxp01.bling.com:8443/ >> cas-server-3.3/proxyValidate?pgtUrl=https%3A%2F%2Ftedzo-wxp01.bling.com<http://2ftedzo-wxp01.bling.com/> >> %3A844 >> >> 3%2FTest%2FPGTReceive&ticket=ST-1-CugnMIPTShfY2NtGKPSN-cas&service=http%3A%2F%2F >> tedzo-wxp01.bling.com%3A8080%2FTest%2FTest.jsp> >> 2009-03-10 10:59:57,343 DEBUG >> [org.jasig.cas.client.validation.Cas20ProxyTicketV >> alidator] - <Retrieving response from server.> >> <--------------lot of ssl stuff-----------------> >> 2009-03-10 11:13:56,509 ERROR >> [org.jasig.cas.web.ServiceValidateController] - <T >> icketException generating ticket for: [callbackUrl: >> https://tedzo-wxp01.bling >> .com:8443/Test/PGTReceive]> >> org.jasig.cas.ticket.TicketCreationException: >> error.authentication.credentials.u >> nsupported >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting >> Ticket(CentralAuthenticationServiceImpl.java:291) >> at >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Ser >> viceValidateController.java:126) >> Caused by: error.authentication.credentials.unsupported >> at >> org.jasig.cas.authentication.handler.UnsupportedCredentialsException. >> <clinit>(UnsupportedCredentialsException.java:21) >> at >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(A >> uthenticationManagerImpl.java:116) >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting >> Ticket(CentralAuthenticationServiceImpl.java:262) >> What credentials are unsupported? >> >> Thanks for your time. >> ------------------------------ >> *From:* Scott Battaglia <[email protected]> >> *To:* [email protected] >> *Sent:* Monday, March 9, 2009 8:11:28 PM >> *Subject:* Re: [cas-user] Proxy validation question >> >> You shouldn't be configuring a separate servlet. We don't even include >> one. All the logic is built into the filter. Proxy Callback Url is the >> fully qualified URL that is sent to the CAS server. The receptor is the >> path portion that the filter should listen for PGT/PGTIOU requests. >> >> >> >> On Mon, Mar 9, 2009 at 11:05 PM, tedzo <[email protected]> wrote: >> >>> I am trying to setup proxy validation and despite all the messages on >>> this list, I am lost (or maybe I am just too tired). Kindly bear with me- >>> >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive>I am trying to >>> access <https://tedzo-wxp01.bling.com:8443/Test/Test.jsp> >>> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp >>> to begin with. >>> 1. I modify web.xml to add Cas20ProxyReceivingTicketValidationFilter >>> (among others. This client 3.1.3). >>> >>> 2. I add the init param proxyCallbackUrl ( >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >>> https://tedzo-wxp01.bling.com:8443/Test/PGTReceive ) >>> PGTReceive is a Servlet that will receive the PGTIOU/PGT pair. >>> >>> 3. Set allowAnyProxy to true, for now. >>> >>> 4. Now, PGTReceive is a servlet with a doGet and doPost methods. CAS will >>> POST/GET the PGTIOU/PGT pair to this servlet? How do I extract it? (session >>> variable? name of variable?) >>> >>> 5. Originally, I was trying to reach >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >>> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp. >>> I should be able to have access to half (PGTIOU) of the PGTIOU/PGT pair from >>> Test.jsp, so that I could get the PGT from PGTReceive servlet. How do I >>> access the PGTIOU from Test.jsp? Is it in the session or something? >>> >>> 6. Is the PGT from the PGTIOU/PGT pair a one time use only kind of ticket >>> or can I use it multiple times? Meaning, I get to the PGT somehow and then I >>> pass it on the the proxied application. Then can I pass the same PGT to >>> different proxied application? >>> >>> 7. I couldn't understand the difference between proxyReceptorUrl and >>> proxyCallbackUrl. Both seem to be receiving the PGTIOU/PGT pair.... >>> >>> Greatly appreciate your thoughts (or pointers to any documentation). >>> >>> Thanks. >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > ------------------------------ > *From:* Scott Battaglia <[email protected]> > *To:* [email protected] > *Sent:* Tuesday, March 10, 2009 11:55:47 AM > *Subject:* Re: [cas-user] Proxy validation question > > Increase the DEBUG log for CAS and you'll find out why the proxy callback > is failing. Log4j settings are in WEB-INF/classes/log4j.properties > > -Scott > > > On Tue, Mar 10, 2009 at 2:21 PM, tedzo <[email protected]> wrote: > >> You saying that I don't need a seperate servlet. Then who receives the >> PGTIOU/PGT pair? Does proxyCallbackUrl have to be a valid URL or not is what >> I don't understand. >> >> I tried logging in with my setup and I can authenticate fine, but I don't >> see PGTIOU mentioned anywhere in the logs and I see a wierd exception. I >> think I haven't configured something right. Could you kindly verify my >> config values for Cas20ProxyReceivingTicketValidationFilter? Specifically, >> <filter> >> <filter-name>CAS Cas20ProxyReceivingTicketValidation >> Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://tedzo-wxp01.bling.com:8443/cas-server-3.3 >> </param-value> >> </init-param> >> <init-param> >> <param-name>serverName</param-name> >> <param-value>http://tedzo-wxp01.bling.com:8080</param-value> >> </init-param> >> <init-param> >> <param-name>proxyCallbackUrl</param-name> >> <param-value>https://tedzo-wxp01.bling.com:8443/Test/PGTReceive >> </param-value> >> </init-param> >> <init-param> >> <param-name>proxyReceptorUrl</param-name> >> <param-value>/PGTReceive</param-value> >> </init-param> >> <init-param> >> <param-name>acceptAnyProxy</param-name> >> <param-value>true</param-value> >> </init-param> >> </filter> >> >> In the logs I see an exception- >> >> 2009-03-10 10:59:57,343 DEBUG >> [org.jasig.cas.client.validation.Cas20ProxyTicketV >> alidator] - <Constructing validation url: >> https://tedzo-wxp01.bling.com:8443/ >> cas-server-3.3/proxyValidate?pgtUrl=https%3A%2F%2Ftedzo-wxp01.bling.com<http://2ftedzo-wxp01.bling.com/> >> %3A844 >> >> 3%2FTest%2FPGTReceive&ticket=ST-1-CugnMIPTShfY2NtGKPSN-cas&service=http%3A%2F%2F >> tedzo-wxp01.bling.com%3A8080%2FTest%2FTest.jsp> >> 2009-03-10 10:59:57,343 DEBUG >> [org.jasig.cas.client.validation.Cas20ProxyTicketV >> alidator] - <Retrieving response from server.> >> <--------------lot of ssl stuff-----------------> >> 2009-03-10 11:13:56,509 ERROR >> [org.jasig.cas.web.ServiceValidateController] - <T >> icketException generating ticket for: [callbackUrl: >> https://tedzo-wxp01.bling >> .com:8443/Test/PGTReceive]> >> org.jasig.cas.ticket.TicketCreationException: >> error.authentication.credentials.u >> nsupported >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting >> Ticket(CentralAuthenticationServiceImpl.java:291) >> at >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Ser >> viceValidateController.java:126) >> Caused by: error.authentication.credentials.unsupported >> at >> org.jasig.cas.authentication.handler.UnsupportedCredentialsException. >> <clinit>(UnsupportedCredentialsException.java:21) >> at >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(A >> uthenticationManagerImpl.java:116) >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGranting >> Ticket(CentralAuthenticationServiceImpl.java:262) >> What credentials are unsupported? >> >> Thanks for your time. >> ------------------------------ >> *From:* Scott Battaglia <[email protected]> >> *To:* [email protected] >> *Sent:* Monday, March 9, 2009 8:11:28 PM >> *Subject:* Re: [cas-user] Proxy validation question >> >> You shouldn't be configuring a separate servlet. We don't even include >> one. All the logic is built into the filter. Proxy Callback Url is the >> fully qualified URL that is sent to the CAS server. The receptor is the >> path portion that the filter should listen for PGT/PGTIOU requests. >> >> >> >> On Mon, Mar 9, 2009 at 11:05 PM, tedzo <[email protected]> wrote: >> >>> I am trying to setup proxy validation and despite all the messages on >>> this list, I am lost (or maybe I am just too tired). Kindly bear with me- >>> >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive>I am trying to >>> access <https://tedzo-wxp01.bling.com:8443/Test/Test.jsp> >>> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp >>> to begin with. >>> 1. I modify web.xml to add Cas20ProxyReceivingTicketValidationFilter >>> (among others. This client 3.1.3). >>> >>> 2. I add the init param proxyCallbackUrl ( >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >>> https://tedzo-wxp01.bling.com:8443/Test/PGTReceive ) >>> PGTReceive is a Servlet that will receive the PGTIOU/PGT pair. >>> >>> 3. Set allowAnyProxy to true, for now. >>> >>> 4. Now, PGTReceive is a servlet with a doGet and doPost methods. CAS will >>> POST/GET the PGTIOU/PGT pair to this servlet? How do I extract it? (session >>> variable? name of variable?) >>> >>> 5. Originally, I was trying to reach >>> <https://tedzo-wxp01.bling.com:8443/Test/PGTReceive> >>> https://tedzo-wxp01.bling.com:8443/Test/<https://tedzo-wxp01.bling.com:8443/Test/Test.jsp>Test.jsp. >>> I should be able to have access to half (PGTIOU) of the PGTIOU/PGT pair from >>> Test.jsp, so that I could get the PGT from PGTReceive servlet. How do I >>> access the PGTIOU from Test.jsp? Is it in the session or something? >>> >>> 6. Is the PGT from the PGTIOU/PGT pair a one time use only kind of ticket >>> or can I use it multiple times? Meaning, I get to the PGT somehow and then I >>> pass it on the the proxied application. Then can I pass the same PGT to >>> different proxied application? >>> >>> 7. I couldn't understand the difference between proxyReceptorUrl and >>> proxyCallbackUrl. Both seem to be receiving the PGTIOU/PGT pair.... >>> >>> Greatly appreciate your thoughts (or pointers to any documentation). >>> >>> Thanks. >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
