one more update
i have disabled the mod_auth_cas and using clients at Liferay and Websphere
server
On Thu, Dec 9, 2010 at 10:25 AM, Vipin Jain <vjsat...@gmail.com> wrote:
> I tried to read the remoteUser but i always get null.
> I deployed a servlet on the same Tomcat server as of CAS and displayed the
> headers. i see it null
>
> this is code snippet
>
> out.println("queryString=" + req.getQueryString());
> out.println("uri=" + req.getRequestURI());
> out.println("host=" + req.getServerName());
> out.println("user=" + req.getUserPrincipal());
> out.println("port=" + req.getServerPort());
> out.println("remoteuser=" + req.getgetRemoteUser());
>
> Should we change anyting at the CAS Tomcat Server level for enabling this?
>
> On Thu, Dec 9, 2010 at 9:11 AM, Vipin Jain <vjsat...@gmail.com> wrote:
>
>> Thanks Scott
>>
>> trying things out now.
>>
>>
>> On Thu, Dec 9, 2010 at 8:53 AM, Scott Battaglia <
>> scott.battag...@gmail.com> wrote:
>>
>>> On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain <vjsat...@gmail.com> wrote:
>>>
>>>> ok, but i am using the same CAS server for issuing the ticket at both
>>>> the clients.
>>>
>>>
>>> It doesn't matter. You can only validate a service ticket once. So if
>>> both clients get the same ticket, the second one will fail.
>>>
>>>
>>>
>>>>
>>>> also, is remoteUser a header which i can read
>>>>
>>>
>>> Its the HttpServletRequest#getRemoteUser().
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>> On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <
>>>> scott.battag...@gmail.com> wrote:
>>>>
>>>>> Two of them can't read the same ticket. Tickets can only be used once.
>>>>>
>>>>>
>>>>> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain <vjsat...@gmail.com>wrote:
>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> but we need protection even if anybody accesses the direct websphere
>>>>>> application so have CAS clients at both levels.
>>>>>>
>>>>>> Can't we have two CAS clients working at a time?
>>>>>>
>>>>>> Thanks
>>>>>> Vipin
>>>>>>
>>>>>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia <
>>>>>> scott.battag...@gmail.com> wrote:
>>>>>>
>>>>>>> You only need one CAS client. You either need to use mod_auth_cas
>>>>>>> (and then read the remoteUser) or use the CAS Client.
>>>>>>>
>>>>>>>
>>>>>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain <vjsat...@gmail.com>wrote:
>>>>>>>
>>>>>>>> Hello Scott,
>>>>>>>>
>>>>>>>> I have a peculiar problem
>>>>>>>>
>>>>>>>> We have configured the environment as below
>>>>>>>>
>>>>>>>> 1. Install CAS on Tomcat
>>>>>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL
>>>>>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS
>>>>>>>> Tomcat URL
>>>>>>>> 4. Proxy all the access through Apache
>>>>>>>>
>>>>>>>> Here is the flow
>>>>>>>>
>>>>>>>> 1. User access websphere application thru Apache
>>>>>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page
>>>>>>>> 3. User authenticates and it is redirected to the websphere
>>>>>>>> application
>>>>>>>> 4. Websphere CAS agent is not able to read the ticket and gives the
>>>>>>>> below error
>>>>>>>>
>>>>>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O has ticket?
>>>>>>>> =false
>>>>>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O request url=
>>>>>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces
>>>>>>>>
>>>>>>>> If we remove the mod_auth_cas from Apache and only Proxy the
>>>>>>>> application through apache. Everything works fine.
>>>>>>>>
>>>>>>>> So mod_auth_cas is creating issues.
>>>>>>>>
>>>>>>>> Can you please help me whats the problem.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Vipin
>>>>>>>>
>>>>>>>> --
>>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>>>>> scott.battag...@gmail.com
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>>>> vjsat...@gmail.com
>>>>>>>
>>>>>>>
>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>>> scott.battag...@gmail.com
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>> --
>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>> vjsat...@gmail.com
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>> scott.battag...@gmail.com
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> vjsat...@gmail.com
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
