Hi, Yesterday, I had the same question on stack overflow and updated: http://jasig.github.io/cas/development/protocol/CAS-Protocol.html. We might have a better documentation somewhere, but I haven't been able to find it back. Best regards
Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-11-04 10:28 GMT+01:00 jeffrey tan <double.chee...@gmail.com>: > Hi Jérôme LELEU, > > Now i understand, do u have any link for about p3 endpoint which i can > refer and study? > > Best regards, > Jeffrey. > > On Tuesday, November 4, 2014 5:18:32 PM UTC+8, Jérôme LELEU wrote: >> >> Hi, >> >> SAML 1.1 support was primarly created to retrieve user attributes, which >> can now be done using the /p3 endpoint. So SAML is not necessary by default >> in CAS 4.0 and was therefore made optional. >> >> Best regards, >> >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> 2014-11-04 10:14 GMT+01:00 jeffrey tan <double....@gmail.com>: >> >>> Hi Jérôme LELEU, >>> >>> Work like a charm! thanks for ur help! >>> >>> But why does CAS4 does not auto enable this? since 3.5.2 is >>> enabled....... >>> >>> Anyway thanks! >>> >>> Best regards, >>> Jeffrey. >>> >>> >>> On Tuesday, November 4, 2014 4:33:00 PM UTC+8, Jérôme LELEU wrote: >>>> >>>> Hi, >>>> >>>> OK. I see. If you get the login page instead of the SAML response, I >>>> guess that the SAML support is not enabled and indeed, it is not by default >>>> in CAS 4.0. >>>> You need to follow this documentation: http://jasig.gi >>>> thub.io/cas/4.0.0/protocol/SAML-Protocol.html, part "SAML 1.1". >>>> >>>> Best regards, >>>> >>>> >>>> Jérôme LELEU >>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>> >>>> 2014-11-04 9:19 GMT+01:00 jeffrey tan <double....@gmail.com>: >>>> >>>>> hi, >>>>> >>>>> is u again :) >>>>> i not yet try 3.2.5.RELEASE, but i did try >>>>> >>>>> 1. to check the saml response, as i said, i breakpoint to view the >>>>> return response. its return me html of my login page. >>>>> >>>>> 2. i use cas-client-core latest version from maven, still same result. >>>>> >>>>> 3. is not i dont want to use 3.2.5.RELEASE, just when i upgrade, i met >>>>> some exceptions(will try to solve it) >>>>> >>>>> >>>>> On Tuesday, November 4, 2014 3:01:37 PM UTC+8, Jérôme LELEU wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Did you try with a more recent CAS client by Spring Security >>>>>> (3.2.5.RELEASE)? Did you enable DEBUG logs (org.jasig) on client side to >>>>>> see the SAML response returned by the CAS server? >>>>>> >>>>>> Thanks. >>>>>> Best regards, >>>>>> >>>>>> Jérôme LELEU >>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>>> >>>>>> 2014-11-04 7:27 GMT+01:00 jeffrey tan <double....@gmail.com>: >>>>>> >>>>>>> http://stackoverflow.com/questions/26710286/cas-4-does-not-w >>>>>>> ork-properly-with-cas-client-core-3-1-12 >>>>>>> >>>>>>> As title shown, currently i am using CAS 3.5.2, therefore i upgrade >>>>>>> to CAS 4.i just change the user name casuser and mellon to admin admin. >>>>>>> its >>>>>>> a very minimal changes. >>>>>>> therefore when i try to login, for example: >>>>>>> >>>>>>> 1 login, abcd/login >>>>>>> >>>>>>> 2 redirect to cas/login >>>>>>> >>>>>>> 3 after success logon, its redirect to abcd/login?st=xxxxxx with >>>>>>> blank page. >>>>>>> >>>>>>> >>>>>>> do i miss somethings? or i need to change pom.xml? >>>>>>> >>>>>>> below is part of my pom.xml >>>>>>> >>>>>>> <dependency> >>>>>>> <groupId>org.springframework.security</groupId> >>>>>>> <artifactId>spring-security-cas</artifactId> >>>>>>> <version>3.1.0.RELEASE</version> >>>>>>> <scope>compile</scope> >>>>>>> </dependency> >>>>>>> <dependency> >>>>>>> <groupId>org.opensaml</groupId> >>>>>>> <artifactId>opensaml</artifactId> >>>>>>> <version>1.1</version> >>>>>>> <scope>runtime</scope> >>>>>>> </dependency> >>>>>>> <dependency> >>>>>>> <groupId>xml-security</groupId> >>>>>>> <artifactId>xmlsec</artifactId> >>>>>>> <version>1.3.0</version> >>>>>>> <scope>runtime</scope> >>>>>>> </dependency> >>>>>>> <dependency> >>>>>>> <groupId>net.sf.ehcache</groupId> >>>>>>> <artifactId>ehcache</artifactId> >>>>>>> <version>1.6.2</version> >>>>>>> <scope>runtime</scope> >>>>>>> </dependency> >>>>>>> >>>>>>> my error log >>>>>>> >>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of >>>>>>> range: -1 >>>>>>> at java.lang.String.substring(String.java:1911) >>>>>>> at org.jasig.cas.client.validation.Saml11TicketValidator.parseR >>>>>>> esponseFromServer(Saml11TicketValidator.java:50) >>>>>>> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValida >>>>>>> tor.validate(AbstractUrlBasedTicketValidator.java:197) >>>>>>> at org.springframework.security.cas.authentication.CasAuthentic >>>>>>> ationProvider.authenticateNow(CasAuthenticationProvider.java:140) >>>>>>> at org.springframework.security.cas.authentication.CasAuthentic >>>>>>> ationProvider.authenticate(CasAuthenticationProvider.java:126) >>>>>>> at org.springframework.security.authentication.ProviderManager. >>>>>>> authenticate(ProviderManager.java:156) >>>>>>> at org.springframework.security.cas.web.CasAuthenticationFilter. >>>>>>> attemptAuthentication(CasAuthenticationFilter.java:242) >>>>>>> at org.springframework.security.web.authentication.AbstractAuth >>>>>>> enticationProcessingFilter.doFilter(AbstractAuthenticationProcessi >>>>>>> ngFilter.java:194) >>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>> at org.springframework.security.web.authentication.logout.Logou >>>>>>> tFilter.doFilter(LogoutFilter.java:105) >>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>> at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(Si >>>>>>> ngleSignOutFilter.java:65) >>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>> at org.springframework.security.web.context.SecurityContextPers >>>>>>> istenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) >>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>> at org.springframework.security.web.FilterChainProxy.doFilter(F >>>>>>> ilterChainProxy.java:173) >>>>>>> at org.springframework.web.filter.DelegatingFilterProxy.invokeD >>>>>>> elegate(DelegatingFilterProxy.java:346) >>>>>>> at org.springframework.web.filter.DelegatingFilterProxy.doFilte >>>>>>> r(DelegatingFilterProxy.java:259) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:243) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:210) >>>>>>> at sg.com.innovax.opscentralv5.objects.setEncoding.doFilter(set >>>>>>> Encoding.java:100) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:243) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:210) >>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>>> dWrapperValve.java:222) >>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>>> dContextValve.java:123) >>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>>> uthenticatorBase.java:472) >>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>>> stValve.java:171) >>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>>> rtValve.java:99) >>>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>>> lve.java:947) >>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>>> EngineValve.java:118) >>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>>> apter.java:408) >>>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>>> tractHttp11Processor.java:1009) >>>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler. >>>>>>> process(AbstractProtocol.java:589) >>>>>>> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(J >>>>>>> IoEndpoint.java:312) >>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>>> Executor.java:1145) >>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>>> lExecutor.java:615) >>>>>>> at java.lang.Thread.run(Thread.java:722) >>>>>>> >>>>>>> >>>>>>> Therefore i checked the error code,view and breakpoint the source >>>>>>> code(package org.jasig.cas.client.validation;). in >>>>>>> Saml11TicketValidator.parseResponseFromServer, its because the >>>>>>> response result wasnt in expected therefore substring got problems. >>>>>>> this 1 >>>>>>> just exception handling, is not a root cause.**The root cause is in >>>>>>> Saml11TicketValidator retrieveResponseFromServer, why CAS4 Return login >>>>>>> page(in my CAS4, is already login)??? is it a bug?** >>>>>>> >>>>>>> note: my maven dependency is using cas-client-core-3.1.12.jar >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>>>> lel...@gmail.com >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>>> -- >>>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>>> jasig-cas-user...@googlegroups.com >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> -- >>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>> lel...@gmail.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>> jasig-cas-user...@googlegroups.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> -- >>> You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to cas-...@lists.jasig.org as: >> jasig-cas-user...@googlegroups.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- > You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user