hahahaha! that was my post :)
On Tuesday, November 4, 2014 8:50:06 PM UTC+8, Jérôme LELEU wrote: > > Hi, > > Yesterday, I had the same question on stack overflow and updated: > http://jasig.github.io/cas/development/protocol/CAS-Protocol.html. > We might have a better documentation somewhere, but I haven't been able to > find it back. > Best regards > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > 2014-11-04 10:28 GMT+01:00 jeffrey tan <double....@gmail.com <javascript:> > >: > >> Hi Jérôme LELEU, >> >> Now i understand, do u have any link for about p3 endpoint which i can >> refer and study? >> >> Best regards, >> Jeffrey. >> >> On Tuesday, November 4, 2014 5:18:32 PM UTC+8, Jérôme LELEU wrote: >>> >>> Hi, >>> >>> SAML 1.1 support was primarly created to retrieve user attributes, which >>> can now be done using the /p3 endpoint. So SAML is not necessary by default >>> in CAS 4.0 and was therefore made optional. >>> >>> Best regards, >>> >>> >>> Jérôme LELEU >>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>> >>> 2014-11-04 10:14 GMT+01:00 jeffrey tan <double....@gmail.com>: >>> >>>> Hi Jérôme LELEU, >>>> >>>> Work like a charm! thanks for ur help! >>>> >>>> But why does CAS4 does not auto enable this? since 3.5.2 is >>>> enabled....... >>>> >>>> Anyway thanks! >>>> >>>> Best regards, >>>> Jeffrey. >>>> >>>> >>>> On Tuesday, November 4, 2014 4:33:00 PM UTC+8, Jérôme LELEU wrote: >>>>> >>>>> Hi, >>>>> >>>>> OK. I see. If you get the login page instead of the SAML response, I >>>>> guess that the SAML support is not enabled and indeed, it is not by >>>>> default >>>>> in CAS 4.0. >>>>> You need to follow this documentation: http://jasig.gi >>>>> thub.io/cas/4.0.0/protocol/SAML-Protocol.html, part "SAML 1.1". >>>>> >>>>> Best regards, >>>>> >>>>> >>>>> Jérôme LELEU >>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>> >>>>> 2014-11-04 9:19 GMT+01:00 jeffrey tan <double....@gmail.com>: >>>>> >>>>>> hi, >>>>>> >>>>>> is u again :) >>>>>> i not yet try 3.2.5.RELEASE, but i did try >>>>>> >>>>>> 1. to check the saml response, as i said, i breakpoint to view the >>>>>> return response. its return me html of my login page. >>>>>> >>>>>> 2. i use cas-client-core latest version from maven, still same result. >>>>>> >>>>>> 3. is not i dont want to use 3.2.5.RELEASE, just when i upgrade, i >>>>>> met some exceptions(will try to solve it) >>>>>> >>>>>> >>>>>> On Tuesday, November 4, 2014 3:01:37 PM UTC+8, Jérôme LELEU wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> Did you try with a more recent CAS client by Spring Security >>>>>>> (3.2.5.RELEASE)? Did you enable DEBUG logs (org.jasig) on client side >>>>>>> to >>>>>>> see the SAML response returned by the CAS server? >>>>>>> >>>>>>> Thanks. >>>>>>> Best regards, >>>>>>> >>>>>>> Jérôme LELEU >>>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: >>>>>>> @leleuj >>>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>>>> >>>>>>> 2014-11-04 7:27 GMT+01:00 jeffrey tan <double....@gmail.com>: >>>>>>> >>>>>>>> http://stackoverflow.com/questions/26710286/cas-4-does-not-w >>>>>>>> ork-properly-with-cas-client-core-3-1-12 >>>>>>>> >>>>>>>> As title shown, currently i am using CAS 3.5.2, therefore i upgrade >>>>>>>> to CAS 4.i just change the user name casuser and mellon to admin >>>>>>>> admin. its >>>>>>>> a very minimal changes. >>>>>>>> therefore when i try to login, for example: >>>>>>>> >>>>>>>> 1 login, abcd/login >>>>>>>> >>>>>>>> 2 redirect to cas/login >>>>>>>> >>>>>>>> 3 after success logon, its redirect to abcd/login?st=xxxxxx with >>>>>>>> blank page. >>>>>>>> >>>>>>>> >>>>>>>> do i miss somethings? or i need to change pom.xml? >>>>>>>> >>>>>>>> below is part of my pom.xml >>>>>>>> >>>>>>>> <dependency> >>>>>>>> <groupId>org.springframework.security</groupId> >>>>>>>> <artifactId>spring-security-cas</artifactId> >>>>>>>> <version>3.1.0.RELEASE</version> >>>>>>>> <scope>compile</scope> >>>>>>>> </dependency> >>>>>>>> <dependency> >>>>>>>> <groupId>org.opensaml</groupId> >>>>>>>> <artifactId>opensaml</artifactId> >>>>>>>> <version>1.1</version> >>>>>>>> <scope>runtime</scope> >>>>>>>> </dependency> >>>>>>>> <dependency> >>>>>>>> <groupId>xml-security</groupId> >>>>>>>> <artifactId>xmlsec</artifactId> >>>>>>>> <version>1.3.0</version> >>>>>>>> <scope>runtime</scope> >>>>>>>> </dependency> >>>>>>>> <dependency> >>>>>>>> <groupId>net.sf.ehcache</groupId> >>>>>>>> <artifactId>ehcache</artifactId> >>>>>>>> <version>1.6.2</version> >>>>>>>> <scope>runtime</scope> >>>>>>>> </dependency> >>>>>>>> >>>>>>>> my error log >>>>>>>> >>>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of >>>>>>>> range: -1 >>>>>>>> at java.lang.String.substring(String.java:1911) >>>>>>>> at org.jasig.cas.client.validation.Saml11TicketValidator.parseR >>>>>>>> esponseFromServer(Saml11TicketValidator.java:50) >>>>>>>> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValida >>>>>>>> tor.validate(AbstractUrlBasedTicketValidator.java:197) >>>>>>>> at org.springframework.security.cas.authentication.CasAuthentic >>>>>>>> ationProvider.authenticateNow(CasAuthenticationProvider.java:140) >>>>>>>> at org.springframework.security.cas.authentication.CasAuthentic >>>>>>>> ationProvider.authenticate(CasAuthenticationProvider.java:126) >>>>>>>> at org.springframework.security.authentication.ProviderManager. >>>>>>>> authenticate(ProviderManager.java:156) >>>>>>>> at org.springframework.security.cas.web.CasAuthenticationFilter >>>>>>>> .attemptAuthentication(CasAuthenticationFilter.java:242) >>>>>>>> at org.springframework.security.web.authentication.AbstractAuth >>>>>>>> enticationProcessingFilter.doFilter(AbstractAuthenticationProcessi >>>>>>>> ngFilter.java:194) >>>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>>> at org.springframework.security.web.authentication.logout.Logou >>>>>>>> tFilter.doFilter(LogoutFilter.java:105) >>>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>>> at org.jasig.cas.client.session.SingleSignOutFilter.doFilter(Si >>>>>>>> ngleSignOutFilter.java:65) >>>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>>> at org.springframework.security.web.context.SecurityContextPers >>>>>>>> istenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) >>>>>>>> at org.springframework.security.web.FilterChainProxy$VirtualFil >>>>>>>> terChain.doFilter(FilterChainProxy.java:323) >>>>>>>> at org.springframework.security.web.FilterChainProxy.doFilter(F >>>>>>>> ilterChainProxy.java:173) >>>>>>>> at org.springframework.web.filter.DelegatingFilterProxy.invokeD >>>>>>>> elegate(DelegatingFilterProxy.java:346) >>>>>>>> at org.springframework.web.filter.DelegatingFilterProxy.doFilte >>>>>>>> r(DelegatingFilterProxy.java:259) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:243) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:210) >>>>>>>> at sg.com.innovax.opscentralv5.objects.setEncoding.doFilter(set >>>>>>>> Encoding.java:100) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:243) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:210) >>>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>>>> dWrapperValve.java:222) >>>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>>>> dContextValve.java:123) >>>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>>>> uthenticatorBase.java:472) >>>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>>>> stValve.java:171) >>>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>>>> rtValve.java:99) >>>>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>>>> lve.java:947) >>>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>>>> EngineValve.java:118) >>>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>>>> apter.java:408) >>>>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>>>> tractHttp11Processor.java:1009) >>>>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>>>>> .process(AbstractProtocol.java:589) >>>>>>>> at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(J >>>>>>>> IoEndpoint.java:312) >>>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>>>> Executor.java:1145) >>>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>>>> lExecutor.java:615) >>>>>>>> at java.lang.Thread.run(Thread.java:722) >>>>>>>> >>>>>>>> >>>>>>>> Therefore i checked the error code,view and breakpoint the source >>>>>>>> code(package org.jasig.cas.client.validation;). in >>>>>>>> Saml11TicketValidator.parseResponseFromServer, its because the >>>>>>>> response result wasnt in expected therefore substring got problems. >>>>>>>> this 1 >>>>>>>> just exception handling, is not a root cause.**The root cause is in >>>>>>>> Saml11TicketValidator retrieveResponseFromServer, why CAS4 Return >>>>>>>> login >>>>>>>> page(in my CAS4, is already login)??? is it a bug?** >>>>>>>> >>>>>>>> note: my maven dependency is using cas-client-core-3.1.12.jar >>>>>>>> >>>>>>>> -- >>>>>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>>>>> lel...@gmail.com >>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>>>> jasig-cas-user...@googlegroups.com >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> -- >>>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>>> lel...@gmail.com >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>>> jasig-cas-user...@googlegroups.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> -- >>>> You are currently subscribed to cas-...@lists.jasig.org as: >>>> lel...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to cas-...@lists.jasig.org as: >>> jasig-cas-user...@googlegroups.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> -- >> You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: >> lel...@gmail.com <javascript:> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-...@lists.jasig.org <javascript:> as: > jasig-cas-user...@googlegroups.com <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
