I left only the AuthenticationFilter and manually testing doesn't work. The log after authentication
15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] (http--127.0.0.1-8443-1) Granted service ticket [ ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ https://localhost:8443/webappA/index.jsp] for user [casuser] 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] 15:39:00,928 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] (http--127.0.0.1-8443-1) Audit trail record BEGIN ============================================================= WHO: casuser WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for https://localhost:8443/webappA/index.jsp ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Wed Nov 05 15:39:00 CET 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= Then I browse to the url https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp Server replies: <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas <http://www.yale.edu/tp/cas>*"> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ cas:authenticationFailure> </cas:serviceResponse> And this is the log 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] (http--127.0.0.1-8443-1) ServiceTicket [ ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] 15:39:19,027 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] (http--127.0.0.1-8443-1) Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Wed Nov 05 15:39:19 CET 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= I don't really understand why this simple example doesn't work. 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: > Hi, > > You can use the SAML endpoint, but the new /p3 endpoint is meant to avoid > the use of SAML and return the user atributes. > > Sure it works by testing manually: > http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? > > Best regards, > > > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > 2014-11-05 14:50 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com> > : > >> Hi Jérôme, >> >> I haven't defined/modified anything on the CAS Server. The validation >> filter on the webapp is defined so >> >> <filter> >> <filter-name>CAS Validation Filter</filter-name> >> >> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> <init-param> >> <param-name>casServerUrlPrefix</param-name> >> <param-value>https://localhost:8443/custom-cas</param-value> >> </init-param> >> <init-param> >> <param-name>service</param-name> >> <param-value>https://localhost:8443/webappA/index.jsp >> </param-value> >> </init-param> >> </filter> >> >> Same result using p3 url. >> Maybe I have to enable something in CAS? SAML as suggested by Alberto? >> >> -- >> Federico Paparoni >> >> 2014-11-05 12:07 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com >> >: >> >>> Hi Jérôme, >>> >>> I haven't defined/modified anything on the CAS Server. The validation >>> filter on the webapp is defined so >>> >>> <filter> >>> <filter-name>CAS Validation Filter</filter-name> >>> >>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>> <init-param> >>> <param-name>casServerUrlPrefix</param-name> >>> <param-value>https://localhost:8443/custom-cas</param-value> >>> </init-param> >>> <init-param> >>> <param-name>service</param-name> >>> <param-value>https://localhost:8443/webappA/index.jsp >>> </param-value> >>> </init-param> >>> </filter> >>> >>> -- >>> Federico Paparoni >>> >>> >>> >>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>> >>>> Hi, >>>> >>>> What's the url of the defined endpoint for the service ticket >>>> validator? Did you use the /p3 url? >>>> >>>> Thanks. >>>> Best regards, >>>> >>>> >>>> Jérôme LELEU >>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>> >>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <albe...@unex.es>: >>>> >>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>> Federico Paparoni <federico.papar...@gmail.com> wrote: >>>>> >>>>> > Map attributes = principal.getAttributes(); >>>>> > >>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>> > for (; attributeNames.hasNext();) { >>>>> > String attributeName = (String) attributeNames.next(); >>>>> > Object attributeValue = attributes.get(attributeName); >>>>> > out.println("attributeName:"+attributeName+" >>>>> > attributeValue:"+(String)attributeValue); >>>>> > } >>>>> > >>>>> > but the output is only the username. I think that in default >>>>> configuration >>>>> > it should show the attributes defined in a static map but it doesn't >>>>> work. >>>>> > Is there something I have to enable? >>>>> >>>>> I did roughly the same, but only got that code working after enabling >>>>> SAML >>>>> attribute release. >>>>> >>>>> -- >>>>> Alberto Cabello Sánchez >>>>> <albe...@unex.es> >>>>> >>>>> -- >>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>> lel...@gmail.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> >>> >>> >> >> >> -- >> Federico Paparoni >> >> Blog -- http://fpaparoni.wordpress.com/ >> Twitter -- http://twitter.com/fpaparoni >> >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > federico.papar...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Federico Paparoni Blog -- http://fpaparoni.wordpress.com/ Twitter -- http://twitter.com/fpaparoni -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user