Ok I modified timeout and now using the /ps/serviceValidate url I receive this response
- <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas <http://www.yale.edu/tp/cas>*"> - <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> <cas:authenticationSuccess> <cas:user>casuser</cas:user> </cas:authenticationSuccess> </cas:serviceResponse> Attributes aren't in the response. So the problem is with CAS configuration (default) ? -- Federico 2014-11-05 16:11 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: > Hi, > > For security reasons, service tickets cannot be reused and expire shortly > (10s by default). So that must be a *quick* manual testing or you must > change your service ticket lifetime configuration. > > Best regards, > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > 2014-11-05 15:43 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com> > : > >> I left only the AuthenticationFilter and manually testing doesn't work. >> The log after authentication >> >> 15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >> (http--127.0.0.1-8443-1) Granted service ticket [ >> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ >> https://localhost:8443/webappA/index.jsp] for user [casuser] >> 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >> start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] >> 15:39:00,928 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >> (http--127.0.0.1-8443-1) Audit trail record BEGIN >> ============================================================= >> WHO: casuser >> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for >> https://localhost:8443/webappA/index.jsp >> ACTION: SERVICE_TICKET_CREATED >> APPLICATION: CAS >> WHEN: Wed Nov 05 15:39:00 CET 2014 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> >> Then I browse to the url >> https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp >> Server replies: >> >> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >> <http://www.yale.edu/tp/cas>*"> >> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' >> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ >> cas:authenticationFailure> >> </cas:serviceResponse> >> >> And this is the log >> >> 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >> (http--127.0.0.1-8443-1) ServiceTicket [ >> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. >> 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >> start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] >> 15:39:19,027 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >> (http--127.0.0.1-8443-1) Audit trail record BEGIN >> ============================================================= >> WHO: audit:unknown >> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org >> ACTION: SERVICE_TICKET_VALIDATE_FAILED >> APPLICATION: CAS >> WHEN: Wed Nov 05 15:39:19 CET 2014 >> CLIENT IP ADDRESS: 127.0.0.1 >> SERVER IP ADDRESS: 127.0.0.1 >> ============================================================= >> >> I don't really understand why this simple example doesn't work. >> >> >> 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >> >>> Hi, >>> >>> You can use the SAML endpoint, but the new /p3 endpoint is meant to >>> avoid the use of SAML and return the user atributes. >>> >>> Sure it works by testing manually: >>> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? >>> >>> Best regards, >>> >>> >>> >>> Jérôme LELEU >>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>> >>> 2014-11-05 14:50 GMT+01:00 Federico Paparoni < >>> federico.papar...@gmail.com>: >>> >>>> Hi Jérôme, >>>> >>>> I haven't defined/modified anything on the CAS Server. The validation >>>> filter on the webapp is defined so >>>> >>>> <filter> >>>> <filter-name>CAS Validation Filter</filter-name> >>>> >>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>> <init-param> >>>> <param-name>casServerUrlPrefix</param-name> >>>> <param-value>https://localhost:8443/custom-cas >>>> </param-value> >>>> </init-param> >>>> <init-param> >>>> <param-name>service</param-name> >>>> <param-value>https://localhost:8443/webappA/index.jsp >>>> </param-value> >>>> </init-param> >>>> </filter> >>>> >>>> Same result using p3 url. >>>> Maybe I have to enable something in CAS? SAML as suggested by Alberto? >>>> >>>> -- >>>> Federico Paparoni >>>> >>>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni < >>>> federico.papar...@gmail.com>: >>>> >>>>> Hi Jérôme, >>>>> >>>>> I haven't defined/modified anything on the CAS Server. The validation >>>>> filter on the webapp is defined so >>>>> >>>>> <filter> >>>>> <filter-name>CAS Validation Filter</filter-name> >>>>> >>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>> <init-param> >>>>> <param-name>casServerUrlPrefix</param-name> >>>>> <param-value>https://localhost:8443/custom-cas >>>>> </param-value> >>>>> </init-param> >>>>> <init-param> >>>>> <param-name>service</param-name> >>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>> </param-value> >>>>> </init-param> >>>>> </filter> >>>>> >>>>> -- >>>>> Federico Paparoni >>>>> >>>>> >>>>> >>>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>>>> >>>>>> Hi, >>>>>> >>>>>> What's the url of the defined endpoint for the service ticket >>>>>> validator? Did you use the /p3 url? >>>>>> >>>>>> Thanks. >>>>>> Best regards, >>>>>> >>>>>> >>>>>> Jérôme LELEU >>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>>> >>>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <albe...@unex.es>: >>>>>> >>>>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>>>> Federico Paparoni <federico.papar...@gmail.com> wrote: >>>>>>> >>>>>>> > Map attributes = principal.getAttributes(); >>>>>>> > >>>>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>>>> > for (; attributeNames.hasNext();) { >>>>>>> > String attributeName = (String) attributeNames.next(); >>>>>>> > Object attributeValue = attributes.get(attributeName); >>>>>>> > out.println("attributeName:"+attributeName+" >>>>>>> > attributeValue:"+(String)attributeValue); >>>>>>> > } >>>>>>> > >>>>>>> > but the output is only the username. I think that in default >>>>>>> configuration >>>>>>> > it should show the attributes defined in a static map but it >>>>>>> doesn't work. >>>>>>> > Is there something I have to enable? >>>>>>> >>>>>>> I did roughly the same, but only got that code working after >>>>>>> enabling SAML >>>>>>> attribute release. >>>>>>> >>>>>>> -- >>>>>>> Alberto Cabello Sánchez >>>>>>> <albe...@unex.es> >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>>>> lel...@gmail.com >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Federico Paparoni >>>> >>>> Blog -- http://fpaparoni.wordpress.com/ >>>> Twitter -- http://twitter.com/fpaparoni >>>> >>>> >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> lel...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> federico.papar...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> >> -- >> Federico Paparoni >> >> Blog -- http://fpaparoni.wordpress.com/ >> Twitter -- http://twitter.com/fpaparoni >> >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: > federico.papar...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Federico Paparoni Blog -- http://fpaparoni.wordpress.com/ Twitter -- http://twitter.com/fpaparoni -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
