Hi, It seems so: did you configure the ignoreAttributes flag for your services (it means all attributes must be returned)?
Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-11-06 9:46 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com>: > Ok I modified timeout and now using the /ps/serviceValidate url I receive > this response > > - > <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> > <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas > <http://www.yale.edu/tp/cas>*"> > - > <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> > <cas:authenticationSuccess> > <cas:user>casuser</cas:user> > </cas:authenticationSuccess> > </cas:serviceResponse> > > Attributes aren't in the response. So the problem is with CAS > configuration (default) ? > > -- > > Federico > > > 2014-11-05 16:11 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: > >> Hi, >> >> For security reasons, service tickets cannot be reused and expire shortly >> (10s by default). So that must be a *quick* manual testing or you must >> change your service ticket lifetime configuration. >> >> Best regards, >> >> Jérôme LELEU >> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >> >> 2014-11-05 15:43 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com >> >: >> >>> I left only the AuthenticationFilter and manually testing doesn't work. >>> The log after authentication >>> >>> 15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>> (http--127.0.0.1-8443-1) Granted service ticket [ >>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ >>> https://localhost:8443/webappA/index.jsp] for user [casuser] >>> 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>> start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] >>> 15:39:00,928 INFO >>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>> ============================================================= >>> WHO: casuser >>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for >>> https://localhost:8443/webappA/index.jsp >>> ACTION: SERVICE_TICKET_CREATED >>> APPLICATION: CAS >>> WHEN: Wed Nov 05 15:39:00 CET 2014 >>> CLIENT IP ADDRESS: 127.0.0.1 >>> SERVER IP ADDRESS: 127.0.0.1 >>> ============================================================= >>> >>> >>> Then I browse to the url >>> https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp >>> Server replies: >>> >>> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >>> <http://www.yale.edu/tp/cas>*"> >>> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' >>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ >>> cas:authenticationFailure> >>> </cas:serviceResponse> >>> >>> And this is the log >>> >>> 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>> (http--127.0.0.1-8443-1) ServiceTicket [ >>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. >>> 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>> start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] >>> 15:39:19,027 INFO >>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>> ============================================================= >>> WHO: audit:unknown >>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org >>> ACTION: SERVICE_TICKET_VALIDATE_FAILED >>> APPLICATION: CAS >>> WHEN: Wed Nov 05 15:39:19 CET 2014 >>> CLIENT IP ADDRESS: 127.0.0.1 >>> SERVER IP ADDRESS: 127.0.0.1 >>> ============================================================= >>> >>> I don't really understand why this simple example doesn't work. >>> >>> >>> 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>> >>>> Hi, >>>> >>>> You can use the SAML endpoint, but the new /p3 endpoint is meant to >>>> avoid the use of SAML and return the user atributes. >>>> >>>> Sure it works by testing manually: >>>> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? >>>> >>>> Best regards, >>>> >>>> >>>> >>>> Jérôme LELEU >>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>> >>>> 2014-11-05 14:50 GMT+01:00 Federico Paparoni < >>>> federico.papar...@gmail.com>: >>>> >>>>> Hi Jérôme, >>>>> >>>>> I haven't defined/modified anything on the CAS Server. The validation >>>>> filter on the webapp is defined so >>>>> >>>>> <filter> >>>>> <filter-name>CAS Validation Filter</filter-name> >>>>> >>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>> <init-param> >>>>> <param-name>casServerUrlPrefix</param-name> >>>>> <param-value>https://localhost:8443/custom-cas >>>>> </param-value> >>>>> </init-param> >>>>> <init-param> >>>>> <param-name>service</param-name> >>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>> </param-value> >>>>> </init-param> >>>>> </filter> >>>>> >>>>> Same result using p3 url. >>>>> Maybe I have to enable something in CAS? SAML as suggested by Alberto? >>>>> >>>>> -- >>>>> Federico Paparoni >>>>> >>>>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni < >>>>> federico.papar...@gmail.com>: >>>>> >>>>>> Hi Jérôme, >>>>>> >>>>>> I haven't defined/modified anything on the CAS Server. The validation >>>>>> filter on the webapp is defined so >>>>>> >>>>>> <filter> >>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>> >>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>> <init-param> >>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>> <param-value>https://localhost:8443/custom-cas >>>>>> </param-value> >>>>>> </init-param> >>>>>> <init-param> >>>>>> <param-name>service</param-name> >>>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>>> </param-value> >>>>>> </init-param> >>>>>> </filter> >>>>>> >>>>>> -- >>>>>> Federico Paparoni >>>>>> >>>>>> >>>>>> >>>>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> What's the url of the defined endpoint for the service ticket >>>>>>> validator? Did you use the /p3 url? >>>>>>> >>>>>>> Thanks. >>>>>>> Best regards, >>>>>>> >>>>>>> >>>>>>> Jérôme LELEU >>>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: >>>>>>> @leleuj >>>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>>>> >>>>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <albe...@unex.es> >>>>>>> : >>>>>>> >>>>>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>>>>> Federico Paparoni <federico.papar...@gmail.com> wrote: >>>>>>>> >>>>>>>> > Map attributes = principal.getAttributes(); >>>>>>>> > >>>>>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>>>>> > for (; attributeNames.hasNext();) { >>>>>>>> > String attributeName = (String) attributeNames.next(); >>>>>>>> > Object attributeValue = attributes.get(attributeName); >>>>>>>> > out.println("attributeName:"+attributeName+" >>>>>>>> > attributeValue:"+(String)attributeValue); >>>>>>>> > } >>>>>>>> > >>>>>>>> > but the output is only the username. I think that in default >>>>>>>> configuration >>>>>>>> > it should show the attributes defined in a static map but it >>>>>>>> doesn't work. >>>>>>>> > Is there something I have to enable? >>>>>>>> >>>>>>>> I did roughly the same, but only got that code working after >>>>>>>> enabling SAML >>>>>>>> attribute release. >>>>>>>> >>>>>>>> -- >>>>>>>> Alberto Cabello Sánchez >>>>>>>> <albe...@unex.es> >>>>>>>> >>>>>>>> -- >>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>>>>> lel...@gmail.com >>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Federico Paparoni >>>>> >>>>> Blog -- http://fpaparoni.wordpress.com/ >>>>> Twitter -- http://twitter.com/fpaparoni >>>>> >>>>> >>>>> >>>>> -- >>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>> lel...@gmail.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> federico.papar...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> >>> >>> -- >>> Federico Paparoni >>> >>> Blog -- http://fpaparoni.wordpress.com/ >>> Twitter -- http://twitter.com/fpaparoni >>> >>> >>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> lel...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> federico.papar...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > > -- > Federico Paparoni > > Blog -- http://fpaparoni.wordpress.com/ > Twitter -- http://twitter.com/fpaparoni > > > > -- > You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
