I didn't modify anything on CAS configuration, using maven overlay I only configured an external cas.properteis. The deployerConfigContext.xml is this http://pastebin.com/8NS6g3Zv Where I have to put ignoreAttributes flag?
-- Federico Paparoni 2014-11-06 10:05 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: > Hi, > > It seems so: did you configure the ignoreAttributes flag for your services > (it means all attributes must be returned)? > > Thanks. > Best regards, > > > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > 2014-11-06 9:46 GMT+01:00 Federico Paparoni <federico.papar...@gmail.com>: > >> Ok I modified timeout and now using the /ps/serviceValidate url I receive >> this response >> >> - >> <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> >> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >> <http://www.yale.edu/tp/cas>*"> >> - >> <https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-1-IDkj4sGbolfMvPNdqzgI-cas01.example.org&service=https://localhost:8443/webappA/index.jsp#> >> <cas:authenticationSuccess> >> <cas:user>casuser</cas:user> >> </cas:authenticationSuccess> >> </cas:serviceResponse> >> >> Attributes aren't in the response. So the problem is with CAS >> configuration (default) ? >> >> -- >> >> Federico >> >> >> 2014-11-05 16:11 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >> >>> Hi, >>> >>> For security reasons, service tickets cannot be reused and expire >>> shortly (10s by default). So that must be a *quick* manual testing or >>> you must change your service ticket lifetime configuration. >>> >>> Best regards, >>> >>> Jérôme LELEU >>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>> >>> 2014-11-05 15:43 GMT+01:00 Federico Paparoni < >>> federico.papar...@gmail.com>: >>> >>>> I left only the AuthenticationFilter and manually testing doesn't work. >>>> The log after authentication >>>> >>>> 15:39:00,925 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>>> (http--127.0.0.1-8443-1) Granted service ticket [ >>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] for service [ >>>> https://localhost:8443/webappA/index.jsp] for user [casuser] >>>> 15:39:00,926 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>>> start[1415198340921] time[5] tag[GRANT_SERVICE_TICKET] >>>> 15:39:00,928 INFO >>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>>> ============================================================= >>>> WHO: casuser >>>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org for >>>> https://localhost:8443/webappA/index.jsp >>>> ACTION: SERVICE_TICKET_CREATED >>>> APPLICATION: CAS >>>> WHEN: Wed Nov 05 15:39:00 CET 2014 >>>> CLIENT IP ADDRESS: 127.0.0.1 >>>> SERVER IP ADDRESS: 127.0.0.1 >>>> ============================================================= >>>> >>>> >>>> Then I browse to the url >>>> https://localhost:8443/custom-cas/p3/serviceValidate?ticket=ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org&service=https://localhost:8443/webappA/index.jsp >>>> Server replies: >>>> >>>> <cas:serviceResponse xmlns:cas="*http://www.yale.edu/tp/cas >>>> <http://www.yale.edu/tp/cas>*"> >>>> <cas:authenticationFailure code="*INVALID_TICKET*">Ticket ' >>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org' not recognized</ >>>> cas:authenticationFailure> >>>> </cas:serviceResponse> >>>> >>>> And this is the log >>>> >>>> 15:39:19,024 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] >>>> (http--127.0.0.1-8443-1) ServiceTicket [ >>>> ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org] has expired. >>>> 15:39:19,025 INFO [org.perf4j.TimingLogger] (http--127.0.0.1-8443-1) >>>> start[1415198359022] time[3] tag[VALIDATE_SERVICE_TICKET] >>>> 15:39:19,027 INFO >>>> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] >>>> (http--127.0.0.1-8443-1) Audit trail record BEGIN >>>> ============================================================= >>>> WHO: audit:unknown >>>> WHAT: ST-10-bB15nrEOEfxcZcjzVLPC-cas01.example.org >>>> ACTION: SERVICE_TICKET_VALIDATE_FAILED >>>> APPLICATION: CAS >>>> WHEN: Wed Nov 05 15:39:19 CET 2014 >>>> CLIENT IP ADDRESS: 127.0.0.1 >>>> SERVER IP ADDRESS: 127.0.0.1 >>>> ============================================================= >>>> >>>> I don't really understand why this simple example doesn't work. >>>> >>>> >>>> 2014-11-05 15:16 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>>> >>>>> Hi, >>>>> >>>>> You can use the SAML endpoint, but the new /p3 endpoint is meant to >>>>> avoid the use of SAML and return the user atributes. >>>>> >>>>> Sure it works by testing manually: >>>>> http://host/yourcas/p3/serviceValidate?ticket=ST-xxx&service=yyy? >>>>> >>>>> Best regards, >>>>> >>>>> >>>>> >>>>> Jérôme LELEU >>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj >>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org >>>>> >>>>> 2014-11-05 14:50 GMT+01:00 Federico Paparoni < >>>>> federico.papar...@gmail.com>: >>>>> >>>>>> Hi Jérôme, >>>>>> >>>>>> I haven't defined/modified anything on the CAS Server. The validation >>>>>> filter on the webapp is defined so >>>>>> >>>>>> <filter> >>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>> >>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>> <init-param> >>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>> <param-value>https://localhost:8443/custom-cas >>>>>> </param-value> >>>>>> </init-param> >>>>>> <init-param> >>>>>> <param-name>service</param-name> >>>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>>> </param-value> >>>>>> </init-param> >>>>>> </filter> >>>>>> >>>>>> Same result using p3 url. >>>>>> Maybe I have to enable something in CAS? SAML as suggested by Alberto? >>>>>> >>>>>> -- >>>>>> Federico Paparoni >>>>>> >>>>>> 2014-11-05 12:07 GMT+01:00 Federico Paparoni < >>>>>> federico.papar...@gmail.com>: >>>>>> >>>>>>> Hi Jérôme, >>>>>>> >>>>>>> I haven't defined/modified anything on the CAS Server. The >>>>>>> validation filter on the webapp is defined so >>>>>>> >>>>>>> <filter> >>>>>>> <filter-name>CAS Validation Filter</filter-name> >>>>>>> >>>>>>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >>>>>>> <init-param> >>>>>>> <param-name>casServerUrlPrefix</param-name> >>>>>>> <param-value>https://localhost:8443/custom-cas >>>>>>> </param-value> >>>>>>> </init-param> >>>>>>> <init-param> >>>>>>> <param-name>service</param-name> >>>>>>> <param-value>https://localhost:8443/webappA/index.jsp >>>>>>> </param-value> >>>>>>> </init-param> >>>>>>> </filter> >>>>>>> >>>>>>> -- >>>>>>> Federico Paparoni >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2014-11-05 12:01 GMT+01:00 Jérôme LELEU <lel...@gmail.com>: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> What's the url of the defined endpoint for the service ticket >>>>>>>> validator? Did you use the /p3 url? >>>>>>>> >>>>>>>> Thanks. >>>>>>>> Best regards, >>>>>>>> >>>>>>>> >>>>>>>> Jérôme LELEU >>>>>>>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: >>>>>>>> @leleuj >>>>>>>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: >>>>>>>> www.pac4j.org >>>>>>>> >>>>>>>> 2014-11-05 11:42 GMT+01:00 Alberto Cabello Sánchez <albe...@unex.es >>>>>>>> >: >>>>>>>> >>>>>>>>> On Wed, 05 Nov 2014 11:12:05 +0100 >>>>>>>>> Federico Paparoni <federico.papar...@gmail.com> wrote: >>>>>>>>> >>>>>>>>> > Map attributes = principal.getAttributes(); >>>>>>>>> > >>>>>>>>> > Iterator attributeNames = attributes.keySet().iterator(); >>>>>>>>> > for (; attributeNames.hasNext();) { >>>>>>>>> > String attributeName = (String) attributeNames.next(); >>>>>>>>> > Object attributeValue = attributes.get(attributeName); >>>>>>>>> > out.println("attributeName:"+attributeName+" >>>>>>>>> > attributeValue:"+(String)attributeValue); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > but the output is only the username. I think that in default >>>>>>>>> configuration >>>>>>>>> > it should show the attributes defined in a static map but it >>>>>>>>> doesn't work. >>>>>>>>> > Is there something I have to enable? >>>>>>>>> >>>>>>>>> I did roughly the same, but only got that code working after >>>>>>>>> enabling SAML >>>>>>>>> attribute release. >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Alberto Cabello Sánchez >>>>>>>>> <albe...@unex.es> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>>>>>> lel...@gmail.com >>>>>>>>> To unsubscribe, change settings or access archives, see >>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Federico Paparoni >>>>>> >>>>>> Blog -- http://fpaparoni.wordpress.com/ >>>>>> Twitter -- http://twitter.com/fpaparoni >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>>> lel...@gmail.com >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> >>>>> -- >>>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>>> federico.papar...@gmail.com >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> >>>> >>>> -- >>>> Federico Paparoni >>>> >>>> Blog -- http://fpaparoni.wordpress.com/ >>>> Twitter -- http://twitter.com/fpaparoni >>>> >>>> >>>> >>>> -- >>>> You are currently subscribed to cas-user@lists.jasig.org as: >>>> lel...@gmail.com >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to cas-user@lists.jasig.org as: >>> federico.papar...@gmail.com >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> >> -- >> Federico Paparoni >> >> Blog -- http://fpaparoni.wordpress.com/ >> Twitter -- http://twitter.com/fpaparoni >> >> >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to cas-user@lists.jasig.org as: > federico.papar...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
