Re: [cas-user] Demo Site
have you checked yet cas.log? What CAS version do you use and on what environment (OS, Java version, ...)? HTH Michael Am 19.05.14 02:27, schrieb Assil: Hello, I'm having trouble with the demo. After deploying the war to the server and going to the login page, I see the login form, however identical username and passwords as specified by the install guide seem to get me nowhere, I keep getting : invalid credentials. Do you have any idea of what could be wrong ? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Demo Site
Thank you guys for your replies, I'm using the v4.0 indeed. I'm new to cas so I didn't know where else to look other than the install notes. Thanks again. Good day! On May 19, 2014 8:54 AM, Jérôme LELEU lel...@gmail.com wrote: Hi, Indeed, it depends on the CAS server version. In the latest CAS server v4.0, the login equals password handler is no more configured. There is a pre-defined login/pwd: https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml#L107 . Best regards, Jérôme 2014-05-19 8:56 GMT+02:00 Michael Wechner michael.wech...@wyona.com: have you checked yet cas.log? What CAS version do you use and on what environment (OS, Java version, ...)? HTH Michael Am 19.05.14 02:27, schrieb Assil: Hello, I'm having trouble with the demo. After deploying the war to the server and going to the login page, I see the login form, however identical username and passwords as specified by the install guide seem to get me nowhere, I keep getting : invalid credentials. Do you have any idea of what could be wrong ? -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: as...@wawneeds.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Force re-authentication programmatically
Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisniki...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Nope... still getting the following error: SEVERE: Servlet.service() for servlet [accounts] in context with path [] threw exception org.pac4j.core.exception.TechnicalException: org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-907-DNtEbdyNP0br94K6dpfQsdfasdfasdf' does not match supplied service. The original service was 'http://127.0.0.1:8080/details/callback?client_name=CasClient' and the supplied service was 'http://127.0.0.1:8080/callback?client_name=CasClient'. How can I get rid of the ticket? On Monday, May 19, 2014 10:06:54 AM UTC+1, chris nikitas wrote: I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cas-user-garchive-84...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Java 8?
Hi, I've made a new Java 8 build test on the master (4.1.0-SNAPSHOT) and I have a new error: some basic classes cannot be resolved (for ex: The import java.util.Arrays cannot be resolved) due mostly to indirectly referenced from required .class files. Do you have the same problem? Thanks. Best regards, Jérôme 2014-05-16 1:32 GMT+02:00 Scott Battaglia scott.battag...@gmail.com: I built from the command line using the latest code (not the 4.0.x branch). I'll try again later. On Tue, May 13, 2014 at 11:14 AM, Tom Poage tfpo...@ucdavis.edu wrote: On May 12, 2014, at 7:59 PM, Scott Battaglia scott.battag...@gmail.com wrote: I just tried building and running it locally. I was able to do so though I didn't do extensive testing. Thank you! Tried to build myself and got e.g. [INFO] --- aspectj-maven-plugin:1.4:compile (default) @ cas-server-core --- [WARNING] bad version number found in .../.m2/repository/org/aspectj/aspectjrt/1.7.2/aspectjrt-1.7.2.jar expected 1.6.11 found 1.7.2 org.aspectj.apache.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 15 at org.aspectj.apache.bcel.classfile.Constant.readConstant(Constant.java:133) at org.aspectj.apache.bcel.classfile.ConstantPool.init(ConstantPool.java:45) Any attempts to resolve only made things worse. So something lurking in there. Started to dig, but eventually had to move on to other priorities. Did you build with maven or Eclipse? (versions?) Tom. -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Sorry about that! So the web flow is as follows. User navigates to a secure resource and is automatically redirected to the CAS login page. Upon successful login, the user is redirected to the original page he was trying to access. During authentication, my app is talking to an external app that provides me with a token that expires after some time. Usually this third party token will expire sooner than the CAS session. When this happens, I want to force the user to the CAS login page, so they can provide their credentials again and retrieve another new token from the external service. This needs to be done programmatically since I check in the code whether that third party token has expired or not. Does this make sense? On Monday, May 19, 2014 11:12:29 AM UTC+1, Jérôme LELEU wrote: Hi, Oh! I see you are using pac4j as a client. You could have used the appropriate mailing-list: https://groups.google.com/forum/?fromgroups#!forum/pac4j-users. Would you mind elaborating a little more your web flow? Thanks. Best regards, Jérôme 2014-05-19 11:34 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Nope... still getting the following error: SEVERE: Servlet.service() for servlet [accounts] in context with path [] threw exception org.pac4j.core.exception.TechnicalException: org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-907-DNtEbdyNP0br94K6dpfQsdfasdfasdf' does not match supplied service. The original service was ' http://127.0.0.1:8080/details/callback?client_name=CasClient' and the supplied service was ' http://127.0.0.1:8080/callback?client_name=CasClient'. How can I get rid of the ticket? On Monday, May 19, 2014 10:06:54 AM UTC+1, chris nikitas wrote: I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http:// myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: cas-user-ga...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisniki...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http:// myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Yes, so my original url is http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http:// myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
OK. I see, typo problem: not ?renew=true, but renew=true... 2014-05-19 12:47 GMT+02:00 chris nikitas chrisniki...@gmail.com: Yes, so my original url is http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http://myse rvice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Dooh!!! Of course... thanks for that! I am getting the redirection now... however when I end up to my final URL, I have the ticket on the url. Is there a way to remove that? On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote: OK. I see, typo problem: not ?renew=true, but renew=true... 2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Yes, so my original url is http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http://myse rvice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi, If you re-authenticate in your app, you will receive a new ST to access to your app, it's the normal flow of the CAS protocol. What would you expect as a behaviour? Thanks. Best regards, Jérôme 2014-05-19 13:00 GMT+02:00 chris nikitas chrisniki...@gmail.com: Dooh!!! Of course... thanks for that! I am getting the redirection now... however when I end up to my final URL, I have the ticket on the url. Is there a way to remove that? On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote: OK. I see, typo problem: not ?renew=true, but renew=true... 2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com: Yes, so my original url is http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123: 8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=trueticket=ST-1095- 6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http://myse rvice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi Jerome, I am happy with the re-authentication. I was just talking about the ticket on the actual url. On Monday, May 19, 2014 4:07:11 PM UTC+1, Jérôme LELEU wrote: Hi, If you re-authenticate in your app, you will receive a new ST to access to your app, it's the normal flow of the CAS protocol. What would you expect as a behaviour? Thanks. Best regards, Jérôme 2014-05-19 13:00 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Dooh!!! Of course... thanks for that! I am getting the redirection now... however when I end up to my final URL, I have the ticket on the url. Is there a way to remove that? On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote: OK. I see, typo problem: not ?renew=true, but renew=true... 2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com: Yes, so my original url is http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123: 8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=trueticket=ST-1095- 6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as:
RE: [cas-user] Force re-authentication programmatically
You???ll need to programmatically rewrite the url. Certain, if not all official CAS clients do that for you, but it seems like you???re not using one. From: chris nikitas [mailto:chrisniki...@gmail.com] Sent: Monday, May 19, 2014 8:14 AM To: cas-user@lists.jasig.org Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org Subject: Re: [cas-user] Force re-authentication programmatically Hi Jerome, I am happy with the re-authentication. I was just talking about the ticket on the actual url. On Monday, May 19, 2014 4:07:11 PM UTC+1, J??r??me LELEU wrote: Hi, If you re-authenticate in your app, you will receive a new ST to access to your app, it's the normal flow of the CAS protocol. What would you expect as a behaviour? Thanks. Best regards, J??r??me 2014-05-19 13:00 GMT+02:00 chris nikitas chrisn...@gmail.com javascript: : Dooh!!! Of course... thanks for that! I am getting the redirection now... however when I end up to my final URL, I have the ticket on the url. Is there a way to remove that? On Monday, May 19, 2014 11:54:36 AM UTC+1, J??r??me LELEU wrote: OK. I see, typo problem: not ?renew=true, but renew=true... 2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com: Yes, so my original url is http://127.0.0.1:8080/details http://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA And then I try to call https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true However it reloads the page with a new ticket like so: http://127.0.0.1:8080/details?renew=true http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal ticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal But it does not prompt me to input my user credentials again. On the server side I do the following prior to calling the CAS login: HttpSession session = request.getSession(false); session.invalidate(); SecurityContext context = SecurityContextHolder.getContext(); Authentication auth = context.getAuthentication(); if (auth != null) { new SecurityContextLogoutHandler().logout(request, response, auth); } context.setAuthentication(null); On Monday, May 19, 2014 11:40:14 AM UTC+1, J??r??me LELEU wrote: I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com: Using the ?renew=true http://myservice/?renew=true .query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, J??r??me LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http://myservice?renew=true. Best regards, J??r??me 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org
[cas-user] logout redirect
Hi I am trying to set up logout redirect in CAS 3.5.2, I see that I can change the following line in cas-servlet.xml: p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/ to p:followServiceRedirects=true/ However, there is a section in the cas.properties file as follows: ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests # cas.logout.followServiceRedirects=false does this mean I can change this to ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests cas.logout.followServiceRedirects=true and leave cas-servlet.xml untouched or is it telling me I need to modify cas-servlet.xml and not cas.properties? I would prefer to do this in cas.properties if possible, in order to reduce the number of files I have to modify. Thanks David -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] logout redirect
and leave cas-servlet.xml untouched or is it telling me I need to modify cas-servlet.xml and not cas.properties? Leave cas-servlet.xml alone, and only change cas.properties. From: David Kane [mailto:david.a.k...@ucd.ie] Sent: Monday, May 19, 2014 8:45 AM To: cas-user@lists.jasig.org Subject: [cas-user] logout redirect Hi I am trying to set up logout redirect in CAS 3.5.2, I see that I can change the following line in cas-servlet.xml: p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/ to p:followServiceRedirects=true/ However, there is a section in the cas.properties file as follows: ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests # cas.logout.followServiceRedirects=false does this mean I can change this to ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests cas.logout.followServiceRedirects=true and leave cas-servlet.xml untouched or is it telling me I need to modify cas-servlet.xml and not cas.properties? I would prefer to do this in cas.properties if possible, in order to reduce the number of files I have to modify. Thanks David -- You are currently subscribed to cas-user@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] logout redirect
I am not sure about other possibilites, but it works for me when changing |webapps/cas-server-webapp-3.5.2/WEB-INF/cas-servlet.xml by setting |the attribute |followServiceRedirects| to |true| HTH Michael Am 19.05.14 17:48, schrieb Misagh Moayyed: and leave cas-servlet.xml untouched or is it telling me I need to modify cas-servlet.xml and not cas.properties? Leave cas-servlet.xml alone, and only change cas.properties. From: David Kane [mailto:david.a.k...@ucd.ie] Sent: Monday, May 19, 2014 8:45 AM To: cas-user@lists.jasig.org Subject: [cas-user] logout redirect Hi I am trying to set up logout redirect in CAS 3.5.2, I see that I can change the following line in cas-servlet.xml: p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/ to p:followServiceRedirects=true/ However, there is a section in the cas.properties file as follows: ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests # cas.logout.followServiceRedirects=false does this mean I can change this to ## # CAS Logout Behavior # WEB-INF/cas-servlet.xml # # Specify whether CAS should redirect to the specifyed service parameter on /logout requests cas.logout.followServiceRedirects=true and leave cas-servlet.xml untouched or is it telling me I need to modify cas-servlet.xml and not cas.properties? I would prefer to do this in cas.properties if possible, in order to reduce the number of files I have to modify. Thanks David -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Java 8?
On May 19, 2014, at 3:10 AM, J?r?me LELEU lel...@gmail.com wrote: I've made a new Java 8 build test on the master (4.1.0-SNAPSHOT) and I have a new error: some basic classes cannot be resolved (for ex: The import java.util.Arrays cannot be resolved) due mostly to indirectly referenced from required .class files. Do you have the same problem? I recall seeing that with 4.0.0, but so far not with 4.1.0-SNAPSHOT. Java SE 8u5. Tom. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CASTGC Cookie?
1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
1. It's the ticket-granting cookie, and it contains the ticket-granting ticket (TGT). You must have a valid TGT from a given CAS server, and the TGT must exist in the server's ticket registry, in order to login to any CAS-enabled services that use that server. 2. It's generated when you authenticate to CAS. 3. If CASTGC is not present or its value does not match any current ticket in CAS's ticket registry, CAS assumes that you're not logged in and displays the login page. Best regards, -- Carlos. -Original Message- From: Zac [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:26 To: cas-user@lists.jasig.org Subject: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CASTGC Cookie?
1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
The flow is: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. a. If the user presented a service URL upon arriving at the login page, CAS will also generate a service ticket and redirect the browser to that service URL with the ST. b. If not, CAS will display the Login successful page instead of redirecting. The browser does not check the cookie's content, but only stores it until it expires or CAS says to delete it. Best regards, -- Carlos. -Original Message- From: Zac Harvey [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:41 To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
Thanks Carlos, starting to see the whole picture now. So it sounds like something is going awry for me in step #3 just after CAS authenticates the user. Perhaps under some conditions the CASTGC isn't being generated and handed to the browser; or perhaps under some circumstances the ticket registry isn't receiving the TGT. Last week you mentioned something about a scenario where CAS is installed as root? How would you go about debugging this? Thanks again! -Original Message- From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Monday, May 19, 2014 4:17 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? The flow is: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. a. If the user presented a service URL upon arriving at the login page, CAS will also generate a service ticket and redirect the browser to that service URL with the ST. b. If not, CAS will display the Login successful page instead of redirecting. The browser does not check the cookie's content, but only stores it until it expires or CAS says to delete it. Best regards, -- Carlos. -Original Message- From: Zac Harvey [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:41 To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user