Re: [cas-user] Demo Site
have you checked yet cas.log? What CAS version do you use and on what environment (OS, Java version, ...)? HTH Michael Am 19.05.14 02:27, schrieb Assil: Hello, I'm having trouble with the demo. After deploying the war to the server and going to the login page, I see the login form, however identical username and passwords as specified by the install guide seem to get me nowhere, I keep getting : invalid credentials. Do you have any idea of what could be wrong ? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Demo Site
Thank you guys for your replies, I'm using the v4.0 indeed. I'm new to cas so I didn't know where else to look other than the install notes. Thanks again. Good day! On May 19, 2014 8:54 AM, Jérôme LELEU lel...@gmail.com wrote: Hi, Indeed, it depends on the CAS server version. In the latest CAS server v4.0, the login equals password handler is no more configured. There is a pre-defined login/pwd: https://github.com/Jasig/cas/blob/master/cas-server-webapp/src/main/webapp/WEB-INF/deployerConfigContext.xml#L107 . Best regards, Jérôme 2014-05-19 8:56 GMT+02:00 Michael Wechner michael.wech...@wyona.com: have you checked yet cas.log? What CAS version do you use and on what environment (OS, Java version, ...)? HTH Michael Am 19.05.14 02:27, schrieb Assil: Hello, I'm having trouble with the demo. After deploying the war to the server and going to the login page, I see the login form, however identical username and passwords as specified by the install guide seem to get me nowhere, I keep getting : invalid credentials. Do you have any idea of what could be wrong ? -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: as...@wawneeds.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Force re-authentication programmatically
Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisniki...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Nope... still getting the following error: SEVERE: Servlet.service() for servlet [accounts] in context with path [] threw exception org.pac4j.core.exception.TechnicalException: org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-907-DNtEbdyNP0br94K6dpfQsdfasdfasdf' does not match supplied service. The original service was 'http://127.0.0.1:8080/details/callback?client_name=CasClient' and the supplied service was 'http://127.0.0.1:8080/callback?client_name=CasClient'. How can I get rid of the ticket? On Monday, May 19, 2014 10:06:54 AM UTC+1, chris nikitas wrote: I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cas-user-garchive-84...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Java 8?
Hi, I've made a new Java 8 build test on the master (4.1.0-SNAPSHOT) and I have a new error: some basic classes cannot be resolved (for ex: The import java.util.Arrays cannot be resolved) due mostly to indirectly referenced from required .class files. Do you have the same problem? Thanks. Best regards, Jérôme 2014-05-16 1:32 GMT+02:00 Scott Battaglia scott.battag...@gmail.com: I built from the command line using the latest code (not the 4.0.x branch). I'll try again later. On Tue, May 13, 2014 at 11:14 AM, Tom Poage tfpo...@ucdavis.edu wrote: On May 12, 2014, at 7:59 PM, Scott Battaglia scott.battag...@gmail.com wrote: I just tried building and running it locally. I was able to do so though I didn't do extensive testing. Thank you! Tried to build myself and got e.g. [INFO] --- aspectj-maven-plugin:1.4:compile (default) @ cas-server-core --- [WARNING] bad version number found in .../.m2/repository/org/aspectj/aspectjrt/1.7.2/aspectjrt-1.7.2.jar expected 1.6.11 found 1.7.2 org.aspectj.apache.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 15 at org.aspectj.apache.bcel.classfile.Constant.readConstant(Constant.java:133) at org.aspectj.apache.bcel.classfile.ConstantPool.init(ConstantPool.java:45) Any attempts to resolve only made things worse. So something lurking in there. Started to dig, but eventually had to move on to other priorities. Did you build with maven or Eclipse? (versions?) Tom. -- You are currently subscribed to cas-user@lists.jasig.org as: scott.battag...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service= http://myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Sorry about that! So the web flow is as follows. User navigates to a secure resource and is automatically redirected to the CAS login page. Upon successful login, the user is redirected to the original page he was trying to access. During authentication, my app is talking to an external app that provides me with a token that expires after some time. Usually this third party token will expire sooner than the CAS session. When this happens, I want to force the user to the CAS login page, so they can provide their credentials again and retrieve another new token from the external service. This needs to be done programmatically since I check in the code whether that third party token has expired or not. Does this make sense? On Monday, May 19, 2014 11:12:29 AM UTC+1, Jérôme LELEU wrote: Hi, Oh! I see you are using pac4j as a client. You could have used the appropriate mailing-list: https://groups.google.com/forum/?fromgroups#!forum/pac4j-users. Would you mind elaborating a little more your web flow? Thanks. Best regards, Jérôme 2014-05-19 11:34 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript: : Nope... still getting the following error: SEVERE: Servlet.service() for servlet [accounts] in context with path [] threw exception org.pac4j.core.exception.TechnicalException: org.jasig.cas.client.validation.TicketValidationException: ticket 'ST-907-DNtEbdyNP0br94K6dpfQsdfasdfasdf' does not match supplied service. The original service was ' http://127.0.0.1:8080/details/callback?client_name=CasClient' and the supplied service was ' http://127.0.0.1:8080/callback?client_name=CasClient'. How can I get rid of the ticket? On Monday, May 19, 2014 10:06:54 AM UTC+1, chris nikitas wrote: I will try that Jerome, thanks! So far I tried to call the same page, in hope that Spring Security will detect the invalidated session, and will automatically redirect me. However I get 500 internal error since the ticket is still present! On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http:// myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: cas-user-ga...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: lel...@gmail.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
I'm not sure I was clear enough here, but you must go to the CAS login url with the renew=true parameter, this parameter is applied on the CAS server side... 2014-05-19 12:11 GMT+02:00 chris nikitas chrisniki...@gmail.com: Using the ?renew=true http://myservice/?renew=true.query parameter, it reloads the same page but does not prompt me to the CAS login page. I have a suspicion maybe the service ticket is still on the client or something... On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote: Hi, I'm not exactly sure of what flow you have in mind, but you can force a re-authentication (even if the user is already authenticated) by using the renew parameter on the login url: /cas/login?service=http:// myservice?renew=true. Best regards, Jérôme 2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com: Hi all, My application, talks to a third-party app which keeps it's own authentication token. What I want to do is the following: If that third-party token expires, I want to force a CAS relogin (give the user the CAS login form to enter their credentials) and upon successful relogin, return to the page the were on. My app is using Spring Security and AngularJS at the front (if that makes a difference). What would be the best way to go about this? Thanks, Chris. -- You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org as: jasig-cas-user...@googlegroups.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Yes, so my original url is
http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to
call
https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like
so:
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response,
auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login url
with the renew=true parameter, this parameter is applied on the CAS server
side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript:
:
Using the ?renew=true http://myservice/?renew=true.query parameter, it
reloads the same page but does not prompt me to the CAS login page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can force a
re-authentication (even if the user is already authenticated) by using the
renew parameter on the login url: /cas/login?service=http://
myservice?renew=true.
Best regards,
Jérôme
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin (give
the user the CAS login form to enter their credentials) and upon
successful
relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that
makes a difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
lel...@gmail.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
jasig-cas-user...@googlegroups.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
OK. I see, typo problem: not ?renew=true, but renew=true...
2014-05-19 12:47 GMT+02:00 chris nikitas chrisniki...@gmail.com:
Yes, so my original url is
http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to call
https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like so:
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response,
auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login
url with the renew=true parameter, this parameter is applied on the CAS
server side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com:
Using the ?renew=true http://myservice/?renew=true.query parameter,
it reloads the same page but does not prompt me to the CAS login page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can force a
re-authentication (even if the user is already authenticated) by using the
renew parameter on the login url: /cas/login?service=http://myse
rvice?renew=true.
Best regards,
Jérôme
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin (give
the user the CAS login form to enter their credentials) and upon
successful
relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that
makes a difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Dooh!!! Of course... thanks for that!
I am getting the redirection now... however when I end up to my final URL,
I have the ticket on the url.
Is there a way to remove that?
On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote:
OK. I see, typo problem: not ?renew=true, but renew=true...
2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript:
:
Yes, so my original url is
http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to call
https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like so:
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response,
auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login
url with the renew=true parameter, this parameter is applied on the CAS
server side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com:
Using the ?renew=true http://myservice/?renew=true.query parameter,
it reloads the same page but does not prompt me to the CAS login page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can force
a re-authentication (even if the user is already authenticated) by using
the renew parameter on the login url: /cas/login?service=http://myse
rvice?renew=true.
Best regards,
Jérôme
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin
(give the user the CAS login form to enter their credentials) and upon
successful relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that
makes a difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
lel...@gmail.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
jasig-cas-user...@googlegroups.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi,
If you re-authenticate in your app, you will receive a new ST to access to
your app, it's the normal flow of the CAS protocol.
What would you expect as a behaviour?
Thanks.
Best regards,
Jérôme
2014-05-19 13:00 GMT+02:00 chris nikitas chrisniki...@gmail.com:
Dooh!!! Of course... thanks for that!
I am getting the redirection now... however when I end up to my final URL,
I have the ticket on the url.
Is there a way to remove that?
On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote:
OK. I see, typo problem: not ?renew=true, but renew=true...
2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com:
Yes, so my original url is
http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to call https://10.222.345.123:
8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like so:
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-
6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request,
response, auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login
url with the renew=true parameter, this parameter is applied on the CAS
server side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com:
Using the ?renew=true http://myservice/?renew=true.query parameter,
it reloads the same page but does not prompt me to the CAS login page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can force
a re-authentication (even if the user is already authenticated) by using
the renew parameter on the login url: /cas/login?service=http://myse
rvice?renew=true.
Best regards,
Jérôme
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin
(give the user the CAS login form to enter their credentials) and upon
successful relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that
makes a difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Force re-authentication programmatically
Hi Jerome,
I am happy with the re-authentication. I was just talking about the ticket
on the actual url.
On Monday, May 19, 2014 4:07:11 PM UTC+1, Jérôme LELEU wrote:
Hi,
If you re-authenticate in your app, you will receive a new ST to access to
your app, it's the normal flow of the CAS protocol.
What would you expect as a behaviour?
Thanks.
Best regards,
Jérôme
2014-05-19 13:00 GMT+02:00 chris nikitas chrisn...@gmail.comjavascript:
:
Dooh!!! Of course... thanks for that!
I am getting the redirection now... however when I end up to my final
URL, I have the ticket on the url.
Is there a way to remove that?
On Monday, May 19, 2014 11:54:36 AM UTC+1, Jérôme LELEU wrote:
OK. I see, typo problem: not ?renew=true, but renew=true...
2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com:
Yes, so my original url is
http://127.0.0.1:8080/detailshttp://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to call https://10.222.345.123:
8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like so:
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-
6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request,
response, auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, Jérôme LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login
url with the renew=true parameter, this parameter is applied on the CAS
server side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com:
Using the ?renew=true http://myservice/?renew=true.query
parameter, it reloads the same page but does not prompt me to the CAS
login
page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, Jérôme LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can
force a re-authentication (even if the user is already authenticated)
by
using the renew parameter on the login url: /cas/login?service=
http://myservice?renew=true.
Best regards,
Jérôme
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin
(give the user the CAS login form to enter their credentials) and upon
successful relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that
makes a difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
lel...@gmail.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org javascript: as:
jasig-cas-user...@googlegroups.com javascript:
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
RE: [cas-user] Force re-authentication programmatically
You???ll need to programmatically rewrite the url. Certain, if not all
official CAS clients do that for you, but it seems like you???re not using
one.
From: chris nikitas [mailto:chrisniki...@gmail.com]
Sent: Monday, May 19, 2014 8:14 AM
To: cas-user@lists.jasig.org
Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org
Subject: Re: [cas-user] Force re-authentication programmatically
Hi Jerome,
I am happy with the re-authentication. I was just talking about the ticket
on the actual url.
On Monday, May 19, 2014 4:07:11 PM UTC+1, J??r??me LELEU wrote:
Hi,
If you re-authenticate in your app, you will receive a new ST to access to
your app, it's the normal flow of the CAS protocol.
What would you expect as a behaviour?
Thanks.
Best regards,
J??r??me
2014-05-19 13:00 GMT+02:00 chris nikitas chrisn...@gmail.com javascript:
:
Dooh!!! Of course... thanks for that!
I am getting the redirection now... however when I end up to my final URL, I
have the ticket on the url.
Is there a way to remove that?
On Monday, May 19, 2014 11:54:36 AM UTC+1, J??r??me LELEU wrote:
OK. I see, typo problem: not ?renew=true, but renew=true...
2014-05-19 12:47 GMT+02:00 chris nikitas chrisn...@gmail.com:
Yes, so my original url is http://127.0.0.1:8080/details
http://www.google.com/url?q=http%3A%2F%2F127.0.0.1%3A8080%2Fdetails%2Fcallback%3Fclient_name%3DCasClientsa=Dsntz=1usg=AFQjCNHmF24lyCht6c84ldd4PI8qh36kAA
And then I try to call
https://10.222.345.123:8080/cas/login?service=http://127.0.0.1:8080/details?renew=true
However it reloads the page with a new ticket like so:
http://127.0.0.1:8080/details?renew=true
http://127.0.0.1:8080/details?renew=trueticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
ticket=ST-1095-6cHLzsFkF4NYM4NviOcgsdfsdrgdsfal
But it does not prompt me to input my user credentials again.
On the server side I do the following prior to calling the CAS login:
HttpSession session = request.getSession(false);
session.invalidate();
SecurityContext context = SecurityContextHolder.getContext();
Authentication auth = context.getAuthentication();
if (auth != null) {
new SecurityContextLogoutHandler().logout(request, response,
auth);
}
context.setAuthentication(null);
On Monday, May 19, 2014 11:40:14 AM UTC+1, J??r??me LELEU wrote:
I'm not sure I was clear enough here, but you must go to the CAS login url
with the renew=true parameter, this parameter is applied on the CAS server
side...
2014-05-19 12:11 GMT+02:00 chris nikitas chrisn...@gmail.com:
Using the ?renew=true http://myservice/?renew=true .query parameter, it
reloads the same page but does not prompt me to the CAS login page.
I have a suspicion maybe the service ticket is still on the client or
something...
On Monday, May 19, 2014 10:03:23 AM UTC+1, J??r??me LELEU wrote:
Hi,
I'm not exactly sure of what flow you have in mind, but you can force a
re-authentication (even if the user is already authenticated) by using the
renew parameter on the login url:
/cas/login?service=http://myservice?renew=true.
Best regards,
J??r??me
2014-05-19 10:58 GMT+02:00 chris nikitas chrisn...@gmail.com:
Hi all,
My application, talks to a third-party app which keeps it's own
authentication token.
What I want to do is the following:
If that third-party token expires, I want to force a CAS relogin (give the
user the CAS login form to enter their credentials) and upon successful
relogin, return to the page the were on.
My app is using Spring Security and AngularJS at the front (if that makes a
difference).
What would be the best way to go about this?
Thanks,
Chris.
--
You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as: lel...@gmail.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org as:
jasig-cas-user...@googlegroups.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-...@lists.jasig.org
[cas-user] logout redirect
Hi
I am trying to set up logout redirect in CAS 3.5.2, I see that I can change
the following line in cas-servlet.xml:
p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/
to
p:followServiceRedirects=true/
However, there is a section in the cas.properties file as follows:
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
# cas.logout.followServiceRedirects=false
does this mean I can change this to
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
cas.logout.followServiceRedirects=true
and leave cas-servlet.xml untouched or is it telling me I need to modify
cas-servlet.xml and not cas.properties?
I would prefer to do this in cas.properties if possible, in order to reduce
the number of files I have to modify.
Thanks
David
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] logout redirect
and leave cas-servlet.xml untouched or is it telling me I need to modify
cas-servlet.xml and not cas.properties?
Leave cas-servlet.xml alone, and only change cas.properties.
From: David Kane [mailto:david.a.k...@ucd.ie]
Sent: Monday, May 19, 2014 8:45 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] logout redirect
Hi
I am trying to set up logout redirect in CAS 3.5.2, I see that I can change
the following line in cas-servlet.xml:
p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/
to
p:followServiceRedirects=true/
However, there is a section in the cas.properties file as follows:
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
# cas.logout.followServiceRedirects=false
does this mean I can change this to
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
cas.logout.followServiceRedirects=true
and leave cas-servlet.xml untouched or is it telling me I need to modify
cas-servlet.xml and not cas.properties?
I would prefer to do this in cas.properties if possible, in order to reduce
the number of files I have to modify.
Thanks
David
--
You are currently subscribed to cas-user@lists.jasig.org as:
mmoay...@unicon.net
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] logout redirect
I am not sure about other possibilites, but it works for me when changing
|webapps/cas-server-webapp-3.5.2/WEB-INF/cas-servlet.xml
by setting |the attribute |followServiceRedirects| to |true|
HTH
Michael
Am 19.05.14 17:48, schrieb Misagh Moayyed:
and leave cas-servlet.xml untouched or is it telling me I need to modify
cas-servlet.xml and not cas.properties?
Leave cas-servlet.xml alone, and only change cas.properties.
From: David Kane [mailto:david.a.k...@ucd.ie]
Sent: Monday, May 19, 2014 8:45 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] logout redirect
Hi
I am trying to set up logout redirect in CAS 3.5.2, I see that I can change
the following line in cas-servlet.xml:
p:followServiceRedirects=${cas.logout.followServiceRedirects:false}/
to
p:followServiceRedirects=true/
However, there is a section in the cas.properties file as follows:
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
# cas.logout.followServiceRedirects=false
does this mean I can change this to
##
# CAS Logout Behavior
# WEB-INF/cas-servlet.xml
#
# Specify whether CAS should redirect to the specifyed service parameter on
/logout requests
cas.logout.followServiceRedirects=true
and leave cas-servlet.xml untouched or is it telling me I need to modify
cas-servlet.xml and not cas.properties?
I would prefer to do this in cas.properties if possible, in order to reduce
the number of files I have to modify.
Thanks
David
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] Java 8?
On May 19, 2014, at 3:10 AM, J?r?me LELEU lel...@gmail.com wrote: I've made a new Java 8 build test on the master (4.1.0-SNAPSHOT) and I have a new error: some basic classes cannot be resolved (for ex: The import java.util.Arrays cannot be resolved) due mostly to indirectly referenced from required .class files. Do you have the same problem? I recall seeing that with 4.0.0, but so far not with 4.1.0-SNAPSHOT. Java SE 8u5. Tom. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] CASTGC Cookie?
1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
1. It's the ticket-granting cookie, and it contains the ticket-granting ticket (TGT). You must have a valid TGT from a given CAS server, and the TGT must exist in the server's ticket registry, in order to login to any CAS-enabled services that use that server. 2. It's generated when you authenticate to CAS. 3. If CASTGC is not present or its value does not match any current ticket in CAS's ticket registry, CAS assumes that you're not logged in and displays the login page. Best regards, -- Carlos. -Original Message- From: Zac [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:26 To: cas-user@lists.jasig.org Subject: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CASTGC Cookie?
1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
The flow is: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. a. If the user presented a service URL upon arriving at the login page, CAS will also generate a service ticket and redirect the browser to that service URL with the ST. b. If not, CAS will display the Login successful page instead of redirecting. The browser does not check the cookie's content, but only stores it until it expires or CAS says to delete it. Best regards, -- Carlos. -Original Message- From: Zac Harvey [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:41 To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] CASTGC Cookie?
Thanks Carlos, starting to see the whole picture now. So it sounds like something is going awry for me in step #3 just after CAS authenticates the user. Perhaps under some conditions the CASTGC isn't being generated and handed to the browser; or perhaps under some circumstances the ticket registry isn't receiving the TGT. Last week you mentioned something about a scenario where CAS is installed as root? How would you go about debugging this? Thanks again! -Original Message- From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Monday, May 19, 2014 4:17 PM To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? The flow is: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. a. If the user presented a service URL upon arriving at the login page, CAS will also generate a service ticket and redirect the browser to that service URL with the ST. b. If not, CAS will display the Login successful page instead of redirecting. The browser does not check the cookie's content, but only stores it until it expires or CAS says to delete it. Best regards, -- Carlos. -Original Message- From: Zac Harvey [mailto:zhar...@commercehub.com] Sent: Monday, 19 May, 2014 15:41 To: cas-user@lists.jasig.org Subject: RE: [cas-user] CASTGC Cookie? Thanks Carlos Marvin, That makes more sense. But I'm still not fully understanding the flow: 1. User goes to CAS login page. 2. User logs in. 3. CAS authenticates user and generates a CASTGC cookie and hands it back to browser. 4. Browser does a check to see if it has a CASTGC cookie, and if not, redirects back to the login page (?) Thanks for any clarification here! Zac -Original Message- From: Marvin Addison [mailto:marvin.addi...@gmail.com] Sent: Monday, May 19, 2014 3:35 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] CASTGC Cookie? 1. What is the CASTGC cookie? What role does it play when logging in? 2. When is the CASTGC cookie generated? 3. What happens if the CASTGC cookie isn't present when the user signs in? I believe the following section of the CAS protocol document answers all the above: http://www.jasig.org/cas/protocol#ticket-granting-cookie M -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: zhar...@commercehub.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
