RE: [cas-user] Nested Servlet Exception During Load testing with CAS
Hi Carlos, I had customized the existing login page i.e. casLoginView.jsp and casLogoutView.jsp Following are the hidden fields in my login form: input type=hidden name=lt value=${loginTicket} / input type=hidden name=execution value=${flowExecutionKey} / input type=hidden name=_eventId value=submit / Thanks regards Puneet Goyal From: Carlos Fernandez [mailto:cfern...@sju.edu] Sent: Friday, January 02, 2015 10:19 PM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Nested Servlet Exception During Load testing with CAS Hi, Puneet, Does your CAS installation use a custom login page? If so, check that the login form includes the hidden execution field. Check the default casLoginPage.jsp for reference on which JSP variable to use to populate the field's value. Best regards, -- Carlos M. Fernández Sr. Enterprise Systems Admin Saint Joseph's University W: 610-660-1501 M: 215-316-1193 E: cfern...@sju.edu On Jan 2, 2015, at 01:33, Puneet Goyal pgo...@qasource.com wrote: Hi, I'm using CAS 4.0 and during a load test i'm getting the following errors: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.webflow.execution.repository.BadlyFormattedFlowExecutionKeyException: Badly formatted flow execution key 'NOTFOUND', the expected format is 'eexecutionIdssnapshotId' This is similar to the exception stated in CAS-1142 and the solution proposed in CAS-1142 is already present in CAS 4.0’s XML config. i.e. webflow:redirect-in-same-state value=false / in cas-servlet.xml Has anybody experienced this. Please suggest what could be the problem. Thanks Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: cfern...@sju.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: pgo...@qasource.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Nested Servlet Exception During Load testing with CAS
Hi, I'm using CAS 4.0 and during a load test i'm getting the following errors: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.webflow.execution.repository.BadlyFormattedFlowExecution KeyException: Badly formatted flow execution key 'NOTFOUND', the expected format is 'eexecutionIdssnapshotId' This is similar to the exception stated in CAS-1142 and the solution proposed in CAS-1142 is already present in CAS 4.0's XML config. i.e. webflow:redirect-in-same-state value=false / in cas-servlet.xml Has anybody experienced this. Please suggest what could be the problem. Thanks Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Manually writing CASTGC cookie CAS4
Hi , I want to pass an additional login parameter to the system, the way I thought to do the same was to change following entry with my custom class in login-webflow.xml var name=credential class=org.jasig.cas.authentication.UsernamePasswordCredential / Am I going in the right direction..? Secondly are server.name,server.prefix (from cas.properties) being used in normal authentication process and is it mandatory to specify these values? I see these values being used only in clearpass-configuration.xml and am not sure where this configuration comes into play. Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Adding more values in login form CAS, server.name,server.prefix required?
Hi , I want to pass an additional login parameter to the system, the way I thought to do the same was to change following entry with my custom class in login-webflow.xml var name=credential class=org.jasig.cas.authentication.UsernamePasswordCredential / Am I going in the right direction..? Secondly are server.name,server.prefix (from cas.properties) being used in normal authentication process and is it mandatory to specify these values? I see these values being used only in clearpass-configuration.xml and am not sure where this configuration comes into play. Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Manually writing CASTGC cookie CAS4
Hi , I have a scenario where I am authenticating a user by using CAS's REST api and writing the returned cookie to response The thought was when a secured page is encountered and user goes to CAS's login page, he will get logged in using the CASTGC cookie. But this doesn't work correctly as CASTGC cookie is not read by the page. The question here is: 1. Is this the correct way of doing programmatic log in.? ( As in this scenario I can't show cas's login page, user logs In using a separate form) 2. I see a CASPRIVACY cookie also coming up now, what is the use of this cookie and do I need to write this as well to response? Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Issue with Relative service URL's CAS 4.0 + ACEGI
Hi , I am using CAS with Acegi and I want to use relative service URL's , hostname should not be a part of property service. So for this, I sub classed CasProcessingFilterEntryPoint so that in method commence it gets the whole URL from request and appends the relative service value to it. Something like buffer.append(URLEncoder.encode(response.encodeURL(request.getRequestURL().t oString().replace(request.getServletPath(),)+this.serviceProperties.getSer vice()), UTF-8)); Using this I generated service URL correctly, but while validating the service ticket using org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator , I get ServiceManagement: Unauthorized Service Access. Service [http://localhost/j_acegi_cas_security_check] is not found in service registry.. My guess is this happens because CasProxyTicketValidator takes relative Service URL from service properties and that mismatches the URL used in service redirect. So subclassing CasProxyTicketValidator and overriding method confirmTicketValid should do. Please share your views if anyone has faced this issue or has a better solution to this. Thanks Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Conflict in documentation for JPA ticket registry at http://jasig.github.io/cas/4.0.0
Hi , I'm seeing two different bean configurations for JPA ticket registry in documentation, please clarify which one is correct: . Link1 :http://jasig.github.io/cas/4.0.0/installation/Configuring-Ticketing-Compone nts.html . Link2: http://jasig.github.io/cas/4.0.0/installation/JPA-Ticket-Registry.html Also are the following beans required for HA setup for CAS, please point to documentation where use of following beans could be found : . jobDetailTicketRegistryCleaner . triggerJobDetailTicketRegistryCleaner Thanks Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Redirecting to a page after logging out of CAS, should service param value be hardcoded..?
Hi , I want to redirect user to a different page after user hits logs out of CAS. Here I understand that on CAS's end I have to set p:followServiceRedirects=true for logoutController , and I have to send logout redirect URL as service parameter (url encoded) i.e. http://hostname/cas/logout?service={url http://hostname/cas/logout?service=%7burl encoded link}. Now does that link has to be hardcoded in logoutFilter of target application, can't it be dynamically replaced as at time of login. I've read discussion at http://forum.spring.io/forum/spring-projects/security/17816-acegi-cas-logout filter-and-cas-redirect-url but as final redirect fix is not mentioned here , was not able to proceed. Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] show custom error messages on CAS Authentication failure (DB based Authentication)
Hi , I am using Database for authenticating credentials of user and for the business logic we've overridden QueryDatabaseAuthenticationHandler. Now , I want to return different authentication messages for different cases, e.g. If a user is locked, on every authentication attempt, returned message should be something like your account is locked, please contact your administrator'. Etc. But QueryDatabaseAuthenticationHandler returns a Boolean value and returning false from QueryDatabaseAuthenticationHandler means BAD CREDENTIALS, please correct me if this assumption is wrong. The Question is, how do I return different authentication error messages based upon different user conditions. Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
[cas-user] Authenticating REST web services using CAS's REST API's
Hi , I was going through the restlet configuration of CAS, and I am trying to find a way wherein a user can authenticate himself for target applications REST services using the CAS's REST services. I also went through the JAAS configuration, but I'm not sure how I can configure target REST API's to authenticate using CAS's REST API's and JAAS. Am I in right direction looking for JAAS support to use CAS's REST API's Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE: [cas-user] Authenticating REST web services using CAS's REST API's
Hi Yogesh, I am not much familiar with proxying but my understanding is that in proxying , after authenticating a user first time , application gets a PGT which can be used for authentication without contacting CAS. But this still leaves me with authenticating user the first time. The functionality I want to implement is : 1) User authenticates for hitting the target REST API’s using basic auth (username and password specified in authentication header). 2) The authentication provider at target REST API end uses a provider which uses CAS’s REST API to validate username/password , get a TGT, use TGT to get a ST and validate ST (This needs to happen for each authentication request as the target services are REST based). Please share your thoughts for the same. Regards Puneet Goyal From: Yogesh Ranganath [mailto:yogesh.rangan...@gmail.com] Sent: Monday, February 10, 2014 8:22 PM To: cas-user@lists.jasig.org Cc: cas-user@lists.jasig.org; cas-user@lists.jasig.org; pgo...@qasource.com Subject: Re: [cas-user] Authenticating REST web services using CAS's REST API's I'm not familiar with JAAS. As i understand you want to authenticate a target application using CAS. You could do it using the CAS Proxy as detailed out here https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough Incidentally I used the same steps to authenticate using CAS Proxy for my application recently and have documented them. I'm also attaching images extracted from PDF mentioned the Walkthough, the pdf doesn't open correctly in new Adobe PDF version. Hope it helps you, best of luck. On Monday, February 10, 2014 4:22:00 PM UTC+5:30, Puneet Goyal wrote: Hi , I was going through the restlet configuration of CAS, and I am trying to find a way wherein a user can authenticate himself for target applications REST services using the CAS’s REST services. I also went through the JAAS configuration, but I’m not sure how I can configure target REST API’s to authenticate using CAS’s REST API’s and JAAS. Am I in right direction looking for JAAS support to use CAS’s REST API’s Regards Puneet Goyal -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: pgo...@qasource.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
RE:[cas-user] Authenticating a pre authenticated user in CAS using principal object (Need help)
Hi, I want to authenticate a user with CAS which is pre-authenticated using a web service and logged into the target application. The whole scenario is as under: A user logs into target application from a 3rd party site. At this point SecurityContext.getAuthentication returns the correct user Principal object. Now as Target application is using CAS, SSO login to Target application's suite of applications requires a CAS login. How can I accomplish the same using the user's principal object. I went through https://wiki.jasig.org/display/CAS/Using+the+REMOTE_USER but the same is not of much help as this uses bean id=loginFormAction class=org.jasig.cas.web.flow.LoginFormAction which is not used in cas-server-3.5.1. and org.jasig.cas.web.flow.AuthenticationViaFormAction used in cas-server-3.5.1 does not use formObjectClass. Regards Puneet Goyal -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user