Re: [cas-user] Setting up Clearpass

[Adam Causey]

I finally solved this issue.  The previous developer working on our CAS
system setup a different prefix path for the UrlBasedViewResolver than the
default, and a side effect was that the JSP in which clearpass returns the
response could not be found.  This was causing a 404 error, and hence the
password was not returned.

On Wed, Oct 22, 2014 at 1:46 PM, Adam Causey  wrote:

> Thanks for all of the replies.  I've narrowed it down now to an issue with
> the jsp not being found, although it is where it should be on the file
> system.  It's going to take some additional digging to see why the jsp path
> is apparently including the context, which seems to be the issue here.
>
> HTTP Status 404 - 
> /cas/WEB-INF/view/jsp/default/ui/protocol/clearPass/clearPassSuccess.jsp
>>
>>
> thanks,
> Adam
>
>
> On Wed, Oct 22, 2014 at 11:50 AM, John Gasper  wrote:
>
>>  At this point, if you can't bump the logging to get more information
>> about the cause of the error, then you might need to attach a debugger to
>> your container and step through some code.
>>
>>
>>  On 10/21/14 12:10 PM, Adam Causey wrote:
>>
>>  John,
>>
>>  As far as I know I am sending the newly acquired proxy ticket, however
>> I did notice that my proxy tickets are prefixed with ST which is not what
>> the example shows.
>>
>>  I followed the steps found on the Proxy CAS Walkthrough
>>  page using
>> the clearPass URL as the targetService in Step Four, and in Step Five I
>> verified the ticket by calling proxyValidate with the clearPass URL as the
>> service and the ticket I received from Step Four as the ticket.
>>
>>  Step Five produced the result below, which seems to indicate that the
>> ticket was valid.  However, if I call the clearPass URL with the ticket
>> appended I get the 'invalid ticket' error in the logs.  This tells me the
>> backend call that the clearPass endpoint is making is where the failure is
>> occurring.
>>
>> 
>>  
>>  apcausey
>>  
>>  
>> https://dev.vcu.edu/cas-test/proxyCallback
>>  
>>  
>>
>>  Thanks!
>>
>> Adam
>>
>>
>>
>> On Tue, Oct 21, 2014 at 12:54 PM, John Gasper  wrote:
>>
>>>  Adam,
>>>
>>> Are you sending the calling application's originally requested service
>>> ticket or are you sending a newly acquired proxy ticket to clearPass?
>>>
>>> John
>>>
>>> ---
>>> *John Gasper*
>>> IAM Consultant
>>> Unicon, Inc.
>>> PGP/GPG Key: 0xbafee3ef
>>>
>>>   On 10/21/14 8:53 AM, Adam Causey wrote:
>>>
>>>   I'm still having issues with clearPass not recognizing the service
>>> ticket when I call the /clearPass endpoint.  I ran through the 'Proxy CAS
>>> Walkthrough' instructions to make sure that proxying is setup correctly and
>>> that I understand it better.
>>>
>>>  Is my understanding correct that all I should have to do is treat the
>>> /clearPass endpoint as I would a normal proxied service even though it is
>>> on the CAS server itself?
>>>
>>>  I followed the instructions for setting up clear pass to the tooth and
>>> have re-checked my configuration.
>>>
>>>  Does anyone using clearPass have any suggestions, or is it not widely
>>> implemented?
>>>
>>>  Thanks,
>>> Adam
>>>
>>>
>>>
>>> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey  wrote:
>>>
  I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
 instructions found here: https://wiki.jasig.org/display/casum/clearpass
 .  However, it my test client when I call the /clearPass endpoint I get a
 404 Not Found response.

  I checked to make sure the /clearPass is being mapping with the
 defined HandlerMapping in clearpass-configuration.xml, and everything looks
 fine.  There are no errors in my logs.

  Any advice on getting this setup?

  Thanks!

  Adam Causey
 Virginia Commonwealth University


>>>   --
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> jgas...@unicon.net
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> apcau...@vcu.edu
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>>  --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Adam Causey]

Thanks for all of the replies.  I've narrowed it down now to an issue with
the jsp not being found, although it is where it should be on the file
system.  It's going to take some additional digging to see why the jsp path
is apparently including the context, which seems to be the issue here.

HTTP Status 404 -
/cas/WEB-INF/view/jsp/default/ui/protocol/clearPass/clearPassSuccess.jsp
>
>
thanks,
Adam


On Wed, Oct 22, 2014 at 11:50 AM, John Gasper  wrote:

>  At this point, if you can't bump the logging to get more information
> about the cause of the error, then you might need to attach a debugger to
> your container and step through some code.
>
>
>  On 10/21/14 12:10 PM, Adam Causey wrote:
>
>  John,
>
>  As far as I know I am sending the newly acquired proxy ticket, however I
> did notice that my proxy tickets are prefixed with ST which is not what the
> example shows.
>
>  I followed the steps found on the Proxy CAS Walkthrough
>  page using the
> clearPass URL as the targetService in Step Four, and in Step Five I
> verified the ticket by calling proxyValidate with the clearPass URL as the
> service and the ticket I received from Step Four as the ticket.
>
>  Step Five produced the result below, which seems to indicate that the
> ticket was valid.  However, if I call the clearPass URL with the ticket
> appended I get the 'invalid ticket' error in the logs.  This tells me the
> backend call that the clearPass endpoint is making is where the failure is
> occurring.
>
> 
>   
>   apcausey
>   
>   
> https://dev.vcu.edu/cas-test/proxyCallback
>   
>   
>
>  Thanks!
>
> Adam
>
>
>
> On Tue, Oct 21, 2014 at 12:54 PM, John Gasper  wrote:
>
>>  Adam,
>>
>> Are you sending the calling application's originally requested service
>> ticket or are you sending a newly acquired proxy ticket to clearPass?
>>
>> John
>>
>> ---
>> *John Gasper*
>> IAM Consultant
>> Unicon, Inc.
>> PGP/GPG Key: 0xbafee3ef
>>
>>   On 10/21/14 8:53 AM, Adam Causey wrote:
>>
>>   I'm still having issues with clearPass not recognizing the service
>> ticket when I call the /clearPass endpoint.  I ran through the 'Proxy CAS
>> Walkthrough' instructions to make sure that proxying is setup correctly and
>> that I understand it better.
>>
>>  Is my understanding correct that all I should have to do is treat the
>> /clearPass endpoint as I would a normal proxied service even though it is
>> on the CAS server itself?
>>
>>  I followed the instructions for setting up clear pass to the tooth and
>> have re-checked my configuration.
>>
>>  Does anyone using clearPass have any suggestions, or is it not widely
>> implemented?
>>
>>  Thanks,
>> Adam
>>
>>
>>
>> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey  wrote:
>>
>>>  I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>>> .  However, it my test client when I call the /clearPass endpoint I get a
>>> 404 Not Found response.
>>>
>>>  I checked to make sure the /clearPass is being mapping with the
>>> defined HandlerMapping in clearpass-configuration.xml, and everything looks
>>> fine.  There are no errors in my logs.
>>>
>>>  Any advice on getting this setup?
>>>
>>>  Thanks!
>>>
>>>  Adam Causey
>>> Virginia Commonwealth University
>>>
>>>
>>   --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> jgas...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[John Gasper]

At this point, if you can't bump the logging to get more information
about the cause of the error, then you might need to attach a debugger
to your container and step through some code.

On 10/21/14 12:10 PM, Adam Causey wrote:
> John,
>
> As far as I know I am sending the newly acquired proxy ticket, however
> I did notice that my proxy tickets are prefixed with ST which is not
> what the example shows.
>
> I followed the steps found on the Proxy CAS Walkthrough
>  page using
> the clearPass URL as the targetService in Step Four, and in Step Five
> I verified the ticket by calling proxyValidate with the clearPass URL
> as the service and the ticket I received from Step Four as the ticket.
>
> Step Five produced the result below, which seems to indicate that the
> ticket was valid.  However, if I call the clearPass URL with the
> ticket appended I get the 'invalid ticket' error in the logs.  This
> tells me the backend call that the clearPass endpoint is making is
> where the failure is occurring.
> 
>   
>   apcausey
>   
>   
> https://dev.vcu.edu/cas-test/proxyCallback
>   
>   
> 
> Thanks!
>
> Adam
>
>
>
> On Tue, Oct 21, 2014 at 12:54 PM, John Gasper  > wrote:
>
> Adam,
>
> Are you sending the calling application's originally requested
> service ticket or are you sending a newly acquired proxy ticket to
> clearPass?
>
> John
>
> ---
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
>
> On 10/21/14 8:53 AM, Adam Causey wrote:
>> I'm still having issues with clearPass not recognizing the
>> service ticket when I call the /clearPass endpoint.  I ran
>> through the 'Proxy CAS Walkthrough' instructions to make sure
>> that proxying is setup correctly and that I understand it better.
>>
>> Is my understanding correct that all I should have to do is treat
>> the /clearPass endpoint as I would a normal proxied service even
>> though it is on the CAS server itself?
>>
>> I followed the instructions for setting up clear pass to the
>> tooth and have re-checked my configuration.
>>
>> Does anyone using clearPass have any suggestions, or is it not
>> widely implemented?
>>
>> Thanks,
>> Adam
>>
>>
>>
>> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey > > wrote:
>>
>> I'm attempting to setup clearpass in CAS 3.5.2.  I've
>> followed the instructions found
>> here: https://wiki.jasig.org/display/casum/clearpass . 
>> However, it my test client when I call the /clearPass
>> endpoint I get a 404 Not Found response.  
>>
>> I checked to make sure the /clearPass is being mapping with
>> the defined HandlerMapping in clearpass-configuration.xml,
>> and everything looks fine.  There are no errors in my logs.
>>
>> Any advice on getting this setup?
>>
>> Thanks!
>>
>> Adam Causey
>> Virginia Commonwealth University
>>
>>
>> -- 
>> You are currently subscribed to cas-user@lists.jasig.org 
>>  as: jgas...@unicon.net 
>> 
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org 
>  as: apcau...@vcu.edu 
> 
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Adam Causey]

John,

As far as I know I am sending the newly acquired proxy ticket, however I
did notice that my proxy tickets are prefixed with ST which is not what the
example shows.

I followed the steps found on the Proxy CAS Walkthrough
 page using the
clearPass URL as the targetService in Step Four, and in Step Five I
verified the ticket by calling proxyValidate with the clearPass URL as the
service and the ticket I received from Step Four as the ticket.

Step Five produced the result below, which seems to indicate that the
ticket was valid.  However, if I call the clearPass URL with the ticket
appended I get the 'invalid ticket' error in the logs.  This tells me the
backend call that the clearPass endpoint is making is where the failure is
occurring.



apcausey


https://dev.vcu.edu/cas-test/proxyCallback




Thanks!

Adam



On Tue, Oct 21, 2014 at 12:54 PM, John Gasper  wrote:

>  Adam,
>
> Are you sending the calling application's originally requested service
> ticket or are you sending a newly acquired proxy ticket to clearPass?
>
> John
>
> ---
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
>
>  On 10/21/14 8:53 AM, Adam Causey wrote:
>
>  I'm still having issues with clearPass not recognizing the service
> ticket when I call the /clearPass endpoint.  I ran through the 'Proxy CAS
> Walkthrough' instructions to make sure that proxying is setup correctly and
> that I understand it better.
>
>  Is my understanding correct that all I should have to do is treat the
> /clearPass endpoint as I would a normal proxied service even though it is
> on the CAS server itself?
>
>  I followed the instructions for setting up clear pass to the tooth and
> have re-checked my configuration.
>
>  Does anyone using clearPass have any suggestions, or is it not widely
> implemented?
>
>  Thanks,
> Adam
>
>
>
> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey  wrote:
>
>>  I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>> .  However, it my test client when I call the /clearPass endpoint I get a
>> 404 Not Found response.
>>
>>  I checked to make sure the /clearPass is being mapping with the defined
>> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
>> There are no errors in my logs.
>>
>>  Any advice on getting this setup?
>>
>>  Thanks!
>>
>>  Adam Causey
>> Virginia Commonwealth University
>>
>>
>  --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Setting up Clearpass

[Misagh Moayyed]

Yes that’s the correct understanding.



When you get the PT and you validate it for the clearpass “service” you need 
to investigate why the validation fails (due to the ticket missing). Turn up 
the logs on the CAS server side and issue the PT that CAS tells you is not 
recognized. You should find an entry that attempts to delete the ticket for 
some reason.



From: Adam Causey [mailto:apcau...@vcu.edu]
Sent: Tuesday, October 21, 2014 8:54 AM
To: cas-user@lists.jasig.org
Subject: Re:[cas-user] Setting up Clearpass



I'm still having issues with clearPass not recognizing the service ticket 
when I call the /clearPass endpoint.  I ran through the 'Proxy CAS 
Walkthrough' instructions to make sure that proxying is setup correctly and 
that I understand it better.



Is my understanding correct that all I should have to do is treat the 
/clearPass endpoint as I would a normal proxied service even though it is on 
the CAS server itself?



I followed the instructions for setting up clear pass to the tooth and have 
re-checked my configuration.



Does anyone using clearPass have any suggestions, or is it not widely 
implemented?



Thanks,

Adam







On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey mailto:apcau...@vcu.edu> > wrote:

I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the 
instructions found here: https://wiki.jasig.org/display/casum/clearpass . 
However, it my test client when I call the /clearPass endpoint I get a 404 
Not Found response.



I checked to make sure the /clearPass is being mapping with the defined 
HandlerMapping in clearpass-configuration.xml, and everything looks fine. 
There are no errors in my logs.



Any advice on getting this setup?



Thanks!



Adam Causey

Virginia Commonwealth University






-- 
You are currently subscribed to cas-user@lists.jasig.org 
<mailto:cas-user@lists.jasig.org>  as: mmoay...@unicon.net 
<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[John Gasper]

Adam,

Are you sending the calling application's originally requested service
ticket or are you sending a newly acquired proxy ticket to clearPass?

John

---
*John Gasper*
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef

On 10/21/14 8:53 AM, Adam Causey wrote:
> I'm still having issues with clearPass not recognizing the service
> ticket when I call the /clearPass endpoint.  I ran through the 'Proxy
> CAS Walkthrough' instructions to make sure that proxying is setup
> correctly and that I understand it better.
>
> Is my understanding correct that all I should have to do is treat the
> /clearPass endpoint as I would a normal proxied service even though it
> is on the CAS server itself?
>
> I followed the instructions for setting up clear pass to the tooth and
> have re-checked my configuration.
>
> Does anyone using clearPass have any suggestions, or is it not widely
> implemented?
>
> Thanks,
> Adam
>
>
>
> On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey  > wrote:
>
> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
> instructions found
> here: https://wiki.jasig.org/display/casum/clearpass .  However,
> it my test client when I call the /clearPass endpoint I get a 404
> Not Found response.  
>
> I checked to make sure the /clearPass is being mapping with the
> defined HandlerMapping in clearpass-configuration.xml, and
> everything looks fine.  There are no errors in my logs.
>
> Any advice on getting this setup?
>
> Thanks!
>
> Adam Causey
> Virginia Commonwealth University
>
>
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> jgas...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re:[cas-user] Setting up Clearpass

[Adam Causey]

I'm still having issues with clearPass not recognizing the service ticket
when I call the /clearPass endpoint.  I ran through the 'Proxy CAS
Walkthrough' instructions to make sure that proxying is setup correctly and
that I understand it better.

Is my understanding correct that all I should have to do is treat the
/clearPass endpoint as I would a normal proxied service even though it is
on the CAS server itself?

I followed the instructions for setting up clear pass to the tooth and have
re-checked my configuration.

Does anyone using clearPass have any suggestions, or is it not widely
implemented?

Thanks,
Adam



On Thu, Oct 16, 2014 at 8:21 AM, Adam Causey  wrote:

> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
> instructions found here: https://wiki.jasig.org/display/casum/clearpass
> .  However, it my test client when I call the /clearPass endpoint I get a
> 404 Not Found response.
>
> I checked to make sure the /clearPass is being mapping with the defined
> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
> There are no errors in my logs.
>
> Any advice on getting this setup?
>
> Thanks!
>
> Adam Causey
> Virginia Commonwealth University
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Scott Battaglia]

That method should have been restored in 3.3.3 (or whatever the latest
version is in Maven Central)

On Mon, Oct 20, 2014 at 1:53 PM, Adam Causey  wrote:

> Thanks Dmitriy
> ​.  I am going to try this out.
>
> I did notice that the code does not work with the Java 3.3.1 client,
> however, since the method signature for
>
> CommonUtils.getResponseFromServer
> ​ changed from previous versions of the Java client.​  For now I will go
> against the 3.2.1 client.
>
> Thanks,
> Adam
>
> On Fri, Oct 17, 2014 at 2:12 PM, Dmitriy Kopylenko 
> wrote:
>
>> Here’s an example of how to interact with clearpass endpoint at the low
>> level:
>>
>>
>> https://github.com/Unicon/cas-java-clients-addons/blob/master/src/main/java/net/unicon/casclients/addons/springsecurity/ClearpassRetrievingCasAuthenticationProvider.java#L58
>>
>> Cheers,
>> Dmitriy.
>>
>> On Oct 17, 2014, at 2:05 PM, Adam Causey  wrote:
>>
>> Thanks for the reply.  I am not sure I'm going about this the correct
>> way.  Are there any example clients that show how to use clearPass?
>>
>> I think the server piece is now working, but in the test client that I
>> wrote I cannot get anything to return.   Using the following code I get a
>> 404.
>>
>>
>> String clearPassUrl =
>> ​ ​
>> "https://mycasserver.com/cas/clearPass";;
>> AttributePrincipal principal = (AttributePrincipal)
>> request.getUserPrincipal();
>> String proxyTicket = principal.getProxyTicketFor(clearPassUrl);
>> log.debug("proxyTicket: " + proxyTicket);
>> final String clearPassRequestUrl = clearPassUrl + "?" + "ticket="
>> ​ ​
>> + proxyTicket + "&" + "service="
>> ​ ​
>> + URLEncoder.encode(clearPassUrl, "UTF-8");
>> log.debug("clearPassRequestUrl: " + clearPassRequestUrl);
>> final WebClient webClient = new WebClient();
>> final HtmlPage page = webClient.getPage(clearPassRequestUrl);
>> log.debug(page.getTextContent());
>>
>>
>> If I create a URL with an arbitrary ticket I am getting an 'invalid
>> ticket' message in the logs on the server, so I assume the endpoint is
>> working.
>>
>> https://mycasserver.com/cas/clearPass
>> ​?​
>> ticket=foobar&service=https%3A%2F%2Fmycasserver.com%2Fcas%2FclearPass
>>
>> org.jasig.cas.client.validation.TicketValidationException: ticket
>>> 'foobar' not recognized
>>>
>>
>> On Thu, Oct 16, 2014 at 4:14 PM, Misagh Moayyed 
>> wrote:
>>
>>> Turn on logging for Spring, to DEBUG at least. That should help you
>>> determine where the request ends up.
>>>
>>>
>>>
>>> *From:* Adam Causey [mailto:apcau...@vcu.edu]
>>> *Sent:* Thursday, October 16, 2014 5:22 AM
>>> *To:* cas-user@lists.jasig.org
>>> *Subject:* [cas-user] Setting up Clearpass
>>>
>>>
>>>
>>> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>>> .  However, it my test client when I call the /clearPass endpoint I get a
>>> 404 Not Found response.
>>>
>>>
>>>
>>> I checked to make sure the /clearPass is being mapping with the defined
>>> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
>>> There are no errors in my logs.
>>>
>>>
>>>
>>> Any advice on getting this setup?
>>>
>>>
>>>
>>> Thanks!
>>>
>>>
>>>
>>> Adam Causey
>>>
>>> Virginia Commonwealth University
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> mmoay...@unicon.net
>>>
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as: 
>>> apcau...@vcu.edu
>>> To unsubscribe, change settings or access archives, see 
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> dkopyle...@unicon.net
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> scott.battag...@gmail.com
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Adam Causey]

I setup my clearpass client based on the unicon version, but I am getting
errors that the ticket is not recognized by the CAS server.  Looking at the
logs on the CAS server, it appears that the ticket is being removed from
the registry prior to the call for getting the clearpass information:



> 2014-10-20 13:59:20,802 DEBUG ()
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -  retrieve ticket [ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver >
> 2014-10-20 13:59:20,802 DEBUG ()
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -  [ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver] found in registry.>
> 2014-10-20 13:59:20,805 DEBUG ()
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -  [ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver] from registry>
> 2014-10-20 13:59:20,805 DEBUG ()
> [org.jasig.cas.ticket.registry.DefaultTicketRegistry] -  retrieve ticket [ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver]>


 2014-10-20 13:59:20 ERROR CommonUtils:340 -
> https://mycasserver/cas/clearPass?ticket=ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver
>
> java.io.FileNotFoundException:
> https://mycasserver/cas/clearPass?ticket=ST-4-2ANpiZeLYOdYJm3HQ3H1-mycasserver
>

Any ideas?

Thanks!

-Adam


On Mon, Oct 20, 2014 at 1:53 PM, Adam Causey  wrote:

> Thanks Dmitriy
> ​.  I am going to try this out.
>
> I did notice that the code does not work with the Java 3.3.1 client,
> however, since the method signature for
>
> CommonUtils.getResponseFromServer
> ​ changed from previous versions of the Java client.​  For now I will go
> against the 3.2.1 client.
>
> Thanks,
> Adam
>
> On Fri, Oct 17, 2014 at 2:12 PM, Dmitriy Kopylenko 
> wrote:
>
>> Here’s an example of how to interact with clearpass endpoint at the low
>> level:
>>
>>
>> https://github.com/Unicon/cas-java-clients-addons/blob/master/src/main/java/net/unicon/casclients/addons/springsecurity/ClearpassRetrievingCasAuthenticationProvider.java#L58
>>
>> Cheers,
>> Dmitriy.
>>
>> On Oct 17, 2014, at 2:05 PM, Adam Causey  wrote:
>>
>> Thanks for the reply.  I am not sure I'm going about this the correct
>> way.  Are there any example clients that show how to use clearPass?
>>
>> I think the server piece is now working, but in the test client that I
>> wrote I cannot get anything to return.   Using the following code I get a
>> 404.
>>
>>
>> String clearPassUrl =
>> ​ ​
>> "https://mycasserver.com/cas/clearPass";;
>> AttributePrincipal principal = (AttributePrincipal)
>> request.getUserPrincipal();
>> String proxyTicket = principal.getProxyTicketFor(clearPassUrl);
>> log.debug("proxyTicket: " + proxyTicket);
>> final String clearPassRequestUrl = clearPassUrl + "?" + "ticket="
>> ​ ​
>> + proxyTicket + "&" + "service="
>> ​ ​
>> + URLEncoder.encode(clearPassUrl, "UTF-8");
>> log.debug("clearPassRequestUrl: " + clearPassRequestUrl);
>> final WebClient webClient = new WebClient();
>> final HtmlPage page = webClient.getPage(clearPassRequestUrl);
>> log.debug(page.getTextContent());
>>
>>
>> If I create a URL with an arbitrary ticket I am getting an 'invalid
>> ticket' message in the logs on the server, so I assume the endpoint is
>> working.
>>
>> https://mycasserver.com/cas/clearPass
>> ​?​
>> ticket=foobar&service=https%3A%2F%2Fmycasserver.com%2Fcas%2FclearPass
>>
>> org.jasig.cas.client.validation.TicketValidationException: ticket
>>> 'foobar' not recognized
>>>
>>
>> On Thu, Oct 16, 2014 at 4:14 PM, Misagh Moayyed 
>> wrote:
>>
>>> Turn on logging for Spring, to DEBUG at least. That should help you
>>> determine where the request ends up.
>>>
>>>
>>>
>>> *From:* Adam Causey [mailto:apcau...@vcu.edu]
>>> *Sent:* Thursday, October 16, 2014 5:22 AM
>>> *To:* cas-user@lists.jasig.org
>>> *Subject:* [cas-user] Setting up Clearpass
>>>
>>>
>>>
>>> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>>> .  However, it my test client when I call the /clearPass endpoint I get a
>>> 404 Not Found response.
>>>
>>>
>>>
>>> I checked to make sure the /clearPass is being mapping with the defined
>>> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
>>> There are no errors in my logs.
>>>
>>>
>>>
>>> Any advice on getting this setup?
&

Re: [cas-user] Setting up Clearpass

[Adam Causey]

Thanks Dmitriy
​.  I am going to try this out.

I did notice that the code does not work with the Java 3.3.1 client,
however, since the method signature for

CommonUtils.getResponseFromServer
​ changed from previous versions of the Java client.​  For now I will go
against the 3.2.1 client.

Thanks,
Adam

On Fri, Oct 17, 2014 at 2:12 PM, Dmitriy Kopylenko 
wrote:

> Here’s an example of how to interact with clearpass endpoint at the low
> level:
>
>
> https://github.com/Unicon/cas-java-clients-addons/blob/master/src/main/java/net/unicon/casclients/addons/springsecurity/ClearpassRetrievingCasAuthenticationProvider.java#L58
>
> Cheers,
> Dmitriy.
>
> On Oct 17, 2014, at 2:05 PM, Adam Causey  wrote:
>
> Thanks for the reply.  I am not sure I'm going about this the correct
> way.  Are there any example clients that show how to use clearPass?
>
> I think the server piece is now working, but in the test client that I
> wrote I cannot get anything to return.   Using the following code I get a
> 404.
>
>
> String clearPassUrl =
> ​ ​
> "https://mycasserver.com/cas/clearPass";;
> AttributePrincipal principal = (AttributePrincipal)
> request.getUserPrincipal();
> String proxyTicket = principal.getProxyTicketFor(clearPassUrl);
> log.debug("proxyTicket: " + proxyTicket);
> final String clearPassRequestUrl = clearPassUrl + "?" + "ticket="
> ​ ​
> + proxyTicket + "&" + "service="
> ​ ​
> + URLEncoder.encode(clearPassUrl, "UTF-8");
> log.debug("clearPassRequestUrl: " + clearPassRequestUrl);
> final WebClient webClient = new WebClient();
> final HtmlPage page = webClient.getPage(clearPassRequestUrl);
> log.debug(page.getTextContent());
>
>
> If I create a URL with an arbitrary ticket I am getting an 'invalid
> ticket' message in the logs on the server, so I assume the endpoint is
> working.
>
> https://mycasserver.com/cas/clearPass
> ​?​
> ticket=foobar&service=https%3A%2F%2Fmycasserver.com%2Fcas%2FclearPass
>
> org.jasig.cas.client.validation.TicketValidationException: ticket
>> 'foobar' not recognized
>>
>
> On Thu, Oct 16, 2014 at 4:14 PM, Misagh Moayyed 
> wrote:
>
>> Turn on logging for Spring, to DEBUG at least. That should help you
>> determine where the request ends up.
>>
>>
>>
>> *From:* Adam Causey [mailto:apcau...@vcu.edu]
>> *Sent:* Thursday, October 16, 2014 5:22 AM
>> *To:* cas-user@lists.jasig.org
>> *Subject:* [cas-user] Setting up Clearpass
>>
>>
>>
>> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
>> instructions found here: https://wiki.jasig.org/display/casum/clearpass
>> .  However, it my test client when I call the /clearPass endpoint I get a
>> 404 Not Found response.
>>
>>
>>
>> I checked to make sure the /clearPass is being mapping with the defined
>> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
>> There are no errors in my logs.
>>
>>
>>
>> Any advice on getting this setup?
>>
>>
>>
>> Thanks!
>>
>>
>>
>> Adam Causey
>>
>> Virginia Commonwealth University
>>
>>
>>
>>
>>
>> --
>>
>> You are currently subscribed to cas-user@lists.jasig.org as: 
>> mmoay...@unicon.net
>>
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
>> To unsubscribe, change settings or access archives, see 
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Dmitriy Kopylenko]

Here’s an example of how to interact with clearpass endpoint at the low level:

https://github.com/Unicon/cas-java-clients-addons/blob/master/src/main/java/net/unicon/casclients/addons/springsecurity/ClearpassRetrievingCasAuthenticationProvider.java#L58

Cheers,
Dmitriy.

On Oct 17, 2014, at 2:05 PM, Adam Causey  wrote:

> Thanks for the reply.  I am not sure I'm going about this the correct way.  
> Are there any example clients that show how to use clearPass?  
> 
> I think the server piece is now working, but in the test client that I wrote 
> I cannot get anything to return.   Using the following code I get a 404.
> 
> 
> String clearPassUrl =​ ​"https://mycasserver.com/cas/clearPass";;
> AttributePrincipal principal = (AttributePrincipal) 
> request.getUserPrincipal();
> String proxyTicket = principal.getProxyTicketFor(clearPassUrl);
> log.debug("proxyTicket: " + proxyTicket);
> final String clearPassRequestUrl = clearPassUrl + "?" + "ticket="​ ​+ 
> proxyTicket + "&" + "service="​ ​+ URLEncoder.encode(clearPassUrl, "UTF-8");
> log.debug("clearPassRequestUrl: " + clearPassRequestUrl);
> final WebClient webClient = new WebClient();
> final HtmlPage page = webClient.getPage(clearPassRequestUrl);
> log.debug(page.getTextContent());
> 
> 
> If I create a URL with an arbitrary ticket I am getting an 'invalid ticket' 
> message in the logs on the server, so I assume the endpoint is working.
> 
> https://mycasserver.com/cas/clearPass​?​ticket=foobar&service=https%3A%2F%2Fmycasserver.com%2Fcas%2FclearPass
> 
> org.jasig.cas.client.validation.TicketValidationException: ticket 'foobar' 
> not recognized
> 
> 
> On Thu, Oct 16, 2014 at 4:14 PM, Misagh Moayyed  wrote:
> Turn on logging for Spring, to DEBUG at least. That should help you determine 
> where the request ends up.
> 
>  
> 
> From: Adam Causey [mailto:apcau...@vcu.edu] 
> Sent: Thursday, October 16, 2014 5:22 AM
> To: cas-user@lists.jasig.org
> Subject: [cas-user] Setting up Clearpass
> 
>  
> 
> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the 
> instructions found here: https://wiki.jasig.org/display/casum/clearpass .  
> However, it my test client when I call the /clearPass endpoint I get a 404 
> Not Found response.  
> 
>  
> 
> I checked to make sure the /clearPass is being mapping with the defined 
> HandlerMapping in clearpass-configuration.xml, and everything looks fine.  
> There are no errors in my logs.
> 
>  
> 
> Any advice on getting this setup?
> 
>  
> 
> Thanks!
> 
>  
> 
> Adam Causey
> 
> Virginia Commonwealth University
> 
>  
> 
>  
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>  -- 
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> 
> -- 
> You are currently subscribed to cas-user@lists.jasig.org as: 
> dkopyle...@unicon.net
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Re: [cas-user] Setting up Clearpass

[Adam Causey]

Thanks for the reply.  I am not sure I'm going about this the correct way.
Are there any example clients that show how to use clearPass?

I think the server piece is now working, but in the test client that I
wrote I cannot get anything to return.   Using the following code I get a
404.


String clearPassUrl =
​ ​
"https://mycasserver.com/cas/clearPass";;
AttributePrincipal principal = (AttributePrincipal)
request.getUserPrincipal();
String proxyTicket = principal.getProxyTicketFor(clearPassUrl);
log.debug("proxyTicket: " + proxyTicket);
final String clearPassRequestUrl = clearPassUrl + "?" + "ticket="
​ ​
+ proxyTicket + "&" + "service="
​ ​
+ URLEncoder.encode(clearPassUrl, "UTF-8");
log.debug("clearPassRequestUrl: " + clearPassRequestUrl);
final WebClient webClient = new WebClient();
final HtmlPage page = webClient.getPage(clearPassRequestUrl);
log.debug(page.getTextContent());


If I create a URL with an arbitrary ticket I am getting an 'invalid ticket'
message in the logs on the server, so I assume the endpoint is working.

https://mycasserver.com/cas/clearPass
​?​
ticket=foobar&service=https%3A%2F%2Fmycasserver.com%2Fcas%2FclearPass

org.jasig.cas.client.validation.TicketValidationException: ticket 'foobar'
> not recognized
>

On Thu, Oct 16, 2014 at 4:14 PM, Misagh Moayyed  wrote:

> Turn on logging for Spring, to DEBUG at least. That should help you
> determine where the request ends up.
>
>
>
> *From:* Adam Causey [mailto:apcau...@vcu.edu]
> *Sent:* Thursday, October 16, 2014 5:22 AM
> *To:* cas-user@lists.jasig.org
> *Subject:* [cas-user] Setting up Clearpass
>
>
>
> I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
> instructions found here: https://wiki.jasig.org/display/casum/clearpass
> .  However, it my test client when I call the /clearPass endpoint I get a
> 404 Not Found response.
>
>
>
> I checked to make sure the /clearPass is being mapping with the defined
> HandlerMapping in clearpass-configuration.xml, and everything looks fine.
> There are no errors in my logs.
>
>
>
> Any advice on getting this setup?
>
>
>
> Thanks!
>
>
>
> Adam Causey
>
> Virginia Commonwealth University
>
>
>
>
>
> --
>
> You are currently subscribed to cas-user@lists.jasig.org as: 
> mmoay...@unicon.net
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: apcau...@vcu.edu
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

RE: [cas-user] Setting up Clearpass

[Misagh Moayyed]

Turn on logging for Spring, to DEBUG at least. That should help you 
determine where the request ends up.



From: Adam Causey [mailto:apcau...@vcu.edu]
Sent: Thursday, October 16, 2014 5:22 AM
To: cas-user@lists.jasig.org
Subject: [cas-user] Setting up Clearpass



I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the 
instructions found here: https://wiki.jasig.org/display/casum/clearpass . 
However, it my test client when I call the /clearPass endpoint I get a 404 
Not Found response.



I checked to make sure the /clearPass is being mapping with the defined 
HandlerMapping in clearpass-configuration.xml, and everything looks fine. 
There are no errors in my logs.



Any advice on getting this setup?



Thanks!



Adam Causey

Virginia Commonwealth University




-- 
You are currently subscribed to cas-user@lists.jasig.org 
<mailto:cas-user@lists.jasig.org>  as: mmoay...@unicon.net 
<mailto:mmoay...@unicon.net>
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] Setting up Clearpass

[Adam Causey]

I'm attempting to setup clearpass in CAS 3.5.2.  I've followed the
instructions found here: https://wiki.jasig.org/display/casum/clearpass .
However, it my test client when I call the /clearPass endpoint I get a 404
Not Found response.

I checked to make sure the /clearPass is being mapping with the defined
HandlerMapping in clearpass-configuration.xml, and everything looks fine.
There are no errors in my logs.

Any advice on getting this setup?

Thanks!

Adam Causey
Virginia Commonwealth University

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user