Hi, I think I know what's wrong. I didn't recall it to you in my previous post, but the proxy receptor is meant to receive the PGTIOU and PGTID as credentials, it's a Client like the CasClient so you need to define it as a client: *clients.clientsList = $casClient,$proxyReceptor* in addition to setting it in the CasClient: *casClient.casProxyReceptor = $proxyReceptor*. This way, you don't need to use the anon filter for the /proxyReceptor.jsp url, but the *clientFilters*. Let me know if it works after that. Thanks. Best regards, Jérôme
2014-03-03 12:26 GMT+01:00 Dinabandhu [via Shiro User] < [email protected]>: > Hi Jerome, > > Thank you very much for your reply. I have been able to make some progress > with the directions you provied but the proxying is still not working. From > the logs, it looks like that even though server is sending the PGTIOU & PGT > combo to the proxy application, the client in proxy application is not > > Firstly, I had to make some changes - > > 1. The proxyReceptor is changed with a actually existing url. I had to do > this because server sends a request to this url and expects a HTTP 200 > response. The casFilter doesn't seem to set the response code. > 2. I had to put proxyReceptor url under anon filter. Putting it under > casFilter generating exceptions (exception.log). > > So with the chnages, my proxy application shiro.ini looks like - > > proxyReceptor=org.pac4j.cas.client.CasProxyReceptor > proxyReceptor.callbackUrl= > https://user-think:8443/shiro-cas-proxy-1/proxyReceptor.jsp?client_name=CasClient > > > casClient = org.pac4j.cas.client.CasClient > casClient.casLoginUrl = https://user-think:8443/cerberus-sso-test/login > casClient.casProxyReceptor = $proxyReceptor > > clients = org.pac4j.core.client.Clients > clients.callbackUrl = https://user-think:8443/shiro-cas-proxy-1/shiro-cas > clients.clientsList = $casClient > > clientsRealm = io.buji.pac4j.ClientRealm > clientsRealm.defaultRoles = ROLE_USER > clientsRealm.clients = $clients > > clientsFilter = io.buji.pac4j.ClientFilter > clientsFilter.clients = $clients > clientsFilter.failureUrl = /error.jsp > > casUsers = io.buji.pac4j.filter.ClientUserFilter > casUsers.client = $casClient > > securityManager.realms = $clientsRealm > > #authc.loginUrl = > https://user-think:8443/cerberus-sso-test/login?service=https://user-think:8443/shiro-cas-proxy-1/shiro-cas > > > [urls] > /proxyReceptor.jsp = anon > /shiro-cas = clientsFilter > /error.jsp = anon > /** = casUsers > > > With this I can see PGTIOU and PGT getting generated in the server logs > (server.log) and in https request logs(http.log). I am also able to > retrieve the CasProxyProfile successfuly from the Subject. However, when I > try to get a ticket for the proxied service, I get an error in the server > log "No ProxyGrantingTicket was supplied, so no Proxy Ticket can be > retrieved." and the ticket returned is null. > > I must be doing something wrong in configuration but not find what is > wrong. > > Anything that catches your eyes would be great. I am attaching the logs in > case you want to have a look. > > Thanks again for your help. > > Regards, > Dinabandhu > > server.log<http://shiro-user.582556.n2.nabble.com/file/n7579711/server.log> > http.log <http://shiro-user.582556.n2.nabble.com/file/n7579711/http.log> > exception.log<http://shiro-user.582556.n2.nabble.com/file/n7579711/exception.log> > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579711.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579712.html Sent from the Shiro User mailing list archive at Nabble.com.
