Hi, The RequiresHttpAction in your DEBUG logs should not be a problem. It states that some special action is required.
Setting the Enum property is an issue indeed. I submitted a SVN patch for that some times ago but it has not been integrated so far: https://issues.apache.org/jira/browse/SHIRO-425. I'm wondering if there is some interference between the *clientsFilter* and the *casUsers *in case of a proxied authentication. Would you mind removing the *casUsers *filter and just keep the *clientsFilter *on the /** url (on your proxied application)? Thanks. Best regards, Jérôme 2014-03-04 12:28 GMT+01:00 Dinabandhu [via Shiro User] < [email protected]>: > Hi, > > Made some more progress since last post. I created a servlet context > listener in the proxied application with the following code - > > public void contextDestroyed(ServletContextEvent arg0) > { > // TODO Auto-generated method stub > ThreadContext.unbindSecurityManager(); > ThreadContext.remove(); > } > > /* > * (non-Javadoc) > * > * @see > * > javax.servlet.ServletContextListener#contextInitialized(javax.servlet > * .ServletContextEvent) > */ > public void contextInitialized(ServletContextEvent arg0) > { > CookieHandler.setDefault( new CookieManager( null, > CookiePolicy.ACCEPT_ALL ) ); > WebEnvironment wm = > WebUtils.getRequiredWebEnvironment(arg0.getServletContext()); > WebSecurityManager wsm = wm.getWebSecurityManager(); > ThreadContext.bind(wsm); > > SecurityManager mgr = SecurityUtils.getSecurityManager(); > > Collection<Realm> realms = ((RealmSecurityManager) > mgr).getRealms(); > > for (Realm realm : realms) > { > if (realm.getClass().isAssignableFrom(ClientRealm.class)) > { > Clients clients = ((ClientRealm) realm).getClients(); > CasClient client = (CasClient) > clients.findClient("CasClient"); > client.setCasProtocol(CasProtocol.CAS20_PROXY); > } > } > > } > > This seems to solve the earlier problem and the PT is getting validated > and I am getting following response from the server for proxy validation - > > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:authenticationSuccess> > <cas:user>dinu</cas:user> > > > <cas:proxies> > > <cas:proxy> > https://user-think:8443/shiro-cas-proxy-1/proxyReceptor.jsp?client_name=CasProxyReceptor > </cas:proxy> > > </cas:proxies> > > </cas:authenticationSuccess> > </cas:serviceResponse> > > However after the proxy validation, the request is getting redirected to a > different url than the requested url. Https access logs below. Pls see the > bold entry- > > 192.168.2.202 [04/Mar/2014:16:41:35 +0530] HTTP/1.1 8443 GET > /cerberus-sso-test/proxy?pgt= > TGT-4-ejs15UXZaPleZra4LUd4GflBHTZe7p0XehVaaqLWYpOKArsf9B-cas01.example.org&targetService=https%3A%2F%2Fuser-think%3A8443%2Fshiro-cas-proxied%2Fshiro-cas%3Fclient_name%3DCasClient > HTTP/1.1 200 > 192.168.2.202 [04/Mar/2014:16:41:35 +0530] HTTP/1.1 8443 GET > /cerberus-sso-test/proxyValidate?ticket= > ST-9-ZWaANamGV6QSVKb3pwaY-cas01.example.org&service=https%3A%2F%2Fuser-think%3A8443%2Fshiro-cas-proxied%2Fshiro-cas%3Fclient_name%3DCasClient > HTTP/1.1 200 > 192.168.2.202 [04/Mar/2014:16:41:35 +0530] HTTP/1.1 8443 GET > /shiro-cas-proxied/proxy-page.jsp?client_name=CasClient&ticket= > ST-9-ZWaANamGV6QSVKb3pwaY-cas01.example.org HTTP/1.1 302 > *192.168.2.202 [04/Mar/2014:16:41:35 +0530] HTTP/1.1 8443 GET > /shiro-cas-proxied/ HTTP/1.1* 500 > 192.168.2.202 [04/Mar/2014:16:41:35 +0530] HTTP/1.1 8443 GET > /shiro-cas-proxy-1/ProxyServlet HTTP/1.1 500 > > I am also getting a exception in the server log - > org.pac4j.core.exception.TechnicalException: name cannot be blank. > > I am not sure what is wrong. > > Thanks & Regards, > Dinabandhu > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579715.html > To start a new topic under Shiro User, email > [email protected] > To unsubscribe from Shiro User, click > here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=582556&code=bGVsZXVqQGdtYWlsLmNvbXw1ODI1NTZ8LTExNzY2MzcxMTY=> > . > NAML<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://shiro-user.582556.n2.nabble.com/Shiro-cas-proxying-tp7579694p7579718.html Sent from the Shiro User mailing list archive at Nabble.com.
