CAS authentication every time
|
|
Vintaliy
|
Hi all,
I am using Cas server 3.3.2 and on client side using spring security. First step: - access to application1 - cas login - send cridentials and redirect to main application1 page. Second - access to app2 - cas login page [again] ... I open in the same browser another tab, and just clicked on the links to the another webapps. don't understand what i did wrong, cas configuration problem or spring configuration problem. Here is my springSecurityContext.xml: <http entry-point-ref="casProcessingFilterEntryPoint"> <intercept-url pattern="/logout.htm" filters="none"/> <intercept-url pattern="/**/*.htm*" access="ROLE_MEMBER" /> <logout logout-success-url="/logout.htm"/> </http> <beans:bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> <beans:property name="loginUrl" value="http://localhost:9090/cas/login"/> <beans:property name="serviceProperties" ref="serviceProperties"/> </beans:bean> <beans:bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties"> <beans:property name="service" value="http://localhost:8080/pillbox/j_spring_cas_security_check"/> <beans:property name="sendRenew" value="false"/> </beans:bean> <authentication-manager alias="authenticationManager"/> <beans:bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter"> <custom-filter after="CAS_PROCESSING_FILTER"/> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="authenticationFailureUrl" value="/casfailed.jsp"/> <beans:property name="defaultTargetUrl" value="/"/> </beans:bean> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <custom-authentication-provider /> <beans:property name="userDetailsService" ref="userService"/> <beans:property name="serviceProperties" ref="serviceProperties" /> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="http://localhost:9090/cas" /> </beans:bean> </beans:property> <beans:property name="key" value="an_id_for_this_auth_provider_only"/> </beans:bean> <authentication-provider user-service-ref='userService'/> <beans:alias name="groupDao" alias="userService"/> |
|
Vintaliy
|
log
//First step 2009-07-07 18:27:15,949 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/home/j_spring_cas_security_check> 2009-07-07 18:27:15,949 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://localhost:8080/home/j_spring_cas_security_check> 2009-07-07 18:27:15,949 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'> 2009-07-07 18:27:16,023 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:27:16,029 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm> 2009-07-07 18:27:16,030 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'> 2009-07-07 18:27:16,030 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]> 2009-07-07 18:27:16,030 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'> 2009-07-07 18:27:16,030 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'> 2009-07-07 18:27:16,049 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register> 2009-07-07 18:27:16,053 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash> 2009-07-07 18:27:16,054 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2009-07-07 18:27:16,054 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:27:16,054 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2009-07-07 18:27:16,251 INFO [org.springframework.web.context.support.GenericWebApplicationContext] - <Refreshing org.springframework.web.context.support.GenericWebApplicationContext@d0befd: display name [org.springframework.web.context.support.GenericWebApplicationContext@d0befd]; startup date [Tue Jul 07 18:27:16 EST 2009]; parent: org.springframework.web.context.support.XmlWebApplicationContext@b2bde5> 2009-07-07 18:27:16,252 INFO [org.springframework.web.context.support.GenericWebApplicationContext] - <Bean factory for application context [org.springframework.web.context.support.GenericWebApplicationContext@d0befd]: org.springframework.beans.factory.support.DefaultListableBeanFactory@1f8aa92> 2009-07-07 18:27:16,273 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@1f8aa92: defining beans [viewServiceErrorView,manageServiceView,serviceErrorView,serviceLogoutView,casLoginView,casLoginConfirmView,casLoginGenericSuccessView,casLogoutView,editServiceView,viewServiceSsoErrorView,addServiceView,casProxyFailureView,cas1ServiceSuccessView,casServiceFailureView,casOpenIdServiceFailureView,casProxySuccessView,casSamlServiceFailureView,cas1ServiceFailureView,casOpenIdServiceSuccessView,postResponseView,openIdProviderView,casServiceSuccessView,casSamlServiceSuccessView]; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@163c85b> 2009-07-07 18:27:24,760 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry at [Tue Jul 07 18:27:24 EST 2009]> 2009-07-07 18:27:24,761 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 found to be removed. Removing now.> 2009-07-07 18:27:24,761 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry at [Tue Jul 07 18:27:24 EST 2009]> //CAS required cridentials and login page is shown 2009-07-07 18:27:24,760 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Starting cleaning of expired tickets from ticket registry at [Tue Jul 07 18:27:24 EST 2009]> 2009-07-07 18:27:24,761 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <0 found to be removed. Removing now.> 2009-07-07 18:27:24,761 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - <Finished cleaning of expired tickets from ticket registry at [Tue Jul 07 18:27:24 EST 2009]> 2009-07-07 18:28:27,347 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:28:27,348 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing bind> 2009-07-07 18:28:27,348 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow> 2009-07-07 18:28:27,348 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register> 2009-07-07 18:28:27,357 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding allowed request parameters in map['lt' -> '_c4A4F24A0-9474-BF78-504B-9FBB0587D0FF_kCF201C3B-40B9-B2BB-0A9D-21A35CA7B56B', 'service' -> 'http://localhost:8080/home/j_spring_cas_security_check', '_eventId' -> 'submit', 'password' -> 'jill', 'submit' -> 'LOGIN', 'username' -> 'jill'] to form object with name 'credentials', pre-bind formObject toString = [username: null]> 2009-07-07 18:28:27,357 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <(Any field is allowed)> 2009-07-07 18:28:27,368 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Binding completed for form object with name 'credentials', post-bind formObject toString = [username: jill]> 2009-07-07 18:28:27,368 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] errors, details: []> 2009-07-07 18:28:27,368 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing validation> 2009-07-07 18:28:27,368 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Invoking validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator@16ed69e> 2009-07-07 18:28:27,371 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Validation completed for form object> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <There are [0] errors, details: []> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow> 2009-07-07 18:28:27,372 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - <Attempting to create TicketGrantingTicket for [username: jill]> ########### userDetails: org.springframework.security.userdetails.User@e2958800: Username: jill; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities: ROLE_ADMIN, ROLE_MEMBER 2009-07-07 18:28:27,376 DEBUG [me.healthy.security.cas.UsernamePasswordAuthenticationHandler] - <password: jill> 2009-07-07 18:28:27,376 DEBUG [me.healthy.security.cas.UsernamePasswordAuthenticationHandler] - <User [jill] was successfully authenticated.> 2009-07-07 18:28:27,376 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: me.healthy.security.cas.UsernamePasswordAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: jill]> 2009-07-07 18:28:27,376 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Attempting to resolve a principal...> 2009-07-07 18:28:27,376 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] - <Creating SimplePrincipal for [jill]> 2009-07-07 18:28:27,392 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [TGT-1-tdhnqrGe16prsyf9tOYTJCd9YMi9NeP9GwbJsIwee1NReaCZEV-cas] to registry.> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Removed cookie with name [CASPRIVACY]> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' beginning execution> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - <Added cookie with name [CASTGC] and value [TGT-1-tdhnqrGe16prsyf9tOYTJCd9YMi9NeP9GwbJsIwee1NReaCZEV-cas]> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - <Action 'SendTicketGrantingTicketAction' completed execution; result is 'success'> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' beginning execution> 2009-07-07 18:28:27,397 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [TGT-1-tdhnqrGe16prsyf9tOYTJCd9YMi9NeP9GwbJsIwee1NReaCZEV-cas]> 2009-07-07 18:28:27,398 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [TGT-1-tdhnqrGe16prsyf9tOYTJCd9YMi9NeP9GwbJsIwee1NReaCZEV-cas] found in registry.> 2009-07-07 18:28:27,401 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Added ticket [ST-1-GogcwaAuISe4cnEd7ggP-cas] to registry.> 2009-07-07 18:28:27,401 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-GogcwaAuISe4cnEd7ggP-cas] for service [http://localhost:8080/home/j_spring_cas_security_check] for user [jill]> 2009-07-07 18:28:27,401 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' completed execution; result is 'success'> 07/07/2009 6:28:27 PM org.apache.tomcat.util.http.Parameters processParameters WARNING: Parameters: Invalid chunk ignored. 2009-07-07 18:28:27,427 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/home/j_spring_cas_security_check> 2009-07-07 18:28:27,428 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve ticket [ST-1-GogcwaAuISe4cnEd7ggP-cas]> 2009-07-07 18:28:27,428 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Ticket [ST-1-GogcwaAuISe4cnEd7ggP-cas] found in registry.> 2009-07-07 18:28:27,432 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Removing ticket [ST-1-GogcwaAuISe4cnEd7ggP-cas] from registry> //successful redirected into the main page app1 //second step 2009-07-07 18:32:23,229 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' beginning execution> 2009-07-07 18:32:23,229 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor generated service for: http://localhost:8080/pillbox/j_spring_cas_security_check> 2009-07-07 18:32:23,229 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Placing service in FlowScope: http://localhost:8080/pillbox/j_spring_cas_security_check> 2009-07-07 18:32:23,229 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Action 'InitialFlowSetupAction' completed execution; result is 'success'> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Executing setupForm> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form object with name 'credentials'> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Creating new form errors for object with name 'credentials'> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <No property editor registrar set, no custom editors to register> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Putting form errors instance in scope Flash> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' beginning execution> 2009-07-07 18:32:23,230 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - <Action 'AuthenticationViaFormAction' completed execution; result is 'success'> //CAS show login page again. |
||||||||||||||||
doahh
|
In reply to this post
by Vintaliy
Is the springSecurityContext.xml in both apps identical to the one you posted? I think you need serviceProperties.service to be different in each:
http://localhost:8080/app1/j_spring_cas_security_check http://localhost:8080/app2/j_spring_cas_security_check
|
||||||||||||||||
|
Vintaliy
|
That is right, I do have different services. I didn't post another springSecurityContext file. |
||||||||||||||||
|
Vintaliy
|
In reply to this post
by Vintaliy
Also I did this scenario:
- Logged in to app1, through CAS - Tried to Log in to app2 and went on Login Form (CAS), check cookie, there was CASTGC with correspond value, I guess it means that he remember my previous CAS Session. - Then I removed SESSIONID cookie, from the browser screen where is app1, and refresh this screen, I was redirected to the CAS Login Form screen. It means even if I logged in before from the App1, CAS didn't recognize me (also CASTGC cookie was there). As i understand CAS have to recognize me by CASTGC Cookie value... |
||||||||||||||||
Albert EINstEIN
|
In reply to this post
by Vintaliy
Hello,
Please uncomment below tag that is in %JBOSS_HOME%\server\default\conf\server.xml (if U r making use of JBoss ) <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> For further information plz have a glance at the CAS user manual below http://www.ja-sig.org/wiki/display/CASUM/Demo. Cheers |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
