serviceValidate don't send proxyGrantingTicket in his response

[Sébastien Ragons]

Hello,

The documentation of CAS tells that the response of serviceValidate is like this example:

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas"> 

 <cas:authenticationSuccess> 

 <cas:user>username</cas:user>

 <cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket> 

 </cas:authenticationSuccess> 

</cas:serviceResponse>

On my side i never receive the tag proxyGrantingTicket but only that response:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>

    <cas:authenticationSuccess>

        <cas:user>sebastien</cas:user>

        </cas:authenticationSuccess>

</cas:serviceResponse>

I use a spring security client with this ticket validator:  

@Bean

public TicketValidator ticketValidator() {

Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator("https://localhost:8443/cas/");

ticketValidator.setProxyGrantingTicketStorage(pgtStorage);

return ticketValidator;

}

I have the same probleme when I use Cas30ServiceTicketValidator.

My problem is that i can't get the attributs in the response 

because Cas30ServiceTicketValidator don't treat it if there is no ticket in the response as you can see in

the code of org.jasig.cas.client.validation.Cas20ServiceTicketValidator (github link)

    protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {

         ................     ...

        if (CommonUtils.isNotBlank(proxyGrantingTicket)) {

            final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes,

                    proxyGrantingTicket, this.proxyRetriever);

            assertion = new AssertionImpl(attributePrincipal);

        } else {

            assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));

        }

       ............

    }

 

Thank you for your help 

Sébastien

[Ray Bon]

Sébastien,

Check if the proxy process is being requested. CAS audit log output will show creation of PGT and PT.

        <!-- Log audit to all root appenders, and also to audit log (additivity is not false) -->        <AsyncLogger name="org.apereo.inspektr.audit.support" level="info" includeLocation="true" >

Ray

Here is some output from my log:

2018-01-25 09:53:06,538 INFO  [       org.aper.insp.audi.supp.Slf4jLoggingAuditTrailManager] - <Thu Jan 25 09:53:06 PST 2018|CAS|PGT-**********u91GUMqVv8-lgVkjY477wEBhlNKGzBif299BUQiybWyFX80pMJV6IKzRSsnhxVY-tomt|PROXY_GRANTING_TICKET_CREATED|https://democasclientlocal.uvic.ca/proxy/pgtCallback|127.0.0.1|127.0.0.1>; [ajp-nio-8009-exec-5]2018-01-25 09:53:06,557 INFO  [       org.aper.insp.audi.supp.Slf4jLoggingAuditTrailManager] - <Thu Jan 25 09:53:06 PST 2018|CAS|ST-2-VMFc7YhfDkgmp9udWGLGGgDAPLo-tomt|SERVICE_TICKET_VALIDATED|student.test101|127.0.0.1|127.0.0.1> [ajp-nio-8009-exec-5]2018-01-25 09:53:06,626 INFO  [       org.aper.insp.audi.supp.Slf4jLoggingAuditTrailManager] - <Thu Jan 25 09:53:06 PST 2018|CAS|PT-3-Nh2bJGzaCezqOPP0kAGXHuf9R0U-tomt for https://democasclientlocal.uvic.ca/proxiable/proxyService?param=GetProxyData&clientSessionId=146EA18FF92136F36FA02732D80CF...|PROXY_TICKET_CREATED|student.test101|127.0.0.1|127.0.0.1>; [ajp-nio-8009-exec-7]2018-01-25 09:53:06,662 INFO  [       org.aper.insp.audi.supp.Slf4jLoggingAuditTrailManager] - <Thu Jan 25 09:53:06 PST 2018|CAS|PT-3-Nh2bJGzaCezqOPP0kAGXHuf9R0U-tomt|SERVICE_TICKET_VALIDATED|student.test101|127.0.0.1|127.0.0.1> [ajp-nio-8009-exec-6]

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[Sébastien Ragons]

Hello
Thank you for your help, i'll try your solution

[Sébastien Ragons]

Thank you Ray,

I have check the audit logs and i confirme that the ticket have been created.

Any idea about the missing of proxyGrantingTicket  tag ?

Thanks

   85 2018-01-26 08:29:59,204 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

 86 =============================================================

 87 WHO: sebastien

 88 WHAT: Supplied credentials: [sebastien]

 89 ACTION: AUTHENTICATION_SUCCESS

 90 APPLICATION: CAS

 91 WHEN: Fri Jan 26 08:29:59 GMT 2018

 92 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1

 93 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1

 94 =============================================================

 95

 96

 97 2018-01-26 08:29:59,246 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

 98 =============================================================

 99 WHO: sebastien

100 WHAT: TGT-***************************************************************2j6Ob0CWHA-LFR021584

101 ACTION: TICKET_GRANTING_TICKET_CREATED

102 APPLICATION: CAS

103 WHEN: Fri Jan 26 08:29:59 GMT 2018

104 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1

105 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1

106 =============================================================

107

108

109 2018-01-26 08:29:59,295 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

110 =============================================================

111 WHO: sebastien

112 WHAT: ST-2-JEammT4s49-Yr3tc3X540Fqs3P8-LFR021584 for http://localhost:9000/login/cas

113 ACTION: SERVICE_TICKET_CREATED

114 APPLICATION: CAS

115 WHEN: Fri Jan 26 08:29:59 GMT 2018

116 CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1

117 SERVER IP ADDRESS: 0:0:0:0:0:0:0:1

118 =============================================================

119

120

121 2018-01-26 08:30:02,401 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

122 =============================================================

123 WHO: sebastien

124 WHAT: ST-2-JEammT4s49-Yr3tc3X540Fqs3P8-LFR021584

125 ACTION: SERVICE_TICKET_VALIDATED

126 APPLICATION: CAS

127 WHEN: Fri Jan 26 08:30:02 GMT 2018

128 CLIENT IP ADDRESS: 127.0.0.1

129 SERVER IP ADDRESS: 127.0.0.1

130 =============================================================

[Pascal Rigaux]

Hi,

You won't get PGTIOU unless you pass pgtUrl.

Cf https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough

On 25/01/2018 16:22, Sébastien Ragons wrote:
> Hello,
>
> Thedocumentation of CAS tells that the response of <https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#252-response>serviceValidate <https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#252-response> is like this example:

>
> <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
>  <cas:authenticationSuccess>
>  <cas:user>username</cas:user>
>  <cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket>
>  </cas:authenticationSuccess>
> </cas:serviceResponse>
>
>
>

> On my side i never receive the tag *proxyGrantingTicket* but only that response:

>
> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
>     <cas:authenticationSuccess>
>         <cas:user>sebastien</cas:user>
>         </cas:authenticationSuccess>
> </cas:serviceResponse>
>
>
>
>
> I use a spring security client with this ticket validator:
>
> @Bean
> public TicketValidator ticketValidator() {
> Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator("https://localhost:8443/cas/");
> ticketValidator.setProxyGrantingTicketStorage(pgtStorage);
> return ticketValidator;
> }
>
> I have the same probleme when I use Cas30ServiceTicketValidator.
>
>
>

> *My problem is that i can't get the attributs in the response *

> because Cas30ServiceTicketValidator don't treat it if there is no ticket in the response as you can see in

> the code of org.jasig.cas.client.validation.Cas20ServiceTicketValidator (github link <https://github.com/apereo/java-cas-client/blob/970a0f5db9a2cc96704ad3a5043994dc8bcfe212/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidator.java>)

>
>     protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {
>          ................     ...
>

> *  if (CommonUtils.isNotBlank(proxyGrantingTicket)) {*
> *        final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes,*
> *                    proxyGrantingTicket, this.proxyRetriever);*
> *            assertion = new AssertionImpl(attributePrincipal);*
> *        } else {*
> *            assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));*
> *        }*

>
>        ............
>     }
>
>
>
> Thank you for your help
> Sébastien
>
>
>
>
>
>

> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org <mailto:cas-user+u...@apereo.org>.
> To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bdc018b-c9c2-4e66-97b0-0b81efde78e6%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6bdc018b-c9c2-4e66-97b0-0b81efde78e6%40apereo.org?utm_medium=email&utm_source=footer>.


--
Pascal Rigaux

Expert en développement et déploiement d'applications
DSIUN-SAS (service applications et services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 407 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59

[Sébastien Ragons]

Hello Pascal,

It seems to be the same in version 5.2 (documentation apereo)

But my application is only a client and don't use a proxy. So I didn't implement a proxy callback.

Does it mean that I can't receive the proxyGrantingTicket tag ?

And so I can't retrieve my attributes ?

thank you for your help

Sebastien

[Pascal Rigaux]

You don't need <cas:proxyGrantingTicket> to have <cas:attributes>

The code you showed has no issue:

> assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));

is what you want.

I'd say your pb is that CAS is not sending attributes to your service.
See https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#default-bundle
and https://apereo.github.io/cas/5.2.x/integration/Attribute-Release-Policies.html

On 25/01/2018 16:22, Sébastien Ragons wrote:

> *My problem is that i can't get the attributs in the response *

> because Cas30ServiceTicketValidator don't treat it if there is no ticket in the response as you can see in

> the code of org.jasig.cas.client.validation.Cas20ServiceTicketValidator (github link <https://github.com/apereo/java-cas-client/blob/970a0f5db9a2cc96704ad3a5043994dc8bcfe212/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidator.java>)

>
>     protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {
>          ................     ...
>

> *  if (CommonUtils.isNotBlank(proxyGrantingTicket)) {*
> *        final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes,*
> *                    proxyGrantingTicket, this.proxyRetriever);*
> *            assertion = new AssertionImpl(attributePrincipal);*
> *        } else {*

> *            assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));*
> *        }*
>
>        ............