Getting A Proxy Granting Ticket from A Proxy Granting Ticket IOU

William

unread,

Jun 28, 2016, 5:48:41 PM6/28/16

to CAS Community

I am writing a test case according to https://wiki.jasig.org/display/CAS/CAS+Functional+Tests

The particular test case I am writing is: "CAS 2.0 validation, acquire proxy-granting ticket, proxy authentication"

The step I am stuck is: "6. Using your callback, correlate PGTIOU with PGT"

I am able to obtain a PGTIOU, but I am not able to get a PGT which I need for step 7 and onward.

CAS uses a callback that is set in the CAS client application (web.xml) to get the Proxy Granting Ticket which I cannot access.

I have tried providing a TGT (and Service Ticket) has the pgtId along with the PGTIOU like this URL:

/protected-web-app/proxyUrl?pgtId=TGT-1-UGTYmYoRP1NGBoMfNIM1asjWXd0RxYOywXTZEkB3VVTutHyAk6-cas01.example.org&pgtIou=PGTIOU-1-yrW7pUikYVZMOvaKolHCmGT4OW3rTZcxg01eVvplbvjrKWwyaw-cas01.example.org

However, I only get the "proxySuccess" back with no proxy ticket back:

<?xml version="1.0"?>

<casClient:proxySuccess xmlns:casClient="http://www.yale.edu/tp/casClient" />

I should be getting the following back:

<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
  <cas:proxySuccess>
    <cas:proxyTicket>PGT-xxxxxx</cas:proxyTicket>
  </cas:proxySuccess>
</cas:serviceResponse>

Anyone know how I can get the PGT from the PGTIOU?

I am really hoping I do not get any responses of "Why do you need the PGT?" To write this test I do need a PGT.

Regards

Misagh Moayyed

unread,

Jun 28, 2016, 6:15:23 PM6/28/16

to CAS Community

There is a backchannel call made to your pgtUrl with the PGT in it, which your app should receive and then correlate with the PGTIOU it received from the original validation response. You’ll need to trace that call. Proxying could be disabled, the app could be disallowed or some weirdness with SSL outbound calls perhaps.

--
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To post to this group, send email to cas-...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/40be567f-1e93-4386-aa68-9e294d188040%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

William

unread,

Jun 29, 2016, 8:09:18 AM6/29/16

to CAS Community, mmoa...@unicon.net

When I have the service ticket and I call serviceValidate the URL is (unencoded so it's readable):

https://localhost:8443/cas/serviceValidate?service=https://localhost:8443/protected-web-app/&ticket=ST-.....&pgtUrl=https://localhost:8443/protected-web-app/proxyUrl

Proxying is enabled and the SSL call is working from what I can tell.

I noticed that URL creates the PGTIOU. I can see CAS creating a PGT in the log. CAS then calls https://localhost:8443/protected-web-app/proxyUrl with the pgtId and pgtIou HTTP request parameters. My guess is that I will need to find a way to trap the call to https://localhost:8443/protected-web-app/proxyUrl and get the pgtId sent by CAS.

Reply all

Reply to author

Forward