AnsweredAssumed Answered

Calling Alfresco Webservice with CAS not validating ticket

Question asked by mangar on Feb 10, 2014
I am trying to authenticate a ticket against CAS.  I have a working CAS server, and 2 services.  Service A is an alfresco server, service B is my own Srping Web App.

I log into B and am redirecdted to CAS login, I login, and I am in Web App B just fine.  All Happy.
I can SSO into Alfresco explorer just fine. (ie, I click on a link, and I am already loged in)  All Happy.
In my web app B, I call a RESTful api in alfresco(A) and I am all sad.
I can put the REST url call into my browser and I get the expected result, and I am all confused.

How do I call this URL from my web app B?  I add the ticket to the end of the URL like this: (userId is for the getTaskList webscript.  Guess what it does? :)

https://xxx.org:8443/alfresco/service/workflow/getTaskList?userId=me&ticket=ST-6-ayiC6vVX3yEBQcFB12sj-xxx.org

My Web.xml  is set up like this:

   <filter>
      <filter-name>Authentication Filter</filter-name>
      <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
      <init-param>
         <param-name>casServerLoginUrl</param-name>
         <param-value>https://xxx.org:7443/cas/login</param-value>
      </init-param>
      <init-param>
         <param-name>serverName</param-name>
         <param-value>https://xxx.org:8443</param-value>
      </init-param>
   </filter>

   <filter>
      <filter-name>CAS Validation Filter</filter-name>
      <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
      <init-param>
         <param-name>casServerUrlPrefix</param-name>
         <param-value>https://xxx.org:7443/cas</param-value>
      </init-param>
      <init-param>
         <param-name>serverName</param-name>
         <param-value>https://xxx.org:8443</param-value>
      </init-param>
   </filter>
  
   <filter>
    <filter-name>Alfresco CAS Authentication Filter</filter-name>
    <filter-class>org.xxx.alfresco.repository.extension.web.app.servlet.CASAuthenticationFilter</filter-class>
   </filter>


  
  with my filter mappings for the webservices like this:
 
     <filter-mapping>
      <filter-name>Authentication Filter</filter-name>
      <url-pattern>/service/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>CAS Validation Filter</filter-name>
      <url-pattern>/service/*</url-pattern>
   </filter-mapping>
   <filter-mapping>
      <filter-name>Alfresco CAS Authentication Filter</filter-name>
      <url-pattern>/service/*</url-pattern>
   </filter-mapping>

 
   But as I have debugging going on, I can see that I am not even getting to my CASAuthenticationFilter.  The error is beign picked up by Cas20ProxyReceivingTicketValidationFilter. Here is the exception:
  
   Feb 10, 2014 1:56:17 AM org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter doFilter
WARNING: org.jasig.cas.client.validation.TicketValidationException:
                ticket 'ST-6-ayiC6vVX3yEBQcFB12sj-xxx.org' not recognized
            
    Any Ideas?

Outcomes