使用CAS时重定向到Tomcat Web应用程序后出现401错误

时间:2013-09-07 10:51:21

标签: tomcat cas

我正在尝试配置Tomcat和CAS。

我的部署有: 1.单个Tomcat服务器(版本7.0.29) 2. Apache DS作为LDAP 3. CAS服务器3.5.2部署到Tomcat 4.我的Web应用程序部署到同一个Tomcat服务器

我正在使用自签名证书,并且必须修改CAS以提供自定义HostNameVerifier以获取错误的主机名错误。

所以现在当我尝试访问我的Web应用程序时,我被重定向到CAS登录页面。我可以使用LDAP中的凭据登录并重定向回Web应用程序。但是当我使用CAS20身份验证器时我得到了401(当我尝试使用SAML11身份验证器时得到403)。

所以我怀疑web.xml可能有问题。这是我正在使用的:

<security-constraint>
    <display-name>Global Access</display-name>
    <web-resource-collection>
        <web-resource-name>Global</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>

关于我做错了什么的想法?

感谢 标记

CAS跟踪

2013-09-07 11:45:33,206 INFO  [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: fadams]
WHAT: supplied credentials: [username: fadams]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2013-09-07 11:45:33,209 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: [username: fadams]
WHAT: TGT-1-1cSjhWvG2A6kQcEJVOFkHAiQgGRyejeoVkpTkzbqSBftS7LApp-localhost
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
2013-09-07 11:45:33,212 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost] for service [https://localhost:8443/moodle.webapp/] for user [fadams]>
2013-09-07 11:45:33,212 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: fadams
WHAT: ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost for https://localhost:8443/moodle.webapp/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

>
Warning: URL Host: localhost vs. localhost
2013-09-07 11:45:33,259 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-1-vjLbc7KbWAK5kyYTSJTZ-localhost
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Sat Sep 07 11:45:33 BST 2013
CLIENT IP ADDRESS: 127.0.0.1
SERVER IP ADDRESS: 127.0.0.1
=============================================================

1 个答案:

答案 0 :(得分:0)

您是否在webapp中安装了所有必要的CAS过滤器,最明显的是票证验证过滤器和请求包装过滤器?看,例如详情请见https://wiki.jasig.org/plugins/servlet/mobile#content/view/8096602

相关问题
最新问题