3 Replies Latest reply on Dec 2, 2008 6:11 PM by iliap

    Unauthenticated /sec Access with CAS enabled

    iliap
    iliap Dec 1, 2008 5:38 PM

      Hello All,

      I'm having some trouble configuring what url patterns Portal deems worthy of CAS authentication. Specifically, I have a registration section of the portal that is SSL encrypted under a "/sec" URL, but does not require the user to be authenticated. This works fine with CAS disabled by commenting out the CAS Valve snippet in jboss-portal.sar/portal-server.war/WEB-INF/context.xml:

      
 <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
 casLogin="https://MYHOST:8443/cas/login"
 casLogout="https://MYHOST:8443/cas/logout"
 casValidate="https://MYHOST:8443/cas/serviceValidate"
 casServerName="MYHOST:8443"
 authType="FORM"
 />


      If I enable CAS, the user is redirected to the CAS login page once they hit a URL with "/sec" in it. In the logs, there is the following debug message: 

      2008-12-01 22:29:25,140 DEBUG [org.jboss.portal.identity.sso.cas.CASAuthenticationValve] Checking if requested uri '/portal/sec/portal/default/registration/Registration+Request' matches secured url patterns: [/sec/, /authsec/, /auth/]


      Why would it try to authenticate on "/sec" with CAS enabled, but not when it is disabled?

      Thanks,
      Ilia

      • 1055 Views
      • Tags: