3 Replies Latest reply on Dec 2, 2008 6:11 PM by Ilia Papas

    Unauthenticated /sec Access with CAS enabled

    Ilia Papas Newbie

      Hello All,

      I'm having some trouble configuring what url patterns Portal deems worthy of CAS authentication. Specifically, I have a registration section of the portal that is SSL encrypted under a "/sec" URL, but does not require the user to be authenticated. This works fine with CAS disabled by commenting out the CAS Valve snippet in jboss-portal.sar/portal-server.war/WEB-INF/context.xml:

      
       <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
       casLogin="https://MYHOST:8443/cas/login"
       casLogout="https://MYHOST:8443/cas/logout"
       casValidate="https://MYHOST:8443/cas/serviceValidate"
       casServerName="MYHOST:8443"
       authType="FORM"
       />
      


      If I enable CAS, the user is redirected to the CAS login page once they hit a URL with "/sec" in it. In the logs, there is the following debug message:

      2008-12-01 22:29:25,140 DEBUG [org.jboss.portal.identity.sso.cas.CASAuthenticationValve] Checking if requested uri '/portal/sec/portal/default/registration/Registration+Request' matches secured url patterns: [/sec/, /authsec/, /auth/]
      


      Why would it try to authenticate on "/sec" with CAS enabled, but not when it is disabled?

      Thanks,
      Ilia