[jboss-user] [JBoss Portal] - Unauthenticated /sec Access with CAS enabled

iliap do-not-reply at jboss.com
Mon Dec 1 17:38:46 EST 2008

Hello All,

I'm having some trouble configuring what url patterns Portal deems worthy of CAS authentication.  Specifically, I have a registration section of the portal that is SSL encrypted under a "/sec" URL, but does not require the user to be authenticated.  This works fine with CAS disabled by commenting out the CAS Valve snippet in jboss-portal.sar/portal-server.war/WEB-INF/context.xml:

  |    <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
  |    	casLogin="https://MYHOST:8443/cas/login"
  |    	casLogout="https://MYHOST:8443/cas/logout"
  |    	casValidate="https://MYHOST:8443/cas/serviceValidate"
  |    	casServerName="MYHOST:8443"
  |    	authType="FORM"
  |    />

If I enable CAS, the user is redirected to the CAS login page once they hit a URL with "/sec" in it.  In the logs, there is the following debug message:

  | 2008-12-01 22:29:25,140 DEBUG [org.jboss.portal.identity.sso.cas.CASAuthenticationValve] Checking if requested uri '/portal/sec/portal/default/registration/Registration+Request' matches secured url patterns: [/sec/, /authsec/, /auth/]

Why would it try to authenticate on "/sec" with CAS enabled, but not when it is disabled?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4193599#4193599

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4193599

More information about the jboss-user mailing list