During the CAS integration for a protected web application, there was always the question on how to see the CAS response once someone has authenticated.
The session of the user would be established, though the application would require the attributes to be retrieved for the use of the application.
This wouldn't be during the authentication process but in fact after the ticket has been passed to the application. The application would then use that ticket (also known as the service ticket)
To validate the user and to retrieve the information of that user. The service ticket would only be valid for a few seconds and could only be used once and has to be used shortly after the ST was created. CAS purposely uses the ST tickets with a short life. The second attribute request would fail if the ST- ticket was used twice. If you did attempt to use the ST ticket twice, you will receive something like, 'ServiceTicket [ST-2124-xxxxxxxxxxxxxxxx-cas] does not exist.' within the audit logs
The question would be, how would you grab that ST ticket to then see the messages and attributes?
To replicate the initial authentication and to receive the ST ticket, I created a CAS client (I called it the CASTicketValidationClient application), which can be located within my git.
The client used to initially receive a service ticket (ST=xxxx) to then retrieve the expected CAS response to the application (service) along with reviewing the attributes.
The CAS agent can be located here: CAS Agent
Steps to view the serviceResponse from CAS
1. Create a maven project by using the pom.xml file
2. Download the .java file and place this into your IDE
3. Change the 5 variables to match your environment
4. When you run the application, it should then present a ST-ticket
5. You then use this ticket to run the URL below. Remember to change the 2 URLs as well as replacing the ticket at the end. Make sure you do this no fewer than a few seconds after receving the ST ticket https://CASSERVER/sso/serviceValidate?service=https://APPLICATIONSERVER/WHATEVER/WHATEVER&ticket=ST-271-K3v21d6pvqTmp1tCR3gi-sso
Make CAS changes
Make sure your service is acknowledged by your CAS server. If you don't setup your application URL within CAS, you'll receive a Service Management initial error, which looks something like this:
CAS ticket validation
If you want to see additional information other than the standard payload response, You can replace the casServiceValidationSuccess file with the one from my git. https://github.com/nervouswiggles/CASTicketValidationClient/blob/master/casServiceValidationSuccess.jsp That way, you should then see all the available attributes that are being sent
About the authorDaniel is a Technical Manager with over 10 years of consulting expertise in the Identity and Access Management space.
Daniel has built from scratch this blog as well as technicalconfessions.com
Follow Daniel on twitter @nervouswiggles
ForgeRock IDM - org.forgerock.script.exception.ScriptCompilationException: missing ; before statement
When performing the attempt of a reconciliation from ForgeRock IDM to Active Directory, I would get the following error
In the past, the similar error occurred though for the Oracle Identity Management solution. invalidcredentialexception remote framework key is invalid Because they all share the ICF connector framework, the error/solution would be the same.
During the reconcilation from OpenIDM to the ICF google apps connector, the following error response would occur. ERROR Caused by com.google.api.client.auth.oauth2.TokenResponseException 400 Bad Request - invalid_grant
Received the JWT error
Unexpected character occurred when the IP addresses changes and the virtual instance was migrated into a separate network subnet.
When trying to connect, I would then receive the following error "Connect Error Result Code: 91 (Connect Error)"
When initiating the Tomcat instance, the cas-stderr log file will log a SEVERE error logging multiple times every few seconds
IDM ERROR - JDBC repository configured but datasource default was not found
org.forgerock.json.JsonException: org.forgerock.json.crypto.JsonCryptoException: javax.crypto.BadPaddingException: Given final block not properly padded