0
해결 방법을 모르는 문제가 있습니다. 바람둥이 8 포트 8443에 CAS v4.2가 구성되어 있습니다. 내가 가지고있는 스프링 보안 구성은 CAS 로의 리디렉션을 올바르게 수행합니다. CAS에서 인증하면 로그에서 인증 및 티켓 생성이 정확합니다. 티켓에 문서에 표시된대로 2 주간 지속되도록 구성했습니다. web.xml에서 cas 세션을 5에서 15로 증가 시켰습니다. 오류가 발생할 가능성이 있음을 나타냅니다.하지만이 모두가 동일하게 나타납니다. 자신을 인증 한 후 자신을 클라이언트 응용 프로그램의 홈으로 리디렉션하지 않았지만 "인증 실패 : 사용자의 자격 증명이 만료되었습니다"라는 메시지가 표시됩니다.인증 실패 : 사용자의 자격 증명이 만료되었습니다. CAS v4.2
내가 잘못하고 있거나 무엇이 될 수 있는지 알 수 없습니다. 버전 4.2에 따라 cas.properties 등록 정보에서 구성하여 누락되었습니다. 계속 진행하기 위해이 문제가 무엇인지 알려 주시면 감사하겠습니다. 미리 감사드립니다.
JDK8. 봄 4.2.6. CAS v4.2. Tomcat8.
봄-security.xml
<security:http entry-point-ref="casEntryPoint" auto-config="true" use-expressions="true">
<security:csrf disabled="false"/>
<security:custom-filter position="FIRST" ref="ajaxSessionFilter"/>
<!-- ACCESO SIN RESTRICCIONES -->
<security:intercept-url pattern="/static/**" access="permitAll"/>
<security:intercept-url pattern="/WEB-INF/views/**" access="permitAll"/>
<security:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER"/>
<security:intercept-url pattern="/**" access="isAuthenticated()" />
</security:http>
<bean id="casServiceProperties" class="org.springframework.security.cas.ServiceProperties"
p:service="http://localhost:8080/aap/j_spring_cas_security_check"
p:sendRenew="false" p:authenticateAllArtifacts="true" />
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="casServiceProperties" p:loginUrl="https://cas:8443/cas/login" />
<bean id="ajaxSessionFilter" class="com.xxxx.auth.web.filters.ajax.SessionFilter">
<property name="homePage" value="https://cas:8443/cas/login"/>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="serviceProperties" ref="casServiceProperties"/>
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed"/>
</bean>
</property>
<!-- -->
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
</bean>
<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter"
p:filterProcessesUrl="/j_spring_cas_security_logout">
<constructor-arg value="https://cas:8443/cas/logout" />
<constructor-arg >
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
</bean>
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
</security:authentication-manager>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailService" />
</bean>
</property>
<property name="serviceProperties" ref="casServiceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://cas:8443/cas" />
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
</bean>
</property>
<property name="key" value="CAS"/>
</bean>
<bean id="userDetailService" class="com.xxx.services.security.userdetails.PSOUserDetailsService"/>
cas.properties
# Decides whether SSO cookie should be created only under secure connections.
tgc.secure=true
# The expiration value of the SSO cookie
tgc.maxAge=1209600
# The name of the SSO cookie
tgc.name=TGC
# The path to which the SSO cookie will be scoped
tgc.path=/cas
# The expiration value of the SSO cookie for long-term authentications
tgc.remember.me.maxAge=1209600
# Decides whether SSO Warning cookie should be created only under secure connections.
warn.cookie.secure=true
# The expiration value of the SSO Warning cookie
warn.cookie.maxAge=1209600
# The name of the SSO Warning cookie
warn.cookie.name=CASPRIVACY
# The path to which the SSO Warning cookie will be scoped
warn.cookie.path=/cas
##
# Single Sign-On Session TGT Timeouts
#
# Inactivity Timeout Policy
tgt.timeout.maxTimeToLiveInSeconds=1209600
# Default Expiration Policy
tgt.maxTimeToLiveInSeconds=28800
tgt.timeToKillInSeconds=7200
##
# Service Ticket Timeout
#
st.timeToKillInSeconds=28800
st.numberOfUses=1
tgc.remember.me.maxAge=1209600
쿠키
나 자신에 응답"CASPRIVACY="";
Expires=Thu, 01-Jan-1970 00:00:10 GMT;
Path=/cas;
SecureTGC=eyJhbGciOiJIUzUxMiJ9.WlhsS2FHSkhZMmxQYVVwcllWaEphVXhEU214aWJVMXBUMmxLUWsxVVNUUlJNRXBFVEZWb1ZFMXFWVEpKYmpBdUxqRnNSVEl5T1U5SFdsQTRVWFpUTFc5VWIzRmpNRUV1T0Vac2J6QnRaMjl5ZVRWRk9XRnFNR3AwVFZKcFNIQklTVGt5YjJGelNWZE9XR0pEU2swM2VrMUJRekJYVUVjd1UwSnRaRGRaTTFwVlJHNVROekpNTjA5aWNsZGtjMEo2TkVGVVZYQkJWMGxPVEhKQkxWSmxVWEozZUdWRlpFaGxOV2xEYkhZdFgxUnRWbXBYY0hJeFZEWlpXQzFRVG1kcFdtNUJRa2RuTW5CdlRHOUxaRzB3VFMxQk56ZFNWelZ4YVdORVQxQXRVekEzTVVVNGNFSmxWVFJ2UkZwZmVFTTNWRzVFVlRWRmMyeFJRVXR3Y2tOMFlXMVhTVVJGT0ZoQ00xQlNaV0pMVTJGcVJrMVdPV1ZEVmxkU1ozaEtkeTVQYTJwSFEzTmhWRmxRVkdwSE0xZG5UVnBVZUVKQg.H2P1nCulIj3BtS-wOJr3PtOVGi1hT6y0PDP0MVSQerwv3khVB-lFQe2BdKNElUYzJhURtW-zwyZK3PuBh6p_eQ;
Expires=Wed, 18-Jan-2017 15:00:18 GMT;
Path=/cas;
Secure"