I excluded nginx from my local env so I have only executable CAS.war and keycloak. I configured CAS to use SSL in this way:
server.ssl.enabled=true server.ssl.key-store-type=JKS server.ssl.key-store=C:/Environment/jdk-11.0.5/bin/caskeystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=my.cas.com Backchannel logout doesn't work. Looks like SSL causes this issue, doesn't matter it's nginx or embedded tomcat. On Tuesday, March 17, 2020 at 11:49:34 PM UTC+2, Maksim Kopeyka wrote: > > Ray, > > I have had some issues related to self-signed certificate on my local env. > CAS and Keycloak produced exception related to certificate and flow didn't > work at all. > I regenerated certificate for domain instead of 127.0.0.1 and all > exceptions were gone. So it's not an issue with certificate. > Also I have the same problem on real environment with real certificate. It > also works fine without SSL but with SSL CAS session stay alive after > logout in keycloak. > > On Tuesday, March 17, 2020 at 5:44:35 PM UTC+2, rbon wrote: >> >> Maksim, >> >> Could this be a certificate issue? >> >> If this is self signed certificate, you will need to add it to the java >> keystore (trust store). >> https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores >> >> Ray >> >> On Mon, 2020-03-16 at 16:46 -0700, 'Maksim Kopeyka' via CAS Community >> wrote: >> >> That's interesting. Backchannel logout works in case load balancer of CAS >> (nginx) doesn't use SSL however backchannel doesn't work in case nginx uses >> SSL. >> I see the same output in console of CAS server in both cases (with SSL >> and without SSL) >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | rb...@uvic.ca >> >> I respectfully acknowledge that my place of work is located within the >> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >> WSÁNEĆ Nations. >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f634118-8170-4df8-b715-d451874c0704%40apereo.org.