I excluded nginx from my local env so I have only executable CAS.war and keycloak. I configured CAS to use SSL in this way:
server.ssl.enabled=true server.ssl.key-store-type=JKS server.ssl.key-store=C:/Environment/jdk-11.0.5/bin/caskeystore.jks server.ssl.key-store-password=changeit server.ssl.key-alias=my.cas.com Backchannel logout doesn't work. Looks like SSL causes this issue, doesn't matter it's nginx or embedded tomcat. On Tuesday, March 17, 2020 at 11:49:34 PM UTC+2, Maksim Kopeyka wrote: > > Ray, > > I have had some issues related to self-signed certificate on my local env. > CAS and Keycloak produced exception related to certificate and flow didn't > work at all. > I regenerated certificate for domain instead of 127.0.0.1 and all > exceptions were gone. So it's not an issue with certificate. > Also I have the same problem on real environment with real certificate. It > also works fine without SSL but with SSL CAS session stay alive after > logout in keycloak. > > On Tuesday, March 17, 2020 at 5:44:35 PM UTC+2, rbon wrote: >> >> Maksim, >> >> Could this be a certificate issue? >> >> If this is self signed certificate, you will need to add it to the java >> keystore (trust store). >> https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores >> >> Ray >> >> On Mon, 2020-03-16 at 16:46 -0700, 'Maksim Kopeyka' via CAS Community >> wrote: >> >> That's interesting. Backchannel logout works in case load balancer of CAS >> (nginx) doesn't use SSL however backchannel doesn't work in case nginx uses >> SSL. >> I see the same output in console of CAS server in both cases (with SSL >> and without SSL) >> >> -- >> >> Ray Bon >> Programmer Analyst >> Development Services, University Systems >> 2507218831 | CLE 019 | [email protected] >> >> I respectfully acknowledge that my place of work is located within the >> ancestral, traditional and unceded territory of the Songhees, Esquimalt and >> WSÁNEĆ Nations. >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f634118-8170-4df8-b715-d451874c0704%40apereo.org.
