I was told there is BIG-IP which counts as reverse proxy in front of
tomcat. Are there any specific settings to resolve this ?
FYI : We have CAS war deployed in tomcat 8.5 [Not in embedded tomcat]
Thanks
Joe
On Monday, August 31, 2020 at 6:01:46 PM UTC-5 Joe Manavalan wrote:
> Thanks Jerome for the response.
>
> I am checking with the network team about the reverse proxy..
> request.getRequestURL() is coming in as "http "
>
> Following is the log
>
>
> 2020-08-31 17:45:43,157 DEBUG
> [org.springframework.security.web.FilterChainProxy] -
> </login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s
>
> reached end of additional filter chain; proceeding with original chain>
> 2020-08-31 17:45:43,164 DEBUG
> [org.springframework.web.servlet.DispatcherServlet] - <GET
> "/codesESSO/login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s",
>
> parameters={masked}>
> 2020-08-31 17:45:43,167 DEBUG
> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>
> - <Mapped to
> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String,
>
> HttpServletRequest, HttpServletResponse)>
> 2020-08-31 17:45:43,201 DEBUG
> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Response for
> client [http://<domain>:8445/codesESSO/login/CodesESSO_Dev],>
>
>
> I manually added a http to https replace here in
> BaseDelegatedAuthenticationController for testing
> val url = httpUrl.replace("http", "https");
>
>
> 2020-08-31 17:45:43,204 DEBUG
> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a
> response for client [a204264-CodesESSO_Dev], redirecting the login flow
> [https://<domain>:8445/codesESSO/login?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s&client_name=CodesESSO_Dev]>
>
> Ended up throwing an error [Which I believe is expected due to the
> manipulation]
> org.springframework.webflow.execution.ActionExecutionException: Exception
> thrown executing
> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@40e79dec in
> state 'delegatedAuthenticationAction' of flow 'login' -- action execution
> attributes were 'map[[empty]]'
> at
> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
> at
> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>
> On Mon, Aug 31, 2020 at 1:52 AM Jérôme LELEU <[email protected]> wrote:
>
>> Hi,
>>
>> This redirection relies on: request.getRequestURL()
>> Do you have some reverse proxy in front of your Tomcat?
>> Thanks.
>> Best regards,
>> Jérôme
>>
>>
>> Le jeu. 27 août 2020 à 17:20, Joe Manavalan <[email protected]> a
>> écrit :
>>
>>> I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The app
>>> works fine in my local windows machine on an https port
>>> When deployed in unix with the same setting [except the url has domain
>>> name instead of server name] the app after authenticating with the external
>>> oauth2 provider redirects the url to an http port as shown below
>>> This is the redirect url configured and get successfully redirected
>>> after authentication and authorization based on the browser trace
>>>
>>> https://<domain>:<port>/cas/login/<clientName>?code=<code>&state=<state>&client_name=<clientName>
>>> It then gets redirected to the below http port instead of the expected
>>> https port
>>>
>>> http//<domain>:<port>/cas/login?code=<code>&state=<state>&client_name=<clientName>
>>>
>>> Is this some configuration in CAS or need to be investigated on the
>>> network side ?
>>> Any help appreciated
>>>
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org
>>>
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>>
> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com
>>
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org.
