Hi,
I would have expected the *val url = httpUrl.replace("http", "https");*
solution to work.
You may also try to set the "secure" flag in the Tomcat connector.
Thanks.
Best regards,
Jérôme
Le jeu. 3 sept. 2020 à 18:48, Joe Manavalan <[email protected]> a
écrit :
> I was told there is BIG-IP which counts as reverse proxy in front of
> tomcat. Are there any specific settings to resolve this ?
> FYI : We have CAS war deployed in tomcat 8.5 [Not in embedded tomcat]
>
> Thanks
> Joe
>
>
> On Monday, August 31, 2020 at 6:01:46 PM UTC-5 Joe Manavalan wrote:
>
>> Thanks Jerome for the response.
>>
>> I am checking with the network team about the reverse proxy..
>> request.getRequestURL() is coming in as "http "
>>
>> Following is the log
>>
>>
>> 2020-08-31 17:45:43,157 DEBUG
>> [org.springframework.security.web.FilterChainProxy] -
>> </login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s
>> reached end of additional filter chain; proceeding with original chain>
>> 2020-08-31 17:45:43,164 DEBUG
>> [org.springframework.web.servlet.DispatcherServlet] - <GET
>> "/codesESSO/login/CodesESSO_Dev?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s",
>> parameters={masked}>
>> 2020-08-31 17:45:43,167 DEBUG
>> [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping]
>> - <Mapped to
>> org.apereo.cas.web.DelegatedClientNavigationController#redirectResponseToFlow(String,
>> HttpServletRequest, HttpServletResponse)>
>> 2020-08-31 17:45:43,201 DEBUG
>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Response for
>> client [http://<domain>:8445/codesESSO/login/CodesESSO_Dev],>
>>
>>
>> I manually added a http to https replace here in
>> BaseDelegatedAuthenticationController for testing
>> val url = httpUrl.replace("http", "https");
>>
>>
>> 2020-08-31 17:45:43,204 DEBUG
>> [org.apereo.cas.web.BaseDelegatedAuthenticationController] - <Received a
>> response for client [a204264-CodesESSO_Dev], redirecting the login flow
>> [https://
>> <domain>:8445/codesESSO/login?code=aF7GlAT5G_5OTjTQQw512P5U7WQ87DQwGfloQZcI&state=TST-1-M7NvxcUUbWhZsfDKg9WZ3CF2ift41e5s&client_name=CodesESSO_Dev]>
>>
>> Ended up throwing an error [Which I believe is expected due to the
>> manipulation]
>> org.springframework.webflow.execution.ActionExecutionException: Exception
>> thrown executing
>> org.apereo.cas.web.flow.DelegatedClientAuthenticationAction@40e79dec in
>> state 'delegatedAuthenticationAction' of flow 'login' -- action execution
>> attributes were 'map[[empty]]'
>> at
>> org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:62)
>> at
>> org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77)
>>
>> On Mon, Aug 31, 2020 at 1:52 AM Jérôme LELEU <[email protected]> wrote:
>>
>>> Hi,
>>>
>>> This redirection relies on: request.getRequestURL()
>>> Do you have some reverse proxy in front of your Tomcat?
>>> Thanks.
>>> Best regards,
>>> Jérôme
>>>
>>>
>>> Le jeu. 27 août 2020 à 17:20, Joe Manavalan <[email protected]> a
>>> écrit :
>>>
>>>> I have cas6.1 deployed and working with cas.authn.pac4j.oauth2. The app
>>>> works fine in my local windows machine on an https port
>>>> When deployed in unix with the same setting [except the url has domain
>>>> name instead of server name] the app after authenticating with the external
>>>> oauth2 provider redirects the url to an http port as shown below
>>>> This is the redirect url configured and get successfully redirected
>>>> after authentication and authorization based on the browser trace
>>>> https://
>>>> <domain>:<port>/cas/login/<clientName>?code=<code>&state=<state>&client_name=<clientName>
>>>> It then gets redirected to the below http port instead of the expected
>>>> https port
>>>>
>>>> http//<domain>:<port>/cas/login?code=<code>&state=<state>&client_name=<clientName>
>>>>
>>>> Is this some configuration in CAS or need to be investigated on the
>>>> network side ?
>>>> Any help appreciated
>>>>
>>>>
>>>> --
>>>> - Website: https://apereo.github.io/cas
>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>> - Contributions: https://goo.gl/mh7qDG
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "CAS Community" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit
>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org
>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9fa4862-6604-4c32-8a75-81a04f982998n%40apereo.org?utm_medium=email&utm_source=footer>
>>>> .
>>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to [email protected].
>>>
>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279Lz_k_jQenLtSjYe3TPNOD%3DStaVdub7UaF4yUpMErBTiHg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/3f20905c-771f-457c-8dce-2c29e792364an%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAP279LwuzALBWi9T-qwcF_5HjD2q9C2zgPdQ04fD%3DNHykXdLVw%40mail.gmail.com.
