Rod, Use your browser developer tools to see the TGC sent from and to cas. Verify that there are no stale TGCs (there should only be one and it should not change during an sso session). Does this behaviour happen in a new private window?
You can test repeated logins to your test app by removing its session cookie (NOT the TGC). This should trigger the test app to go to cas where you 'should' be SSOed. You may want to turn up logging on the cas server to see what it thinks is going on. Ray On Thu, 2021-12-02 at 08:50 -0800, Rod B wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hi Andy, I've attached our cleansed cas.properties file. We do use https. I'm also including our virtual hosts set up that shows we redirect to https if a http request to the CAS server comes in. Many thanks for having your eyes on this. Rod On Wednesday, 1 December 2021 at 22:55:06 UTC-8 Andy Ng wrote: Hi Rod, Usually this happen when you setup your CAS as http instead of https. - When CAS is in http, SSO will not work. Making sure it is https should make it work again. - The services you provided seems fine, didn't see any issue on them. - But the ssoEnabled part should be not neccesary since that would be the default If the above still not able to solve your issue, then you might need to provide a little bit more information, like a full cas.properties (sensitive data removed of course). Cheers! - Andy On Thursday, 2 December 2021 at 08:49:09 UTC+8 [email protected] wrote: Hello Everyone! I'm held up deploying 6.4.2 so I'm back on 6.1 for the Google App integration provided by it. I'm able to log into a testing site in the /etc/cas/services directory. I'm redirected to the CAS login page. Once I authenticate, I continue to the testing site. I'm also able to log into Google calendar where I'm redirected to the CAS login page. Once I authenticate I continue to the Google calendar. However, when I log into the testing site and then attempt on another tab go to Google calendar, I'm redirected to the CAS login page and not SSO'd into Google Calendar. This happens also if I log into Google Calendar and then attempt to access the testing site. I believe this is the relevant bits of the /etc/cas/config/cas.properties file (I could be missing something) cas.tgc.crypto.encryption.key=**redacted** cas.tgc.crypto.signing.key=**redacted** cas.webflow.crypto.signing.key=**redacted** cas.webflow.crypto.encryption.key=**redacted** This is how it looks for the two /etc/cas/services JSON files: google_apps-44.json { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "https://www.google.com/a/example.com/acs";, "name" : "Google Apps", "theme" : "ourschool", "id" : 44, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "ssoEnabled" : true } "evaluationOrder" : 10 } For the test site: { "@class" : "org.apereo.cas.services.RegexRegisteredService" "serviceId" : "http://cas-test.dev.ourschool.ca/wp-login.php*";, "name" : "CasTest", "id" : 1, "accessStrategy" : { "@class" : "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy" "ssoEnabled" : true } "theme" : "ourschool" "evaluationOrder" : 1 } I'm thinking I'm missing something in cas.properties as I don't think I need to put in the accessStrategy part, I was just seeing if it would work. I do see that a TGC cookie is granted on the browser. Thank you for any suggestions and help. Rod -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff5146702b6e6af4b6712f68dff48a4af731e2a6.camel%40uvic.ca.
