I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas]. In cas-management 6.5, if one directly access the callback endpoint, https://local.uvic.ca/cas-management/callback the log shows the CALLBACK code/filter being activated:
cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: /callback> [https-openssl-nio-8443-exec-9] cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> [https-openssl-nio-8443-exec-9] No redirect to cas, just a message that cas-management is unavailable. in v7-SNAPSHOT, the SECURITY code/filter is activated: cas-management | 2024-05-15 20:33:03,637 INFO [ org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework adapter> [https-openssl-nio-8443-exec-3] cas-management | 2024-05-15 20:33:03,650 DEBUG [ org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> [https-openssl-nio-8443-exec-3] And there is a redirect to cas. The callback endpoint is behind security (when it should not be). If you need to access cas-management, turn off cas authn mgmt.cas-sso=false and use spring security login default: username: user password: logged on first access to the application: cas-management | 2024-05-15 20:30:13,159 WARN [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - < cas-management | cas-management | Using generated security password: 5243a8b5-cd24-47e7-9f46-103fee3c2ebb see https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/boot-features-security.html Ray On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: You don't often get email from [email protected]. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not get Password reset working on 6.6.15). Password reset is working fine, but if I try to login to cas-management I end up in a redirection loop. I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an apache reverse proxy). If I browse to cas-management, it redirectts to cas (as expected). If I login as the user mentioned in the users.json file configured in management.properties I get redirected to https://cas.XXXX/cas-management/callback?client_name=CasClient&ticket=xxxxx So far so good. But then I get redirected to cas again (that verifies the ticket) and redirects to cas-management, etc. What am I doing wrong?? The service definition for cas-management is as follows: { @class: org.apereo.cas.services.CasRegisteredService serviceId: ^https://cas.XXXXX/cas-management.* name: CAS Management id: 1001 description: Management of CAS enabled services evaluationOrder: 5 logoutUrl: https://cas.XXXXX/cas-management/logout } Regards, Tom -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/920326c32b331054636f1d1350b48876c0f142ea.camel%40uvic.ca.
