Hi Ray, Thank you for your sharing. I've been troubled by the same problem these days. I compared cas-management 7.0.0-SNAPSHOT and 6.6.4. As you said, in 7.x the request goes into DefaultSecurityLogic but never entered DefaultCallbackLogic. I guess the problem may lie here: 7.x added the following code:
registry.addInterceptor(new SecurityInterceptor(config)).addPathPatterns( "/**"); See on Github <https://github.com/apereo/cas-management/blob/4d22990f41693741a5beb55ecd8e4ec2b48c142b/webapp/cas-mgmt-webapp-config/src/main/java/org/apereo/cas/mgmt/config/CasManagementSecurityConfiguration.java#L89> I don't know if I am right, I hope it helps someone. 在2024年5月16日星期四 UTC+8 20:41:43<Ray Bon> 写道: > I have been able to determine that the problem results from cas-management > not knowing how to handle the callback [from cas]. > In cas-management 6.5, if one directly access the callback endpoint, > https://local.uvic.ca/cas-management/callback > the log shows the CALLBACK code/filter being activated: > > cas-management | 2024-05-15 20:21:40,263 DEBUG [ > org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: > /callback> [https-openssl-nio-8443-exec-9] > cas-management | 2024-05-15 20:21:40,263 DEBUG [ > org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> > [https-openssl-nio-8443-exec-9] > > No redirect to cas, just a message that cas-management is unavailable. > > in v7-SNAPSHOT, the SECURITY code/filter is activated: > > cas-management | 2024-05-15 20:33:03,637 INFO [ > org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework > adapter> [https-openssl-nio-8443-exec-3] > cas-management | 2024-05-15 20:33:03,650 DEBUG [ > org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> > [https-openssl-nio-8443-exec-3] > > And there is a redirect to cas. > The callback endpoint is behind security (when it should not be). > > If you need to access cas-management, turn off cas authn > > mgmt.cas-sso=false > > and use spring security login default: > username: user > password: > > logged on first access to the application: > > cas-management | 2024-05-15 20:30:13,159 WARN > [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - < > cas-management | > cas-management | Using generated security password: > 5243a8b5-cd24-47e7-9f46-103fee3c2ebb > > see > https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/boot-features-security.html > > Ray > > > On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: > > You don't often get email from [email protected]. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not > get Password reset working on 6.6.15). > > Password reset is working fine, but if I try to login to cas-management I > end up in a redirection loop. > > I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, > cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an > apache reverse proxy). > > If I browse to cas-management, it redirectts to cas (as expected). If I > login as the user mentioned in the users.json file configured in > management.properties I get redirected to > > https://cas.XXXX/cas-management/callback?client_name=CasClient&ticket=xxxxx > > So far so good. But then I get redirected to cas again (that verifies the > ticket) and redirects to cas-management, etc. > > What am I doing wrong?? > > The service definition for cas-management is as follows: > > { > @class: org.apereo.cas.services.CasRegisteredService > serviceId: ^https://cas.XXXXX/cas-management.* > name: CAS Management > id: 1001 > description: Management of CAS enabled services > evaluationOrder: 5 > logoutUrl: https://cas.XXXXX/cas-management/logout > } > > Regards, > > Tom > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/11d92444-f4c5-47db-879b-a4e6a7b99905n%40apereo.org.
