We tried a bunch of different ideas from different people here (and otherwise). We attempted using the one distributed in the docker container, but it is missing modules that we need. After a great deal of futzing we got it to say "oh yeah, https", but only after stuffing a 10-year self-signed certificate into it, which is a crappy solution...yet it did stop puking up spurious "not HTTPS" errors. However, each time we build one ourselves, which has the modules in it that we need, we get a tons of the following warnings prior to fatal errors:
2026-02-02 08:39:45,928 TRACE [org.springframework.security.web.savedrequest.HttpSessionRequestCache] - <matchingRequestParameterName is required for getMatchingRequest to lookup a value, but not provided> This indicates to me that there is a fatal error somewhere in the build chain—somewhere we here haven't modified. Somebody please come up with explanation indicating that isn't the case...please. As if the build chain we are getting directly from Apereo and using with a stock Amazon Corretto Java has a fatal error in it that's a major problem for everyone. On Wednesday, January 28, 2026 at 9:08:41 PM UTC-5 Drew Northup wrote: My coworker and I have tried pretty much everything we can think of to get the embedded Tomcat CAS to work behind an Apache HTTPd (which is doing all of the HTTPS stuff, because (1) it is our standard configuration and we don't hate our fellow sysadmins, and (2) we don't hate ourselves). I'm not going to say up-front what our current configuration is because (1) that's not the point of this question, and (2) it would poison the conversation. Again, this isn't what "what we've done wrong" this is about "how is it supposed to work". If the answer is "do the TLS in java" don't expect a friendly response, as that's not an answer. This is standard configuration which should work. If it doesn't, then that's a bug. This is all on one host, between daemons on the same host, and not on the open network. (signature block probably missing because I'm using the Google Groups interface) -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b5dff768-3358-4969-8726-5d96a986b099n%40apereo.org.
