Its redirecting you back to the original page. I'm not sure why it would construct it wrong unless there's a configuration problem which I can't see.
Why are you specifying port 443 though? Not that its specifically the problem, but its implied with https. -Scott On Mon, Feb 9, 2009 at 9:26 PM, Don Hoffman <[email protected]> wrote: > Hi - > We're using the CAS server to authenticate logins for a number of our > internal services, but are finding that the services management page > redirects to non-SSL after login, which we don't want to happen. > Has anyone seen this behavior, or know how/where it is configurable? > > Any assistance would be very much appreciated. Thank you! > -don > > useful info: > > we're running CAS clustered (on 2 servers) in tomcat > > cas.properties excerpt: > cas.securityContext.serviceProperties.service = > https://login.X.net:443/sso/services/j_acegi_cas_security_check > cas.securityContext.casProcessingFilterEntryPoint.loginUrl = > https://login.X.net:443/sso/login > cas.securityContext.casProxyTicketValidator.casValidate = > https://login.X.net:443/sso/proxyValidate > > > http header stream excerpt (taken using firefox live headers) of > services management login flow: > > - request services page > https://login.X.net/sso/services/ > GET /sso/services/ HTTP/1.1 > Host: login.X.net > HTTP/1.x 302 Moved Temporarily > Server: Apache-Coyote/1.1 > Set-Cookie: JSESSIONID=62B4FE217797ED5AC0165A9188E76690; Path=/sso > Location: > > https://login.X.net:443/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check > > - redirected to login screen > > https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check > > GET > /sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check > > HTTP/1.1 > Host: login.X.net:443 > HTTP/1.x 200 OK > > - login POST > > https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check > > POST > /sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check > > HTTP/1.1 > Host: login.X.net > HTTP/1.x 302 Moved Temporarily > Location: > > https://login.X.net:443/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net > > > - redirected to validate ticket > > https://login.X.net/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net > > GET > /sso/services/j_acegi_cas_security_check?ticket= > ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net > HTTP/1.1 > Host: login.X.net:443 > HTTP/1.x 302 Moved Temporarily > Location: http://login.X.net:443/sso/services/manage.html > > - redirected to non-HTTPS (but maintains :443 port entry) > http://login.X.net:443/sso/services/manage.html > GET /sso/services/manage.html HTTP/1.1 > Host: login.X.net:443 > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
