Hi Scott,
I specified the port in the hope that it might fix the problem (that
perhaps it was tracking the port, but not the http/https part of the URL
for some reason).
I also forgot to mention that we're using CAS v3.1.1
Do you have any ideas where such a configuration problem might be?
Scott Battaglia wrote:
Its redirecting you back to the original page. I'm not sure why it
would construct it wrong unless there's a configuration problem which
I can't see.
Why are you specifying port 443 though? Not that its specifically the
problem, but its implied with https.
-Scott
On Mon, Feb 9, 2009 at 9:26 PM, Don Hoffman <[email protected]
<mailto:[email protected]>> wrote:
Hi -
We're using the CAS server to authenticate logins for a number of our
internal services, but are finding that the services management page
redirects to non-SSL after login, which we don't want to happen.
Has anyone seen this behavior, or know how/where it is configurable?
Any assistance would be very much appreciated. Thank you!
-don
useful info:
we're running CAS clustered (on 2 servers) in tomcat
cas.properties excerpt:
cas.securityContext.serviceProperties.service =
https://login.X.net:443/sso/services/j_acegi_cas_security_check
cas.securityContext.casProcessingFilterEntryPoint.loginUrl =
https://login.X.net:443/sso/login
cas.securityContext.casProxyTicketValidator.casValidate =
https://login.X.net:443/sso/proxyValidate
http header stream excerpt (taken using firefox live headers) of
services management login flow:
- request services page
https://login.X.net/sso/services/
GET /sso/services/ HTTP/1.1
Host: login.X.net <http://login.X.net>
HTTP/1.x 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=62B4FE217797ED5AC0165A9188E76690; Path=/sso
Location:
https://login.X.net:443/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check
- redirected to login screen
https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check
GET
/sso/login?service=https%3A%2F%2Flogin.X.net
<http://2Flogin.X.net>%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check
HTTP/1.1
Host: login.X.net:443 <http://login.X.net:443>
HTTP/1.x 200 OK
- login POST
https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check
POST
/sso/login?service=https%3A%2F%2Flogin.X.net
<http://2Flogin.X.net>%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check
HTTP/1.1
Host: login.X.net <http://login.X.net>
HTTP/1.x 302 Moved Temporarily
Location:
https://login.X.net:443/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net
- redirected to validate ticket
https://login.X.net/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net
GET
/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net
<http://ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net>
HTTP/1.1
Host: login.X.net:443 <http://login.X.net:443>
HTTP/1.x 302 Moved Temporarily
Location: http://login.X.net:443/sso/services/manage.html
- redirected to non-HTTPS (but maintains :443 port entry)
http://login.X.net:443/sso/services/manage.html
GET /sso/services/manage.html HTTP/1.1
Host: login.X.net:443 <http://login.X.net:443>
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as: [email protected]
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
