There are only two places the information resides in: securityContext.xml and that cas.properties, unless you're fronting it with Apache or something that is doing Url rewriting.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Tue, Feb 10, 2009 at 1:59 PM, Don Hoffman <[email protected]> wrote: > Hi Scott, > I specified the port in the hope that it might fix the problem (that > perhaps it was tracking the port, but not the http/https part of the URL for > some reason). > I also forgot to mention that we're using CAS v3.1.1 > Do you have any ideas where such a configuration problem might be? > > Scott Battaglia wrote: > >> Its redirecting you back to the original page. I'm not sure why it would >> construct it wrong unless there's a configuration problem which I can't see. >> >> Why are you specifying port 443 though? Not that its specifically the >> problem, but its implied with https. >> >> -Scott >> >> On Mon, Feb 9, 2009 at 9:26 PM, Don Hoffman <[email protected] <mailto: >> [email protected]>> wrote: >> >> Hi - >> We're using the CAS server to authenticate logins for a number of our >> internal services, but are finding that the services management page >> redirects to non-SSL after login, which we don't want to happen. >> Has anyone seen this behavior, or know how/where it is configurable? >> >> Any assistance would be very much appreciated. Thank you! >> -don >> >> useful info: >> >> we're running CAS clustered (on 2 servers) in tomcat >> >> cas.properties excerpt: >> cas.securityContext.serviceProperties.service = >> https://login.X.net:443/sso/services/j_acegi_cas_security_check >> cas.securityContext.casProcessingFilterEntryPoint.loginUrl = >> https://login.X.net:443/sso/login >> cas.securityContext.casProxyTicketValidator.casValidate = >> https://login.X.net:443/sso/proxyValidate >> >> >> http header stream excerpt (taken using firefox live headers) of >> services management login flow: >> >> - request services page >> https://login.X.net/sso/services/ >> GET /sso/services/ HTTP/1.1 >> Host: login.X.net <http://login.X.net> >> HTTP/1.x 302 Moved Temporarily >> Server: Apache-Coyote/1.1 >> Set-Cookie: JSESSIONID=62B4FE217797ED5AC0165A9188E76690; Path=/sso >> Location: >> >> https://login.X.net:443/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check >> >> - redirected to login screen >> >> https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check >> >> >> GET >> /sso/login?service=https%3A%2F%2Flogin.X.net >> <http://2Flogin.X.net >> >%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check >> >> HTTP/1.1 >> Host: login.X.net:443 <http://login.X.net:443> >> HTTP/1.x 200 OK >> >> - login POST >> >> https://login.X.net/sso/login?service=https%3A%2F%2Flogin.X.net%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check >> >> >> POST >> /sso/login?service=https%3A%2F%2Flogin.X.net >> <http://2Flogin.X.net >> >%3A443%2Fsso%2Fservices%2Fj_acegi_cas_security_check >> >> HTTP/1.1 >> Host: login.X.net <http://login.X.net> >> HTTP/1.x 302 Moved Temporarily >> Location: >> >> https://login.X.net:443/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net >> >> >> >> - redirected to validate ticket >> >> https://login.X.net/sso/services/j_acegi_cas_security_check?ticket=ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net >> >> >> GET >> /sso/services/j_acegi_cas_security_check?ticket= >> ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net >> <http://ST-9-n5aW21CH9ASIqb9EcKk7nLJkBbDSBjctx9H-MACHINENAME.X.net> >> HTTP/1.1 >> Host: login.X.net:443 <http://login.X.net:443> >> HTTP/1.x 302 Moved Temporarily >> Location: http://login.X.net:443/sso/services/manage.html >> >> - redirected to non-HTTPS (but maintains :443 port entry) >> http://login.X.net:443/sso/services/manage.html >> GET /sso/services/manage.html HTTP/1.1 >> Host: login.X.net:443 <http://login.X.net:443> >> >> >> >> -- You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
