You should make sure your application trusts the CAS certificate.
On Tue, Mar 2, 2010 at 11:33 AM, deatnnia <[email protected]> wrote: > Hi, > > I'm trying to configure CAS Server 3.3.5 in a Tomcat 6, and use it through > Soulwing CAS client, so I can get Container managed role control. > > The first thing I've tried was using the same server for both CAS and Web > Aps. I've configured CAS over HTTP protocol, and used Domino LDAP as a > back-end user repository. > > When everything its supposed to be right, I try to access an securized > resource, and as expected, the login form appears. After entering > credencials, it gets redirected to the right url, and every other "secure" > request under this app, works fine. > > THE PROBLEM: If I try another app, secured in the same way. I'm requested > for authentication again, so NO SSO is used at all. > > ==================== > > Thinking that it may be an issue of not using SSL, I've configured Tomcat > to use it (tested and woking with auto-certificate), reconfigured the client > so it uses https, but now my problem is that, after correctly validated the > user the browswer enters in an "infinite loop" of request redirection. I've > tested it in IE an FF. > > In the tomcat log, I can see this: > > 2010-03-02 17:04:11,772 INFO > [org.jasig.cas.authentication.AuthenticationManager > Impl] - <AuthenticationHandler: > org.jasig.cas.adaptors.ldap.BindLdapAuthenticati > onHandler successfully authenticated the user which provided the following > crede > ntials: [username: dclemente]> > 2010-03-02 17:04:11,773 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-147-9UIjuNdVBQXsuWywhpgB-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,791 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-148-KYrbLJL2xsH572sGz2Qp-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,804 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-149-Ui7fmD9J6IWRfIcuEhh4-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,817 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-150-rUL3WsVwdod5lQDANtbU-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,830 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-151-pb7zHhtIYdtvgbHoxRQz-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,844 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-152-pHJZoXdqJaYANmsajphg-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,861 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-153-qcxfYJXjIkdBe5DwfECK-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,879 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-154-GzdDhkldSVhW1myN9Ed1-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,893 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-155-06wlAtPMdNFpcd59T4Qa-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,906 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-156-CnVxJfzaaKZ0qbudmMVH-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > 2010-03-02 17:04:11,919 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - > <Granted service ticket [ST-157-7nP90VuYLfbekhMYgWKY-cas] for service [ > http://lo > calhost:8080/PruebaSeguridadSSO/privado/hola.jsp] for user [dclemente]> > > > ===================== > > Any idea? > > Thanks a lot for your help. > > And, please, forgive-me for my poor english. > > Bye. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
