I forgot to mention that when CAS is running just over HTTP, everything works well. Why would HTTPS be causing problems? Could it be that cookies are not being set properly over SSL?
I am keen to hear any ideas, as I really don't know how to proceed with this. Thanks On 8 April 2010 14:40, Venn Hardy <[email protected]> wrote: > I am trying to get CAS working on my organisation's intranet over SSL. I > have installed the certificate on the apache HTTPD server, and am rewriting > any incoming http://logon.company.org.au/cas/login url as > https://logon.company.org.au/cas/login. The CAS authentication part is > working, however, the redirect to the client application is not. > > Firstly, a bit of background on the current setup. I have CAS 3.3.2 running > on Apache Tomcat 6 and Java 6.0 update 19. Apache HTTPD server sits in front > of tomcat and proxies requests through to port 8080 like this: > <Location /cas> > Options +FollowSymlinks > Order Deny,Allow > Allow from All > > RewriteEngine on > RewriteBase /cas/ > > RewriteCond %{HTTP_HOST} > !((^\d+\.\d+\.\d+\.\d+$)|(^([a-z0-9-_]+\.)company\.org\.au$)) [NC] > RewriteRule ^(.*)$ > http://logon.company.org.au%{REQUEST_URI} > [R,NE] > > ProxyPass http://localhost:8080/cas/ > ProxyPassReverse http://localhost:8080/cas/ > </Location> > > When I add the HTTPS redirect like this, things start breaking: > <Location /cas> > Options +FollowSymlinks > Order Deny,Allow > Allow from All > > RewriteEngine on > RewriteBase /cas/ > > RewriteCond %{HTTP_HOST} > !((^\d+\.\d+\.\d+\.\d+$)|(^([a-z0-9-_]+\.)company\.org\.au$)) [NC] > RewriteRule ^(.*)$ > http://logon.company.org.au%{REQUEST_URI} > [R,NE] > RewriteCond %{SERVER_PORT} ^80$ > RewriteRule ^(.*)$ > https://logon.company.org.au%{REQUEST_URI} > [L,R,NE] > > ProxyPass http://localhost:8080/cas/ > ProxyPassReverse http://localhost:8080/cas/ > </Location> > > The certificate is installed correctly, and the > https://logon.company.org.au/cas/login link works well. > > However when a client application (a java web app using spring security) > accesses CAS, the redirect back to the application fails with this error. > Does anyone know how I can troubleshoot this further. Or can anyone provide > some advice on how to get CAS working over HTTPS with a Apache HTTPD reverse > proxy and Apache tomcat server. > > Thanks > > SEVERE: org.xml.sax.SAXParseException: White spaces are required between > publicId and systemId. > org.xml.sax.SAXParseException: White spaces are required between publicId > and systemId. > at > org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Lorg.apache.xerces.xni.parser.XMLParseException;)Lorg.xml.sax.SAXParseException;(Unknown > Source) > at > org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Ljava.lang.String;Ljava.lang.String;Lorg.apache.xerces.xni.parser.XMLParseException;)V(Unknown > Source) > at > org.apache.xerces.impl.XMLErrorReporter.reportError(Lorg.apache.xerces.xni.XMLLocator;Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;S)V(Unknown > Source) > at > org.apache.xerces.impl.XMLErrorReporter.reportError(Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;S)V(Unknown > Source) > at > org.apache.xerces.impl.XMLScanner.reportFatalError(Ljava.lang.String;[Ljava.lang.Object;)V(Unknown > Source) > at > org.apache.xerces.impl.XMLScanner.scanExternalID([Ljava.lang.String;Z)V(Unknown > Source) > at > org.apache.xerces.impl.XMLDocumentScannerImpl.scanDoctypeDecl()Z(Unknown > Source) > at > org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Z)Z(Unknown > Source) > at > org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Z)Z(Unknown > Source) > at org.apache.xerces.parsers.XML11Configuration.parse(Z)Z(Unknown > Source) > at > org.apache.xerces.parsers.XML11Configuration.parse(Lorg.apache.xerces.xni.parser.XMLInputSource;)V(Unknown > Source) > at > org.apache.xerces.parsers.XMLParser.parse(Lorg.apache.xerces.xni.parser.XMLInputSource;)V(Unknown > Source) > at > org.apache.xerces.parsers.AbstractSAXParser.parse(Lorg.xml.sax.InputSource;)V(Unknown > Source) > at > org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:150) > at > org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:77) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188) > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
