I'm using the dotnet cas with mvc3 (.net4), and monitoring the CAS logs and fiddler, everything appears to authenticate fine from the primary cas server. I see the ticket come back, the user info etc. But when it sends me back to my site, it's as if I'm still not authenticated, so it gets another ticket (each ticket is valid and has its own incremented/unique number), returns to my site, cas still doesn't process the ticket, so it repeats, ending in a redirect loop that the browser detects and kills.
This (from the documentation) is apparently where it fails: "Assume the ticket validates successfully. The CasAuthenticationModule sets the context.User and Thread.CurrentPrincipal to a CasPrincipal for the current request. It also drops a FormsAuthenticationCookie containing a FormsAuthenticationTicket to the client which will be detected by the CasAuthenticationModule and used to authenticate subsequent requests. The MVC RequestHandler executes. This time, the [Authorize] attribute passes the test" My protected mvc controllers do simply have an [Authorize] tag on them. There are commercial SSLs on both sides, and my client site is on the same network as the CAS system. My client CAS logs showing ticket creation and loop below, anyone have any ideas? DotNetCasClient.Protocol Verbose: 3237 : Ticket validation response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>u3468</cas:user> <!-- Begin Ldap Attributes --> <cas:attributes> <cas:uid>u3468</cas:uid> <cas:mail>[email protected]</cas:mail> <cas:username>u3468</cas:username> <cas:sn>Test</cas:sn> <cas:givenName>U3468</cas:givenName> <cas:memberOf>cn=allUsers,u3468</cas:memberOf> <cas:alluserrole>cn=allUsers,u3468</cas:alluserrole> </cas:attributes> <!-- End Ldap Attributes --> </cas:authenticationSuccess> </cas:serviceResponse> DateTime=2012-12-18T21:32:53.7639627Z DotNetCasClient.Protocol Verbose: 3237 : Creating FormsAuthenticationTicket for ST-207-TJFiTssqFTT5CiUkbEHL-idpdev.111111.edu DateTime=2012-12-18T21:32:53.9182804Z DotNetCasClient.HttpModule Information: 3237 : Redirecting from login callback DateTime=2012-12-18T21:32:53.9309775Z DotNetCasClient.HttpModule Information: 3237 : Redirecting to CAS Login Page DateTime=2012-12-18T21:32:53.9475814Z DotNetCasClient.Protocol Information: 3237 : Redirecting to https://idpdev.111111.edu/cas/login?service=https%3a%2f%2ftest.mysite.com%2finstructor%2findex DateTime=2012-12-18T21:32:53.9475814Z DotNetCasClient.HttpModule Information: 3237 : Processing Proxy Callback request DateTime=2012-12-18T21:32:54.0237640Z DotNetCasClient.Protocol Verbose: 3237 : Constructed validation URL https://idpdev.111111.edu/cas/serviceValidate?service=https%3a%2f%2ftest.mysite.com%2finstructor%2findex&ticket=ST-208-fzG1kpaoSQ3d5WlgfhjS-idpdev.111111.edu DateTime=2012-12-18T21:32:54.0237640Z DotNetCasClient.Protocol Verbose: 3237 : Ticket validation response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>u3468</cas:user> ...continues the same loop until browser notices and quits. In fiddler, I can also see a) my secure page being hit, b) the call out to the CAS server, c) the return hit to my side with the ticket in the querystring, but it simply repeats. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
