Thanks for response. Yes, this what is happening - my CAS server is authenticating successfully and redirecting back to the CAS client. I'm just struggling to find the reason why the CAS client is not validating. The logs aren't showing any errors. Thanks Lee
On Monday, 1 July 2013 11:17:34 UTC+1, Michael Wechner wrote: > > Hi > > I also used to have an infinite loop and the reason was, that my webapp > was not able to validate the ticket (for whatever reason) and hence kept > redirecting the user to CAS, but because the authentication was already > successful (at the very first redirect), CAS just redirected back to the > webapp (based on the service URL) and hence the infinite loop was created. > > HTH somehow > > Michael > > Am 01.07.13 12:00, schrieb Lee Flaxington: > > Hello > > > > I would appreciate some help if possible. > > > > I am currently trying to integrate the Ehour timesheet management tool > with CAS single sign on on Ubuntu. > > I have got this working in the Ehour dev environment i.e I can run and > debug Ehour within an IntelliJ-IDEA dev environment which uses Jetty as the > web server hosting the CAS client. Within this environment I can logon to > the Ehour URL, get redirected to the CAS server, enter my credentials and > then get redirected with ticket back to Ehour and then successfully > navigate the web site as a CAS authorised user - all good. > > > > When I subsequently try to deploy Ehour into a Tomcat web server I get > an 'infinite loop' where the CAS client keeps requesting a ticket from the > CAS server (the CAS server is exactly the same one as used in the working > development environment). I have set Log4j to debug logging but the logs > are not showing any specific error other than just keeps repeating 'An > Authentication object was not found in the SecurityContext'. > > > > I initially thought it must be something to do with the ssl certificate > setup and have tried various ways of creating & self signing certs > (keytool, openssl, portecle etc) as per the info available. I have also > moved Ehour (Cas client) to within a different instance of Tomcat and also > changed computer/domain name (relevant for certificate CN) but all to no > avail. > > > > If the logs from the working dev environment are compared to the non > working Tomcat deployment the working CAS server log shows: > > > > ACTION: AUTHENTICATION_SUCCESS > > ACTION: TICKET_GRANTING_TICKET_CREATED > > ACTION: SERVICE_TICKET_CREATED > > ACTION: SERVICE_TICKET_VALIDATED > > > > but when using Tomcat for the CAS client the CAS server log shows: > > > > ACTION: AUTHENTICATION_SUCCESS > > ACTION: TICKET_GRANTING_TICKET_CREATED > > ACTION: SERVICE_TICKET_CREATED > > ACTION: SERVICE_TICKET_CREATED > > ACTION: SERVICE_TICKET_CREATED > > ACTION: SERVICE_TICKET_CREATED.. > > loops here.. > > > > and never gets to ACTION: SERVICE_TICKET_VALIDATED > > > > This is my first attempt at using CAS so I may be missing something > obvious but I am now struggling to find a resolution. I have attached all > the logs both from the good and bad deployments (both CAS & Ehour). > > > > Any pointers in the right direction would be greatly appreciated.Thanks. > > > > Attachments: > > CAS_SERVER_GOOD_DEV.txt = CAS server log when using Ehour in > IntelliJ-IDEA dev environment with Jetty web server hosting CAS client > > EHOUR_JETTY_GOOD_DEV.txt = CAS client log when using Ehour in > IntelliJ-IDEA dev environment with Jetty web server hosting CAS client > > > > CAS_SERVER_BAD.txt = CAS server log when using Ehour (CAS client) in > Tomcat instance > > EHOUR_TOMCAT_BAD.txt = CAS client log when using Ehour (CAS client) in > Tomcat instance > > > > > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
