I have configured Tomcat Container Authentication following these instructions: https://wiki.jasig.org/display/CASC/Tomcat+Container+Authentication.
Note: I'm testing so my web application and CAS are co-located on the same Tomcat instance I have things partially working but need some guidance on a problem I'm seeing. Here is the scenario: 1. Enter URL for my application i.e. https://localhost:8443/moodle.webapp/ 2. Browser is redirected to https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%2Fmoodle.webapp%2F 3. Note: The service parameter is wrong i.e. missing the port number 4. I can authenticate using CAS but redirect fails 5. I tried changing the serverName for the Cas20CasAuthenticator valve to include the port, this fixes the redirect issue but now I get this error: HTTPS hostname wrong: should be <localhost> Cas20CasAuthenticator valve looks like this <Valve className="org.jasig.cas.client.tomcat.v7.Cas20CasAuthenticator" encoding="UTF-8" casServerLoginUrl="https://localhost:8443/cas/login"; casServerUrlPrefix="https://localhost:8443/cas/"; serverName="localhost:8443 or localhost" /> Any suggestions on what might be happening? Thanks Mark *Log for the redirect failure case* 2013-09-06 16:17:38,993 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: fadams] WHAT: supplied credentials: [username: fadams] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Fri Sep 06 16:17:38 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2013-09-06 16:17:38,995 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: fadams] WHAT: TGT-1-b4u0O3tPYC3bWVjUbgCkxP4Uugecx3rQzkfrHzJBBsdFMarZhY-localhost ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Sep 06 16:17:38 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2013-09-06 16:17:38,998 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-mqjWTLCVxMGygs5Lx5wu-localhost] for service [ https://localhost/moodle.webapp/] for user [fadams]> 2013-09-06 16:17:38,998 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: fadams WHAT: ST-1-mqjWTLCVxMGygs5Lx5wu-localhost for https://localhost/moodle.webapp/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Sep 06 16:17:38 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2013-09-06 16:17:40,863 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-2-UZbKY2msbq7s7Dt7cdt0-localhost] for service [ https://localhost/moodle.webapp/] for user [fadams]> 2013-09-06 16:17:40,864 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: fadams WHAT: ST-2-UZbKY2msbq7s7Dt7cdt0-localhost for https://localhost/moodle.webapp/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Sep 06 16:17:40 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= *Log for the hostname wrong case* 2013-09-06 16:13:57,700 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: fadams] WHAT: supplied credentials: [username: fadams] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Fri Sep 06 16:13:57 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2013-09-06 16:13:57,702 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [username: fadams] WHAT: TGT-1-BCaWxbgGjPFQBYRMvPseEZvcuaZpCdsj4wD9nKDbGWKY7fc53Z-localhost ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Sep 06 16:13:57 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2013-09-06 16:13:57,706 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-1-RzUlHIer7mmxnqgh2Vha-localhost] for service [ https://localhost:8443/moodle.webapp/] for user [fadams]> 2013-09-06 16:13:57,706 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: fadams WHAT: ST-1-RzUlHIer7mmxnqgh2Vha-localhost for https://localhost:8443/moodle.webapp/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Sep 06 16:13:57 BST 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 06-Sep-2013 16:13:57 org.jasig.cas.client.util.CommonUtils getResponseFromServer SEVERE: HTTPS hostname wrong: should be <localhost> Throwable occurred: java.io.IOException: HTTPS hostname wrong: should be <localhost> at com.ibm.net.ssl.www2.protocol.https.c.b(c.java:79) -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
