Perhaps Something is missing from the CAS authentication filter configuration of the facade resource that redirects to CAS. You are missing the "service" parameter from the CAS login url which is why you're not redirected back. The correct url should look similar to this:
https://sso-test.stsci.edu/cas/login?service=<idp-host-name>/ casauth/facade/norenew?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback with better url encoding of course. The idea is that the authentication filter of the protected resource (facade) would intercept the request, and redirects you back to CAS with the full url (similar to what I have above) turning into the service parameter. That is not happening. -Misagh ----- Original Message ----- From: "Dan Deighton" <[email protected]> To: [email protected] Sent: Monday, October 28, 2013 12:26:15 PM Subject: Re: [cas-user] Redirect problem with CAS, Shibboleth and shib-cas-authenticator https://sso-test.stsci.edu/cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback On 28 Oct 2013, at 15:24, Misagh Moayyed wrote: > When you arrive at the CAS login page, what is the full URL you see in > the browser's address bar? > > > -Misagh > ----- Original Message ----- > > From: "Dan Deighton" <[email protected]> > To: [email protected] > Sent: Monday, October 28, 2013 11:40:13 AM > Subject: [cas-user] Redirect problem with CAS, Shibboleth and > shib-cas-authenticator > > > > I have a working installation of Shibboleth with CAS as the frontend > for authentication using the REMOTE_USER method as described here: > https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration > I am trying to convert my setup to use Unicon's > shib-cas-authenticator. I have configured the connector as per the > README, but I must be missing something. I get redirected from the SP > to the Shibboleth IdP, then to casauth, then to CAS. I'm able to log > into CAS, but I never get redirected back to the IdP. > The relevant web requests are here: GET > /idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZJdT4MwGIX%2FCuk9FIrT0QySuV24ZCo… > > HTTP/1.1" 302 - > GET /idp/AuthnEngine HTTP/1.1" 302 - > GET > /casauth/facade/norenew?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback > > HTTP/1.1" 302 - > GET > /cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback > HTTP/1.1" 200 4592 > POST > /cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback > HTTP/1.1" 200 2123 > I'm not sure why I don't get redirected back from CAS. Any guidance > would be extremely helpful. > Thanks, > -Dan -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
