That shouldn’t be necessary. The service parameter should be “dynamically” built on the fly. I’d encourage you to file an issue against the shib-CAS-authenticator github project, posting all relevant configuration and server details. We’ll take it from there.
-Misagh From: Dan Deighton [mailto:[email protected]] Sent: Monday, November 04, 2013 4:07 PM To: [email protected] Subject: Re: [cas-user] Redirect problem with CAS, Shibboleth and shib-cas-authenticator Misagh, I went through the CAS authentication filters in the web.xml file for cas-authentication-facade. Everything looks consistent with the examples from the README.md file. I also checked the web.xml file for the idp and all of the settings look fine. Unfortunately, the service parameter is still not being set with the redirection from casauth to the CAS login page. When I start up tomcat, I do see this log entry in catalina.out: Nov 04, 2013 6:03:14 PM org.jasig.cas.client.util.AbstractConfigurationFilter getPropertyFromInitParams INFO: Property [service] not found. Using default value [null] Is there something else that I need to configure to make sure the service parameter gets set? Thanks again for any help. -Dan On 29 Oct 2013, at 13:11, Dan Deighton wrote: Misagh, Thank you for the guidance. That makes sense. You have given me a good direction to investigate. -Dan On 28 Oct 2013, at 15:49, Misagh Moayyed wrote: Perhaps Something is missing from the CAS authentication filter configuration of the facade resource that redirects to CAS. You are missing the "service" parameter from the CAS login url which is why you're not redirected back. The correct url should look similar to this: https://sso-test.stsci.edu/cas/login?service=/ casauth/facade/norenew?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback with better url encoding of course. The idea is that the authentication filter of the protected resource (facade) would intercept the request, and redirects you back to CAS with the full url (similar to what I have above) turning into the service parameter. That is not happening. -Misagh ----- Original Message ----- From: "Dan Deighton" [email protected] To: [email protected] Sent: Monday, October 28, 2013 12:26:15 PM Subject: Re: [cas-user] Redirect problem with CAS, Shibboleth and shib-cas-authenticator https://sso-test.stsci.edu/cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback On 28 Oct 2013, at 15:24, Misagh Moayyed wrote: When you arrive at the CAS login page, what is the full URL you see in the browser's address bar? -Misagh ----- Original Message ----- From: "Dan Deighton" [email protected] To: [email protected] Sent: Monday, October 28, 2013 11:40:13 AM Subject: [cas-user] Redirect problem with CAS, Shibboleth and shib-cas-authenticator I have a working installation of Shibboleth with CAS as the frontend for authentication using the REMOTE_USER method as described here: https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration I am trying to convert my setup to use Unicon's shib-cas-authenticator. I have configured the connector as per the README, but I must be missing something. I get redirected from the SP to the Shibboleth IdP, then to casauth, then to CAS. I'm able to log into CAS, but I never get redirected back to the IdP. The relevant web requests are here: GET /idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZJdT4MwGIX%2FCuk9FIrT0QySuV24ZCo… HTTP/1.1" 302 - GET /idp/AuthnEngine HTTP/1.1" 302 - GET /casauth/facade/norenew?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback HTTP/1.1" 302 - GET /cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback HTTP/1.1" 200 4592 POST /cas/login?idp=https://sso-test.stsci.edu/idp/externalAuthnCallback HTTP/1.1" 200 2123 I'm not sure why I don't get redirected back from CAS. Any guidance would be extremely helpful. Thanks, -Dan -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
