Michelle, Since it is constructing the `service` parameter that is used to make an HTTP GET against the CAS /login endpoint, you should use whatever site makes sense for the browser to redirected to. So, for example, if the app is behind a proxy, and somone trying to access the app uses 'https://aa.bb.edu' to access the site, then you ought to use the same for the `serverName`. The setting really just wants the netloc:
https://www.example.com:8443/path/to/some/resource ^^^^^ ^^^^^^^^^^^^^^^^^^^^ scheme This is the netloc! You can include the scheme, but the docs seem to indicate that only the netloc is used. Thanks, Carl ----- Original Message ----- From: "Michelle Zhang" <[email protected]> To: [email protected] Sent: Tuesday, September 9, 2014 10:00:19 AM Subject: Re: [cas-user] Redirect page after authenticated Seems now it redirected to the wrong page. I'm looking at the server name attribute under casClientConfig. Shall I use the webserver name ( webserver.bb.edu) here or the name of the website (https://aa.bb.edu)? According to https://wiki.jasig.org/display/casc/.net+cas+client - *serverName* REQUIRED Host name of the server hosting this application. This is used to generate URLs that will be sent to the CAS server for redirection. The CAS server must be able to resolve this host name. If your web application is behind a load balancer, SSL offloader, or any other type of device that accepts incoming requests on behalf of the web application, you will generally need to supply the public facing host name unless your CAS server is in the same private network as the application server. The protocol prefix is optional (http:// or https://). If you are using a non-standard port number, be sure to include it (i.e., server.school.edu:8443 or https://server.school.edu:8443). Do not include the trailing backslash. On Mon, Sep 8, 2014 at 4:41 PM, Michelle Zhang <[email protected]> wrote: > Thank you Carl! Do I need to add it as a class to my App_Code? or just > register it in web.config? > > Michelle > > On Mon, Sep 8, 2014 at 4:34 PM, Waldbieser, Carl <[email protected]> > wrote: > >> Michelle, >> >> I am looking at the source on GitHub: >> >> >> https://github.com/Jasig/dotnet-cas-client/blob/master/DotNetCasClient/CasAuthenticationModule.cs >> >> Thanks, >> Carl >> >> ----- Original Message ----- >> From: "Michelle Zhang" <[email protected]> >> To: [email protected] >> Sent: Monday, September 8, 2014 4:24:42 PM >> Subject: Re: [cas-user] Redirect page after authenticated >> >> Carl, where can I find DotNetCasClient/CasAuthenticationModule.cs? >> >> The only classes I included are DotNetCasAttributePrincipal.cs and >> DotNetCASClient.cs. >> >> If I just type in the path: >> >> https://CASServerName/cas/login?requesturl=https://myWebServerName/Account/login.aspx >> <https://CASServerName/cas/login?service=https://myWebServerName> >> >> I'm redirected to the "cas login successful" page. >> >> Just now I uncommentted this modules block in web.config file: >> <modules> >> <remove name="DotNetCasClient"/> >> <add name="DotNetCasClient" >> >> type="DotNetCasClient.CasAuthenticationModule,DotNetCasClient"/> >> </modules> >> >> And now after log in, it redirected me to one of my web pages, not the >> account/login.aspx. I'm thinking this is kind of a small step forward. >> Still need to figure out how to get the return url right. >> >> Thanks again, >> >> Michelle >> <https://CASServerName/cas/login?service=https://myWebServerName> >> >> On Mon, Sep 8, 2014 at 3:45 PM, Waldbieser, Carl <[email protected]> >> wrote: >> >> > Michelle, >> > >> > The source code file "DotNetCasClient/CasAuthenticationModule.cs" has >> some >> > comments that may partially explain why you are seeing "ReturnUrl" >> instead >> > of "service". It seems like the ASP.NET framework is not intercepting >> > the request as it is routed to FormsLoginUrl. Do you have debugging >> turned >> > on? That would probably help you determine what configuration you may >> be >> > missing. >> > >> > You can try hitting the CAS server directly with: >> > >> > https://CASServerName/cas/login?service=https://myWebServerName >> > >> > to see if service ticket validation is working. >> > >> > Thanks, >> > Carl >> > >> > ----- Original Message ----- >> > From: "Michelle Zhang" <[email protected]> >> > To: [email protected] >> > Sent: Monday, September 8, 2014 3:09:14 PM >> > Subject: Re: [cas-user] Redirect page after authenticated >> > >> > Carl, >> > >> > I made such change now: >> > <casClientConfig casServerLoginUrl="https://CASServerName/cas/login >> > <https://CASEServerName/cas>" >> > casServerUrlPrefix="https://CASServerName/cas >> > <https://CASEServerName/cas>" >> > serverName="https://myWebServerName >> > <https://CASEServerName/cas>" >> > notAuthorizedUrl="~/Failed.aspx" >> > cookiesRequiredUrl=" >> > https://myWebServerName/Account/Login.aspx"; >> > redirectAfterValidation="true" >> > renew="false" singleSignOut="true" >> > ticketValidatorName="Cas20" >> > serviceTicketManager="CacheServiceTicketManager"/> >> > >> > and still have the problem. >> > >> > Thanks again! >> > >> > Michelle >> > >> > >> > On Mon, Sep 8, 2014 at 3:01 PM, Waldbieser, Carl < >> [email protected]> >> > wrote: >> > >> > > Michelle, >> > > >> > > It looks like "serverName" in "casClientConfig" ought to be " >> > > https://myWebServerName";. From the instructions: >> > > >> > > Host name of the server hosting this application. This is used to >> > > generate URLs that will be sent to the CAS server for redirection. >> > > >> > > Thanks, >> > > Carl >> > > >> > > ----- Original Message ----- >> > > From: "Michelle Zhang" <[email protected]> >> > > To: [email protected] >> > > Sent: Monday, September 8, 2014 2:50:34 PM >> > > Subject: Re: [cas-user] Redirect page after authenticated >> > > >> > > Carl, >> > > >> > > Thank you for checking for me! I made the change, now the code in >> > > web.config shows: >> > > <authentication mode="Forms"> >> > > <forms loginUrl="https://CASServerName/cas/login >> > > <https://CASEServerName/cas>" timeout="30" >> > > defaultUrl="https://myWebServerName/Account/Login.aspx"; >> > > cookieless="UseCookies" >> > > slidingExpiration="true" >> > > path="/SPOT/" >> > > name=".ASPXFORMSAUTH"/> >> > > </authentication> >> > > >> > > Same to the casClientConfig: >> > > <casClientConfig casServerLoginUrl="https://CASServerName/cas/login >> > > <https://CASEServerName/cas>" >> > > casServerUrlPrefix="https://CASServerName/cas >> > > <https://CASEServerName/cas>" >> > > serverName="https://CASServerName >> > > <https://CASEServerName/cas>:8443" >> > > notAuthorizedUrl="~/Failed.aspx" >> > > cookiesRequiredUrl=" >> > > https://myWebServerName/Account/Login.aspx"; >> > > redirectAfterValidation="true" >> > > renew="false" singleSignOut="true" >> > > ticketValidatorName="Cas20" >> > > serviceTicketManager="CacheServiceTicketManager"/> >> > > >> > > When I upload and test again, nothing changed.... >> > > >> > > >> > > Michelle >> > > >> > > On Mon, Sep 8, 2014 at 2:42 PM, Waldbieser, Carl < >> [email protected] >> > > >> > > wrote: >> > > >> > > > Michelle, >> > > > >> > > > Shouldn't your loginUrl be "https://CASEServerName/cas/login";? >> > > > It should match the "casServerLoginUrl" in your "casClientConfig" >> > section >> > > > [1] >> > > > >> > > > Thanks, >> > > > Carl >> > > > >> > > > [1] https://wiki.jasig.org/display/casc/.net+cas+client >> > > > >> > > > ----- Original Message ----- >> > > > From: "Michelle Zhang" <[email protected]> >> > > > To: [email protected] >> > > > Sent: Monday, September 8, 2014 2:12:02 PM >> > > > Subject: Re: [cas-user] Redirect page after authenticated >> > > > >> > > > Dear Carl, >> > > > >> > > > Thank you very much for the reply! I do not see the "service" >> > parameter >> > > on >> > > > the URL. The URL is just showing as: >> > > > https://CASEServerName/cas/login?ReturnUrl=%2f >> > > > >> > > > In my web.config file, I have set the url in the "defaultUrl" >> > attribute: >> > > > >> > > > <authentication mode="Forms"> >> > > > <forms loginUrl="https://CASEServerName/cas"; timeout="30" >> > > > defaultUrl="https://myWebServerName/Account/Login.aspx >> " >> > > > cookieless="UseCookies" >> > > > slidingExpiration="true" >> > > > path="/SPOT/" >> > > > name=".ASPXFORMSAUTH"/> >> > > > <!--path="/ApplicationName/"--> >> > > > </authentication> >> > > > >> > > > Do you know where else should I set the service parameter? >> > > > >> > > > >> > > > Michelle >> > > > >> > > > >> > > > On Mon, Sep 8, 2014 at 2:05 PM, Waldbieser, Carl < >> > [email protected] >> > > > >> > > > wrote: >> > > > >> > > > > Michelle, >> > > > > >> > > > > When you are sent to the CAS login page, what is the value of the >> > > > > `service` parameter on the URL? That is the URL you will be >> > redirected >> > > > to >> > > > > on successful login. If that URL is *not* correct, your CAS >> client >> > is >> > > > > sending the wrong service parameter. >> > > > > >> > > > > If it is correct, you should check to see if your web app is >> > > redirecting >> > > > > from the service URL to the final URL. >> > > > > >> > > > > Thanks, >> > > > > Carl Waldbieser >> > > > > Lafayette College >> > > > > >> > > > > >> > > > > ----- Original Message ----- >> > > > > From: "Michelle Zhang" <[email protected]> >> > > > > To: [email protected] >> > > > > Sent: Monday, September 8, 2014 10:42:22 AM >> > > > > Subject: [cas-user] Redirect page after authenticated >> > > > > >> > > > > Hi there, >> > > > > >> > > > > I'm a .Net developer and now just started to work with CAS. I >> have >> > > made >> > > > > associate changes on the web.config files so now after I typed in >> the >> > > > url ( >> > > > > https://servername), I'm directed to the CAS log in page. After I >> > > logged >> > > > > in, I'm supposed to be redirected to my default page which >> specified >> > in >> > > > > web.config file: >> > > > > <files> >> > > > > <clear/> >> > > > > <add value="Account/Login.aspx"/> >> > > > > </files> >> > > > > However I am always being directed to the same "log in successful" >> > page >> > > > > with the url showing as: >> > > > > >> > > > > https://servername/cas/login?ReturnUrl=%2f >> > > > > >> > > > > Any suggestions? >> > > > > <[email protected]> >> > > > > >> > > > > -- >> > > > > You are currently subscribed to [email protected] as: >> > > > > [email protected] >> > > > > To unsubscribe, change settings or access archives, see >> > > > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > >> > > > > -- >> > > > > You are currently subscribed to [email protected] as: >> > > > > [email protected] >> > > > > To unsubscribe, change settings or access archives, see >> > > > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > >> > > > >> > > > >> > > > >> > > > -- >> > > > Michelle Zhang >> > > > Floyd Institute Center for Opinion Research >> > > > Franklin & Marshall College >> > > > P.O. Box 3003 >> > > > Lancaster PA 17604-3003 >> > > > Phone: (717) 358-4764 >> > > > [email protected] >> > > > >> > > > -- >> > > > You are currently subscribed to [email protected] as: >> > > > [email protected] >> > > > To unsubscribe, change settings or access archives, see >> > > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > >> > > > -- >> > > > You are currently subscribed to [email protected] as: >> > > > [email protected] >> > > > To unsubscribe, change settings or access archives, see >> > > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > >> > > >> > > >> > > >> > > -- >> > > Michelle Zhang >> > > Floyd Institute Center for Opinion Research >> > > Franklin & Marshall College >> > > P.O. Box 3003 >> > > Lancaster PA 17604-3003 >> > > Phone: (717) 358-4764 >> > > [email protected] >> > > >> > > -- >> > > You are currently subscribed to [email protected] as: >> > > [email protected] >> > > To unsubscribe, change settings or access archives, see >> > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >> > > -- >> > > You are currently subscribed to [email protected] as: >> > > [email protected] >> > > To unsubscribe, change settings or access archives, see >> > > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >> > >> > >> > >> > -- >> > Michelle Zhang >> > Floyd Institute Center for Opinion Research >> > Franklin & Marshall College >> > P.O. Box 3003 >> > Lancaster PA 17604-3003 >> > Phone: (717) 358-4764 >> > [email protected] >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> >> >> >> -- >> Michelle Zhang >> Floyd Institute Center for Opinion Research >> Franklin & Marshall College >> P.O. Box 3003 >> Lancaster PA 17604-3003 >> Phone: (717) 358-4764 >> [email protected] >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > -- > Michelle Zhang > Floyd Institute Center for Opinion Research > Franklin & Marshall College > P.O. Box 3003 > Lancaster PA 17604-3003 > Phone: (717) 358-4764 > [email protected] > -- Michelle Zhang Floyd Institute Center for Opinion Research Franklin & Marshall College P.O. Box 3003 Lancaster PA 17604-3003 Phone: (717) 358-4764 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
