Hi Oswald, It is indeed an interesting issue, and I'd expect the redirect to occur here. It sounds like several others are having the same issue, I'm wondering if there is a bug the SAML redirect in CAS Server 4.0.
-J- On 9/17/14 7:25 PM, Oswald Lu wrote: > Hi, John, > > Thanks again for your help. Here are the information you request: > 1. The service url: > http://intrat.compid.com.tw/MIS/DS/DS_GRoller_WebSite/DSR1/DSAOR1.aspx > > 2. The url after redirected to the login page: > https://cas.compid.com.tw:8443/cas/login?TARGET=http%3a%2f%2fintrat.compid.com.tw%2fMIS%2fDS%2fDS_GRoller_WebSite%2fDSR1%2fDSAOR1.aspx > > 3. After successful login, it does not redirect to the original > service url. > > 4. The web.config session: > <casClientConfig > casServerLoginUrl="https://cas.compid.com.tw:8443/cas/login"; > casServerUrlPrefix="https://cas.compid.com.tw:8443/cas/"; > serverName="intrat.compid.com.tw" > notAuthorizedUrl="~/NotAuthorized.aspx" > redirectAfterValidation="true" > renew="false" > singleSignOut="true" > ticketValidatorName="Saml11" > serviceTicketManager="CacheServiceTicketManager" /> > > <authentication mode="Forms"> > <forms > loginUrl="https://cas.compid.com.tw:8443/cas/login"; > timeout="30" > defaultUrl="~/Default.aspx" > cookieless="UseCookies" > slidingExpiration="true" > path="/" /> > </authentication> > <authorization> > <deny users="?"/> > </authorization> > > 5. The redirection works if I change ticketValidatorName="Saml11" back > to ticketValidatorName="Cas20". > > Oswald. > > > > John Gasper於 2014年9月16日星期二UTC+8下午10時20分57秒寫道: > > Hi Oswald, > > It would be helpful if you passed along the url that you are > seeing. More helpful would be to turn on the browser's network > monitor and and pass long the various page loads and redirected urls. > > Without more information, I'm just making a guess at what might be > the issue. Does your <authentication> element in the web.config > look like this example (particularly the loginUrl)? > > |<||authentication| |mode||=||"Forms"||>| > | ||<||forms| > | ||loginUrl||=||"https://server.example.com/cas/login"; > <https://server.example.com/cas/login>| > | ||timeout||=||"30"| > | ||defaultUrl||=||"~/Default.aspx"| > | ||cookieless||=||"UseCookies"| > | ||slidingExpiration||=||"true"| > | ||path||=||"/ApplicationName/"| |/>| > | ||</||authentication||>| > > John > > --- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > On 9/15/14 7:23 PM, Oswald Lu wrote: >> Hi, >> >> Thank Carl for the information. >> I use a sample .NET client to test. I change the >> ticketValidatorName="Cas20" to ticketValidatorName="Saml11" >> in <casClientConfig> of <configuration> of web.config. >> The unauthenticated application redirected me to the login page >> with url >> with the "TARGET=" querystring parameter. >> After login, the page shows login successful with no error, but >> it does >> not redirect me to the application, just exactly like what >> Dheeraj mentioned. >> Anyone have idea about how to solve this issue? Thanks. >> >> Oswald >> >> -- >> You are currently subscribed to [email protected] <javascript:> >> as: [email protected] <javascript:> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> <http://www.ja-sig.org/wiki/display/JSG/cas-user> > > -- > You are currently subscribed to [email protected] <javascript:> as: > [email protected] <javascript:> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
