OK, you are using the SAML 1.1 protocol support. Did you wire in the saml11 support in the spring-configuration/ argumentExtractorsConfiguration.xml? See, http://jasig.github.io/cas/4.0.0/protocol/SAML-Protocol.html, SAML Argument Extractor.
--- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 11/10/14 8:38 AM, Pitonyak, Andrew D wrote: > > While navigating to the login page, I have the following: > > > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html > > > > After login, I have the following: > > > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=8D94A04A840871AC67C9885A70239DDD?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html > > > > I even tried changing my server name (for the client) and I have these: > > > > While redirecting TO CAS: > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html > > > > While login page is displayed: > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html > > > > After I login and am looking at the CAS page that says “hey, you > logged in” > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html > > > > > > A single URL decode yields this (more readable) > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html > > https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html > > > > Of course, that final parameter decodes to /CM2S.html (not that it > probably matters). > > > > > > *From:*John Gasper [mailto:[email protected]] > *Sent:* Monday, November 10, 2014 11:22 AM > *To:* [email protected] > *Subject:* Re: [cas-user] Configure CAS 4 to redirect back to client > > > > Hi Andrew, > > What's the service= querystring parameter look like when you are > sitting at the CAS login page after your client redirected you to CAS > Server? > > > --- > *John Gasper* > IAM Consultant > Unicon, Inc. > PGP/GPG Key: 0xbafee3ef > > On 11/10/14 7:58 AM, Pitonyak, Andrew D wrote: > > > > I have a .NET client that uses CAS single sign on. When I hit CAS > 3.x setup by someone else, I redirect to CAS, authenticate to CAS > and then redirect back to my site. > > > > I setup a CAS 4 server on my local machine to test in development. > > > > In Windows, I installed tomcat 8.0.14 (the latest). > > I then auto-deployed CAS mostly out-of-the box no changes made > from the original > > > > I can navigate directly to the site and login using the default > “casuser / Mellon” credentials. (note that my machine name is > pitonyakvm-02 and everything is running locally for this test). > > > > https://pitonyakvm-02:8443 > <https://pitonyakvm-02:8443/>/cas-server-webapp-4.0.0/login > <http://localhost:8080/cas-server-webapp-4.0.0/login> > > > > When I use my client to login, it properly redirects to CAS, CAS > shows the login page, I use the default credentials, I am then > told that I authenticated but I do not redirect back to my client. > > > > Did I miss a simple property that tells CAS to redirect back after > login rather than simply showing the screen that tells me that I > successfully authenticated? > > > > I assume that my client is sending the correct things since I am > able to hit the 3.x version, login, and redirect back correctly. > In this case, CAS is external to my machine. > > > > My first thought is that I need to change something in the > login-webflow.xml, but I thought that it was configured by default > to redirect. Is it possible that tomcat deploys by default to not > allow redirections? > > > > > > > > *Andrew D. Pitonyak* > > Principal Research Scientist > > Health & Analytics > > 505 King Avenue, Columbus, OH 43201 > > P: 614-424-5252 > > > > -- > > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
