Re: [cas-user] Configure CAS 4 to redirect back to client

Wed, 12 Nov 2014 08:29:47 -0800 

Did you add this to your pom.xml?

|<dependency>
  <groupId>org.jasig.cas</groupId>
  <artifactId>cas-server-support-saml</artifactId>
  <version>${cas.version}</version>
</dependency>

It should resolve all of the dependencies necessary for providing SAML support. 
You should need to manually add any jar files.
|



On 11/12/14 6:53 AM, Pitonyak, Andrew D wrote:
>
> OK, I finally found the problem…
>
>  
>
> First, I had not configured as specified in the link below.
>
>  
>
> Second, the default installation does not include the required JAR
> files to support SAML.
>
>  
>
> I added the jars for open SAML and also for cas-server-support-saml.
>
>  
>
> Now I redirect back to my client application. Most of the error logs
> were in a log file I was not inspecting.
>
>  
>
>  
>
> *From:*John Gasper [mailto:[email protected]]
> *Sent:* Monday, November 10, 2014 12:01 PM
> *To:* [email protected]
> *Subject:* Re: [cas-user] Configure CAS 4 to redirect back to client
>
>  
>
> OK, you are using the SAML 1.1 protocol support. Did you wire in the
> saml11 support in the spring-configuration/
> argumentExtractorsConfiguration.xml? See,
> http://jasig.github.io/cas/4.0.0/protocol/SAML-Protocol.html, SAML
> Argument Extractor.
>
>
> ---
> *John Gasper*
> IAM Consultant
> Unicon, Inc.
> PGP/GPG Key: 0xbafee3ef
>
> On 11/10/14 8:38 AM, Pitonyak, Andrew D wrote:
>
>     While navigating to the login page, I have the following:
>
>      
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html
>
>      
>
>     After login, I have the following:
>
>      
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=8D94A04A840871AC67C9885A70239DDD?TARGET=http%3a%2f%2flocalhost%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html
>
>      
>
>     I even tried changing my server name (for the client) and I have
>     these:
>
>      
>
>     While redirecting TO CAS:
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html
>
>      
>
>     While login page is displayed:
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html
>
>      
>
>     After I login and am looking at the CAS page that says “hey, you
>     logged in”
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http%3a%2f%2fpitonyakvm-02%3a60503%2fauth%2flogin%3fp%3d%252FCM2S.html
>
>      
>
>      
>
>     A single URL decode yields this (more readable)
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/cas/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html
>
>     
> https://pitonyakvm-02:8443/cas-server-webapp-4.0.0/login;jsessionid=B5AF217DBCC7AC3E364E29E524D1C8B4?TARGET=http://pitonyakvm-02:60503/auth/login?p=%2FCM2S.html
>
>      
>
>     Of course, that final parameter decodes to /CM2S.html (not that it
>     probably matters).
>
>      
>
>      
>
>     *From:*John Gasper [mailto:[email protected]]
>     *Sent:* Monday, November 10, 2014 11:22 AM
>     *To:* [email protected] <mailto:[email protected]>
>     *Subject:* Re: [cas-user] Configure CAS 4 to redirect back to client
>
>      
>
>     Hi Andrew,
>
>     What's the service= querystring parameter look like when you are
>     sitting at the CAS login page after your client redirected you to
>     CAS Server?
>
>
>     ---
>     *John Gasper*
>     IAM Consultant
>     Unicon, Inc.
>     PGP/GPG Key: 0xbafee3ef
>
>     On 11/10/14 7:58 AM, Pitonyak, Andrew D wrote:
>
>          
>
>         I have a .NET client that uses CAS single sign on. When I hit
>         CAS 3.x setup by someone else, I redirect to CAS, authenticate
>         to CAS and then redirect back to my site.
>
>          
>
>         I setup a CAS 4 server on my local machine to test in development.
>
>          
>
>         In Windows, I installed tomcat 8.0.14 (the latest).
>
>         I then auto-deployed CAS mostly out-of-the box no changes made
>         from the original
>
>          
>
>         I can navigate directly to the site and login using the
>         default “casuser / Mellon” credentials. (note that my machine
>         name is pitonyakvm-02 and everything is running locally for
>         this test).
>
>          
>
>         https://pitonyakvm-02:8443
>         <https://pitonyakvm-02:8443/>/cas-server-webapp-4.0.0/login
>         <http://localhost:8080/cas-server-webapp-4.0.0/login>
>
>          
>
>         When I use my client to login, it properly redirects to CAS,
>         CAS shows the login page, I use the default credentials, I am
>         then told that I authenticated but I do not redirect back to
>         my client.
>
>          
>
>         Did I miss a simple property that tells CAS to redirect back
>         after login rather than simply showing the screen that tells
>         me that I successfully authenticated?
>
>          
>
>         I assume that my client is sending the correct things since I
>         am able to hit the 3.x version, login, and redirect back
>         correctly. In this case, CAS is external to my machine.
>
>          
>
>         My first thought is that I need to change something in the
>         login-webflow.xml, but I thought that it was configured by
>         default to redirect. Is it possible that tomcat deploys by
>         default to not allow redirections?
>
>          
>
>          
>
>          
>
>         *Andrew D. Pitonyak*
>
>         Principal Research Scientist
>
>         Health & Analytics
>
>         505 King Avenue, Columbus, OH 43201
>
>         P: 614-424-5252
>
>          
>
>         -- 
>
>         You are currently subscribed to [email protected] 
> <mailto:[email protected]> as: [email protected] 
> <mailto:[email protected]>
>
>         To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>      
>
>      
>
>     -- 
>
>     You are currently subscribed to [email protected] 
> <mailto:[email protected]> as: [email protected] 
> <mailto:[email protected]>
>
>     To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>     -- 
>
>     You are currently subscribed to [email protected] 
> <mailto:[email protected]> as: [email protected] 
> <mailto:[email protected]>
>
>     To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>  
>
>  
> -- 
> You are currently subscribed to [email protected] 
> <mailto:[email protected]> as: [email protected] 
> <mailto:[email protected]>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to