Kudos, A small difference in my testing URL generated a 404 instead of a 2xx/3xx. Thanks for the clarification.
-- Raymond Walker Software Systems Engineer StSp. ITS Northern Arizona University From: <Mace>, Mark Reply-To: "[email protected]<mailto:[email protected]>" Date: Friday, April 3, 2015 at 6:59 AM To: "[email protected]<mailto:[email protected]>" Subject: RE: [cas-user] CAS 4 Proxy Callback issue Another thing that we’ve recently ran into is an issue with firewall rules, the server that is requesting the Proxy Granting Ticket must be accessible from the CAS server. The CAS server initiates a connection back to the server requesting the PGT. From: Marvin Addison [mailto:[email protected]] Sent: Friday, April 03, 2015 9:53 AM To: [email protected]<mailto:[email protected]> Subject: Re: [cas-user] CAS 4 Proxy Callback issue From what I understand, the service registry property “allowedToProxy” should take care of this: There are few possible causes of that error code other than service registry permissions. Two things to check: 1. Proxy endpoint needs to return a 2xx or 3xx response. 2. Endpoint must present a TLS cert that is trusted by the CAS server. I would say #2 is the most common cause of proxy errors in general. M -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
