Is the ticket validation failing? Turning on DEBUG on the cas server should indicate what's happening (also on the client side). Your client might be incorrectly configured and redirecting if there is a ticket failure.
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Dec 17, 2008 at 10:36 AM, Iikku Mattila <[email protected]>wrote: > Thanks for the https tip! I changed my setup a bit, but only encountered > new problems. I now have Apache frontend with mod_ssl proxying requests > from https://example.com/ to ajp://localhost:8009/, which is where > tomcat is answering. > > Now https://example.com/jira/ is redirected to the cas login screen, > where user enters correct username&password and here it gets > interesting: instead of logging in, the request goes into an endless loop. > > Apache access_log alternates between > > "GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 - "... > "GET > /cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F > HTTP/1.1" 302 - "... > > and tomcat's catalina.out says > INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service > ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service > [https://example.com/jira/] for user [me]> > about a ten times - which is when firefox stops the redirection cycle. > > Retrying https://example.com/jira/ enters the redirection cycle > immediately. > > Is it possible to get CAS working with this setup? Have I made somekind > of obvious&common setup error, that somebody might have fixed for > themselves? Any ideas? > > Iikku > > Scott Battaglia wrote: > > Are you running CAS over HTTPS or HTTP? If you're running over HTTP, > > then you won't get SSO. > > > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila <[email protected] > > <mailto:[email protected]>> wrote: > > > > Hi, > > I have a (seemingly) working CAS installation with > > BindLdapAuthenticationHandler, setup like > > http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified > Confluence > > and Jira with Soulwing as per instructions on > > http://soulwing.org/confluence-cas.jsp and > > http://soulwing.org/jira-cas.jsp . When user logs on to either of > > those > > apps, he's redirected to CAS login screen, he logs on successfully > and > > is redirected to the app. So all is okay with both individual > > applications. However, after the user has logged on to one of the > apps > > and tries to use the other, he is not logged in automatically via > CAS, > > but instead redirected to the CAS login screen, where he can login > > normally with username/password. > > > > So there is no single sign on, but instead two individuals logins > both > > handled through CAS. I'd rather have the sso. Is there perhaps > > some kind > > of a switch that I've missed? > > > > Thanks, > > Iikku Mattila > > _______________________________________________ > > Yale CAS mailing list > > [email protected] <mailto:[email protected]> > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > -- > ************************************************************************ > Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet > TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten > psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän > toiveidensa mukaisesti. > Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle > vuodelle 2009! > ************************************************************************ > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
