David, Were you able to solve the issue as you described it?
On Thu, Jan 22, 2009 at 5:22 PM, David Whitehurst <[email protected]> wrote: > Timothy: > > I've had nothing but troubles of a similar sort. Consider this; > > 1. HTTPS to initial URL with service sends cert from Apache server or Tomcat > CAS server to user browser. > 2. The CAS client code creates a brand new HTTPS request back to the CAS > server or Apache (if used) the same cert is coming in the direction of the > CAS client. So, Java has to 'trust' that certificate. And, if the connector > at the service application server is HTTP, the initial request won't just > remain HTTPS. > 3. After CAS authenticates the user, and acknowledges the CAS client that > things are okay, the service application content (HTTPS) will come if that > server is hosting an HTTPS connector. If it is, Tomcat will send his > certificate to the user browser. > > > HTH > > David > > On Thu, Jan 22, 2009 at 6:02 PM, Timothy Tagge <[email protected]> wrote: >> >> >> https://securetools.homefinder.com/SSO/login?service=https%3A%2F%2Fsecuretools.homefinder.com%2FAAT%2FeditAgent.do >> >> This service URL points to a controller, which then does a redirect to >> a jsp page after processing, doing lookups etc. >> >> I'm starting to think that since it the browser shows the correct jsp >> page, just minus the https, that CAS is not the issue. Perhaps it >> could be Apache or Tomcat assuming http somehow. >> >> On Thu, Jan 22, 2009 at 4:07 PM, Scott Battaglia >> <[email protected]> wrote: >> > What is the actual service url on the CAS server? i.e. >> > http://my.server.com/login?service=FOO >> > >> > -Scott >> > >> > -Scott Battaglia >> > PGP Public Key Id: 0x383733AA >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> > >> > >> > On Thu, Jan 22, 2009 at 4:40 PM, Timothy Tagge <[email protected]> >> > wrote: >> >> >> >> I added some log statements to the constructServiceUrl method of >> >> CommonUtils which show the correct service. This filter is on the >> >> application that attempts to load on http instead of the requested >> >> https. >> >> >> >> public static final String constructServiceUrl(final HttpServletRequest >> >> request, >> >> final >> >> HttpServletResponse response, final String service, final String >> >> serverName, final String artifactParameterName, final boolean encode) >> >> { >> >> System.out.println("service:" + service); >> >> System.out.println("serverName:" + serverName); >> >> System.out.println("artifactParameterName:" + >> >> artifactParameterName); >> >> System.out.println("encode:" + encode); >> >> >> >> >> >> The results of these statements..... >> >> service:null >> >> serverName:https://securetools.server.com >> >> artifactParameterName:ticket >> >> encode:true >> >> >> >> >> >> One more thing I would add is that I'm using a host file on these >> >> servers so that certificates can be shared over several servers (dev, >> >> int, qa, etc) >> >> >> >> On Tue, Jan 20, 2009 at 9:21 PM, Scott Battaglia >> >> <[email protected]> wrote: >> >> > What's the service url being passed to CAS? >> >> > i.e. /login?service=FOO >> >> > >> >> > -Scott >> >> > >> >> > -Scott Battaglia >> >> > PGP Public Key Id: 0x383733AA >> >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> > >> >> > >> >> > On Mon, Jan 19, 2009 at 5:07 PM, Timothy Tagge <[email protected]> >> >> > wrote: >> >> >> >> >> >> CAS Server 3.3 >> >> >> CAS Client 3.1.3 >> >> >> Tomcat 5.1.15 >> >> >> >> >> >> Sending a redirect to >> >> >> https://servername/AAT/doSomething.do >> >> >> is ending up on >> >> >> http://servername/AAT/doSomething.do >> >> >> >> >> >> >> >> >> >> >> >> Contents of web.xml CAS setup for AAT ... >> >> >> >> >> >> <!-- Filter Definitions >> >> >> ***************************************************--> >> >> >> <filter> >> >> >> <filter-name>CAS Single Sign Out Filter</filter-name> >> >> >> >> >> >> >> >> >> >> >> >> <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> >> >> >> </filter> >> >> >> <filter> >> >> >> <filter-name>CAS Authentication Filter</filter-name> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> >> >> >> <init-param> >> >> >> <param-name>casServerLoginUrl</param-name> >> >> >> >> >> >> <param-value>https://servername/SSO/login</param-value> >> >> >> </init-param> >> >> >> <init-param> >> >> >> <param-name>serverName</param-name> >> >> >> >> >> >> <param-value>https://servername</param-value> >> >> >> </init-param> >> >> >> </filter> >> >> >> <filter> >> >> >> <filter-name>CAS Validation Filter</filter-name> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> >> >> >> <init-param> >> >> >> >> >> >> <param-name>casServerUrlPrefix</param-name> >> >> >> >> >> >> <param-value>https://servername/SSO</param-value> >> >> >> </init-param> >> >> >> <init-param> >> >> >> <param-name>serverName</param-name> >> >> >> <param-value>https://servername >> >> >> </param-value> >> >> >> </init-param> >> >> >> <init-param> >> >> >> <param-name>useSession</param-name> >> >> >> <param-value>true</param-value> >> >> >> </init-param> >> >> >> </filter> >> >> >> <filter> >> >> >> <filter-name>CAS HttpServletRequest Wrapper >> >> >> Filter</filter-name> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> >> >> >> </filter> >> >> >> >> >> >> <!-- Filter mappings >> >> >> *************************************************--> >> >> >> <filter-mapping> >> >> >> <filter-name>CAS Single Sign Out Filter</filter-name> >> >> >> <url-pattern>*.do</url-pattern> >> >> >> </filter-mapping> >> >> >> <filter-mapping> >> >> >> <filter-name>CAS Authentication Filter</filter-name> >> >> >> <url-pattern>*.do</url-pattern> >> >> >> </filter-mapping> >> >> >> >> >> >> <filter-mapping> >> >> >> <filter-name>CAS Validation Filter</filter-name> >> >> >> <url-pattern>*.do</url-pattern> >> >> >> </filter-mapping> >> >> >> >> >> >> <filter-mapping> >> >> >> <filter-name>CAS HttpServletRequest Wrapper >> >> >> Filter</filter-name> >> >> >> <url-pattern>*.do</url-pattern> >> >> >> </filter-mapping> >> >> >> >> >> >> <!-- Listeners >> >> >> *************************************************************--> >> >> >> <listener> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> >> >> >> </listener> >> >> >> _______________________________________________ >> >> >> Yale CAS mailing list >> >> >> [email protected] >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > >> >> > >> >> > _______________________________________________ >> >> > Yale CAS mailing list >> >> > [email protected] >> >> > http://tp.its.yale.edu/mailman/listinfo/cas >> >> > >> >> > >> >> _______________________________________________ >> >> Yale CAS mailing list >> >> [email protected] >> >> http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> > _______________________________________________ >> > Yale CAS mailing list >> > [email protected] >> > http://tp.its.yale.edu/mailman/listinfo/cas >> > >> > >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
