Re: [cas-user] CAS not redirecting to application after successful login
Hi Oswald, It is indeed an interesting issue, and I'd expect the redirect to occur here. It sounds like several others are having the same issue, I'm wondering if there is a bug the SAML redirect in CAS Server 4.0. -J- On 9/17/14 7:25 PM, Oswald Lu wrote: Hi, John, Thanks again for your help. Here are the information you request: 1. The service url: http://intrat.compid.com.tw/MIS/DS/DS_GRoller_WebSite/DSR1/DSAOR1.aspx 2. The url after redirected to the login page: https://cas.compid.com.tw:8443/cas/login?TARGET=http%3a%2f%2fintrat.compid.com.tw%2fMIS%2fDS%2fDS_GRoller_WebSite%2fDSR1%2fDSAOR1.aspx 3. After successful login, it does not redirect to the original service url. 4. The web.config session: casClientConfig casServerLoginUrl=https://cas.compid.com.tw:8443/cas/login; casServerUrlPrefix=https://cas.compid.com.tw:8443/cas/; serverName=intrat.compid.com.tw notAuthorizedUrl=~/NotAuthorized.aspx redirectAfterValidation=true renew=false singleSignOut=true ticketValidatorName=Saml11 serviceTicketManager=CacheServiceTicketManager / authentication mode=Forms forms loginUrl=https://cas.compid.com.tw:8443/cas/login; timeout=30 defaultUrl=~/Default.aspx cookieless=UseCookies slidingExpiration=true path=/ / /authentication authorization deny users=?/ /authorization 5. The redirection works if I change ticketValidatorName=Saml11 back to ticketValidatorName=Cas20. Oswald. John Gasper於 2014年9月16日星期二UTC+8下午10時20分57秒寫道: Hi Oswald, It would be helpful if you passed along the url that you are seeing. More helpful would be to turn on the browser's network monitor and and pass long the various page loads and redirected urls. Without more information, I'm just making a guess at what might be the issue. Does your authentication element in the web.config look like this example (particularly the loginUrl)? |||authentication| |mode||=||Forms||| |forms| | ||loginUrl||=||https://server.example.com/cas/login; https://server.example.com/cas/login| | ||timeout||=||30| | ||defaultUrl||=||~/Default.aspx| | ||cookieless||=||UseCookies| | ||slidingExpiration||=||true| | ||path||=||/ApplicationName/| |/| | ||/||authentication||| John --- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 9/15/14 7:23 PM, Oswald Lu wrote: Hi, Thank Carl for the information. I use a sample .NET client to test. I change the ticketValidatorName=Cas20 to ticketValidatorName=Saml11 in casClientConfig of configuration of web.config. The unauthenticated application redirected me to the login page with url with the TARGET= querystring parameter. After login, the page shows login successful with no error, but it does not redirect me to the application, just exactly like what Dheeraj mentioned. Anyone have idea about how to solve this issue? Thanks. Oswald -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jga...@unicon.net javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi, John, Thanks again for your help. Here are the information you request: 1. The service url: http://intrat.compid.com.tw/MIS/DS/DS_GRoller_WebSite/DSR1/DSAOR1.aspx 2. The url after redirected to the login page: https://cas.compid.com.tw:8443/cas/login?TARGET=http%3a%2f%2fintrat.compid.com.tw%2fMIS%2fDS%2fDS_GRoller_WebSite%2fDSR1%2fDSAOR1.aspx 3. After successful login, it does not redirect to the original service url. 4. The web.config session: casClientConfig casServerLoginUrl=https://cas.compid.com.tw:8443/cas/login; casServerUrlPrefix=https://cas.compid.com.tw:8443/cas/; serverName=intrat.compid.com.tw notAuthorizedUrl=~/NotAuthorized.aspx redirectAfterValidation=true renew=false singleSignOut=true ticketValidatorName=Saml11 serviceTicketManager=CacheServiceTicketManager / authentication mode=Forms forms loginUrl=https://cas.compid.com.tw:8443/cas/login; timeout=30 defaultUrl=~/Default.aspx cookieless=UseCookies slidingExpiration=true path=/ / /authentication authorization deny users=?/ /authorization 5. The redirection works if I change ticketValidatorName=Saml11 back to ticketValidatorName=Cas20. Oswald. John Gasper於 2014年9月16日星期二UTC+8下午10時20分57秒寫道: Hi Oswald, It would be helpful if you passed along the url that you are seeing. More helpful would be to turn on the browser's network monitor and and pass long the various page loads and redirected urls. Without more information, I'm just making a guess at what might be the issue. Does your authentication element in the web.config look like this example (particularly the loginUrl)? authentication mode=Forms forms loginUrl=https://server.example.com/cas/login; https://server.example.com/cas/login timeout=30 defaultUrl=~/Default.aspx cookieless=UseCookies slidingExpiration=true path=/ApplicationName/ / /authentication John --- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 9/15/14 7:23 PM, Oswald Lu wrote: Hi, Thank Carl for the information. I use a sample .NET client to test. I change the ticketValidatorName=Cas20 to ticketValidatorName=Saml11 in casClientConfig of configuration of web.config. The unauthenticated application redirected me to the login page with url with the TARGET= querystring parameter. After login, the page shows login successful with no error, but it does not redirect me to the application, just exactly like what Dheeraj mentioned. Anyone have idea about how to solve this issue? Thanks. Oswald -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jga...@unicon.net javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-...@lists.jasig.org javascript: as: jasig-cas-user...@googlegroups.com javascript: To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi Oswald, It would be helpful if you passed along the url that you are seeing. More helpful would be to turn on the browser's network monitor and and pass long the various page loads and redirected urls. Without more information, I'm just making a guess at what might be the issue. Does your authentication element in the web.config look like this example (particularly the loginUrl)? |||authentication| |mode||=||Forms||| |forms| | ||loginUrl||=||https://server.example.com/cas/login; https://server.example.com/cas/login| | ||timeout||=||30| | ||defaultUrl||=||~/Default.aspx| | ||cookieless||=||UseCookies| | ||slidingExpiration||=||true| | ||path||=||/ApplicationName/| |/| | ||/||authentication||| John --- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 9/15/14 7:23 PM, Oswald Lu wrote: Hi, Thank Carl for the information. I use a sample .NET client to test. I change the ticketValidatorName=Cas20 to ticketValidatorName=Saml11 in casClientConfig of configuration of web.config. The unauthenticated application redirected me to the login page with url with the TARGET= querystring parameter. After login, the page shows login successful with no error, but it does not redirect me to the application, just exactly like what Dheeraj mentioned. Anyone have idea about how to solve this issue? Thanks. Oswald -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi, Thank Carl for the information. I use a sample .NET client to test. I change the ticketValidatorName=Cas20 to ticketValidatorName=Saml11 in casClientConfig of configuration of web.config. The unauthenticated application redirected me to the login page with url with the TARGET= querystring parameter. After login, the page shows login successful with no error, but it does not redirect me to the application, just exactly like what Dheeraj mentioned. Anyone have idea about how to solve this issue? Thanks. Oswald -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
The `TARGET` parameter is presumably because the CAS client is actually using the SAML1.x protocol rather than the CAS protocol. The Jasig-CAS server actually supports both protocols, as do many CAS clients. Thanks, Carl Waldbieser Lafayette College - Original Message - From: Oswald Lu oswald...@gmail.com To: cas-user@lists.jasig.org Cc: cas-user@lists.jasig.org, cas-user@lists.jasig.org, dheeraj dubey dheeraj.du...@zensar.in Sent: Friday, September 12, 2014 1:21:26 AM Subject: Re: [cas-user] CAS not redirecting to application after successful login Hi, Dheeraj: I found something strange in the url you post. For the CAS server I set up, when entering a web page without authentication, it redirects to the CAS login page with the url like https://your_cas_hostname:8443/cas/login?service=(the original url encoded that you put in the browser). But in your case, the querystring parameter becomes TARGET. I make a try by manually change ?service= to ?TARGET=, it does not redirect. Hope that help. Oswald. -- You are currently subscribed to cas-user@lists.jasig.org as: waldb...@lafayette.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi John, Thanks for the reply. It doesn't give any error instate it shows the success page of CAS. I have removed / from URL but still it gave me same error. Thanks and Regards, Dheeraj Dubey - Original Message - From: John Gasper jgas...@unicon.net To: cas-user@lists.jasig.org Sent: Wednesday, September 10, 2014 8:09:23 PM Subject: Re: [cas-user] CAS not redirecting to application after successful login Hi Dheeraj, What does CAS do if it doesn't redirect you back to your client application? Does it produce an error? If so, this maybe because your service url set in the client doesn't match what has been permitted in the registered service: https://localhost:8443/casclient2; does not equal https://localhost:8443/casclient2/; (trailing slash on the latter). Knowing what to put in for the registered url is easily discovered by looking at the service= query string when the user is at the login page. You'll want to put the url decoded version of that value in the registered service. You can also use regex patterns or wildcards in the url. Good luck John --- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 9/10/14 5:38 AM, Dheeraj Dubey wrote: Hi All, I have configure CAS 4.0 in tomcat 7 with JDBC Authentication handler. I have mapped one service in InMemoryServiceRegistryDaoImpl bean class=org.jasig.cas.services.RegexRegisteredService property name=id value=0 / property name=name value=casclient2 / property name=description value=CAS cas client / property name=serviceId value= https://localhost:8443/casclient2; / property name=evaluationOrder value=1001 / /bean And below is Cas client's web.xml ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns= http://java.sun.com/xml/ns/j2ee; xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation= http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; filter filter-nameCAS Authentication Filter/filter-name filter-classorg.jasig.cas.client.authentication.Saml11AuthenticationFilter/filter-class !-- filter-classorg.jasig.cas.client.authentication.AuthenticationFilter/filter-class -- init-param param-namecasServerLoginUrl/param-name param-value https://localhost:8443/cas/login /param-value /init-param init-param param-nameservice/param-name param-value https://localhost:8443/casclient2/ /param-value /init-param /filter filter filter-nameCAS Validation Filter/filter-name filter-classorg.jasig.cas.client.validation.Saml11TicketValidationFilter/filter-class !-- filter-classorg.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter/filter-class -- init-param param-namecasServerUrlPrefix/param-name param-value https://localhost:8443/cas /param-value /init-param init-param param-nameservice/param-name param-value https://localhost:8443/casclient2/ /param-value /init-param init-param param-nameredirectAfterValidation/param-name param-valuetrue/param-value /init-param init-param param-nameuseSession/param-name param-valuetrue/param-value /init-param init-param param-nameacceptAnyProxy/param-name param-valuetrue/param-value /init-param init-param param-nameproxyReceptorUrl/param-name param-value/casclient2/proxyUrl/param-value /init-param init-param param-nameproxyCallbackUrl/param-name param-value https://localhost:8443/casclient2/proxyUrl /param-value /init-param /filter filter filter-nameCAS HttpServletRequest Wrapper Filter/filter-name filter-classorg.jasig.cas.client.util.HttpServletRequestWrapperFilter/filter-class /filter filter-mapping filter-nameCAS Validation Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameCAS Authentication Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameCAS HttpServletRequest Wrapper Filter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-file index.jsp /welcome-file /welcome-file-list /web-app when I invoke client application from browser it redirect me to CAS login Page but after successful login CAS does not redirect me to client application back. Please help me. I would be highly oblige. Thanks and Regards, Dheeraj Dubey -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: dheeraj.du...@zensar.in To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi, Dheeraj: I found something strange in the url you post. For the CAS server I set up, when entering a web page without authentication, it redirects to the CAS login page with the url like https://your_cas_hostname:8443/cas/login?service=(the original url encoded that you put in the browser). But in your case, the querystring parameter becomes TARGET. I make a try by manually change ?service= to ?TARGET=, it does not redirect. Hope that help. Oswald. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Re: [cas-user] CAS not redirecting to application after successful login
Hi Dheeraj, What does CAS do if it doesn't redirect you back to your client application? Does it produce an error? If so, this maybe because your service url set in the client doesn't match what has been permitted in the registered service: https://localhost:8443/casclient2; does not equal https://localhost:8443/casclient2/; (trailing slash on the latter). Knowing what to put in for the registered url is easily discovered by looking at the service= query string when the user is at the login page. You'll want to put the url decoded version of that value in the registered service. You can also use regex patterns or wildcards in the url. Good luck John --- *John Gasper* IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef On 9/10/14 5:38 AM, Dheeraj Dubey wrote: Hi All, I have configure CAS 4.0 in tomcat 7 with JDBC Authentication handler. I have mapped one service in InMemoryServiceRegistryDaoImpl */bean class=org.jasig.cas.services.RegexRegisteredService/* */property name=id value=0 //* */property name=name value=casclient2 //* */property name=description value=CAS cas client //* */property name=serviceId value=https://localhost:8443/casclient2; //* */property name=evaluationOrder value=1001 //* *//bean/* And below is Cas client's web.xml ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; filter filter-nameCAS Authentication Filter/filter-name filter-classorg.jasig.cas.client.authentication.Saml11AuthenticationFilter/filter-class !-- filter-classorg.jasig.cas.client.authentication.AuthenticationFilter/filter-class -- init-param param-namecasServerLoginUrl/param-name param-valuehttps://localhost:8443/cas/login/param-value /init-param init-param param-nameservice/param-name param-valuehttps://localhost:8443/casclient2//param-value /init-param /filter filter filter-nameCAS Validation Filter/filter-name filter-classorg.jasig.cas.client.validation.Saml11TicketValidationFilter/filter-class !-- filter-classorg.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter/filter-class -- init-param param-namecasServerUrlPrefix/param-name param-valuehttps://localhost:8443/cas/param-value /init-param init-param param-nameservice/param-name param-valuehttps://localhost:8443/casclient2//param-value /init-param init-param param-nameredirectAfterValidation/param-name param-valuetrue/param-value /init-param init-param param-nameuseSession/param-name param-valuetrue/param-value /init-param init-param param-nameacceptAnyProxy/param-name param-valuetrue/param-value /init-param init-param param-nameproxyReceptorUrl/param-name param-value/casclient2/proxyUrl/param-value /init-param init-param param-nameproxyCallbackUrl/param-name param-valuehttps://localhost:8443/casclient2/proxyUrl/param-value /init-param /filter filter filter-nameCAS HttpServletRequest Wrapper Filter/filter-name filter-classorg.jasig.cas.client.util.HttpServletRequestWrapperFilter/filter-class /filter filter-mapping filter-nameCAS Validation Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameCAS Authentication Filter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameCAS HttpServletRequest Wrapper Filter/filter-name url-pattern/*/url-pattern /filter-mapping welcome-file-list welcome-file index.jsp /welcome-file /welcome-file-list /web-app when I invoke client application from browser it redirect me to CAS login Page but after successful login CAS does not redirect me to client application back. Please help me. I would be highly oblige. Thanks and Regards,* * * * Dheeraj Dubey -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user