Duo Universal Prompt behind proxy
29 weergaven
Naar het eerste ongelezen bericht
Richard Frovarp
8 mrt 2023, 14:57:2408-03-2023
aan CAS User
On CAS 6.6.6 and using the Duo Universal Prompt, it is exposing my
internal hostname, rather than the load balancer. It's not clear to me
why this is happening. It is also not clear to me what the correct
configuration options are for a load balanced CAS with respect to
hostname / proxy configuration. Any suggestions?
Thanks,
Richard
internal hostname, rather than the load balancer. It's not clear to me
why this is happening. It is also not clear to me what the correct
configuration options are for a load balanced CAS with respect to
hostname / proxy configuration. Any suggestions?
Thanks,
Richard
Pascal Rigaux
8 mrt 2023, 15:51:3608-03-2023
aan cas-...@apereo.org
Hi,
With spring-boot with embedded tomcat, I suggest the following in cas.properties:
server.tomcat.remoteip.internal-proxies=... (a regexp)
With external tomcat, I suggest configuring RemoteIpValve in conf/server.xml, eg:
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto" internalProxies="..." />
cu
--
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-PAS (Pôle Applications et Services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 04 08 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59 - 06 74 55 57 67
With spring-boot with embedded tomcat, I suggest the following in cas.properties:
server.tomcat.remoteip.internal-proxies=... (a regexp)
With external tomcat, I suggest configuring RemoteIpValve in conf/server.xml, eg:
<Valve className="org.apache.catalina.valves.RemoteIpValve" protocolHeader="x-forwarded-proto" internalProxies="..." />
cu
Pascal Rigaux
Expert en développement et déploiement d'applications
DSIUN-PAS (Pôle Applications et Services numériques)
Université Paris 1 Panthéon-Sorbonne - Centre Pierre Mendès France (PMF)
B 04 08 - 90, rue de Tolbiac - 75634 PARIS CEDEX 13 - FRANCE
Tél : 01 44 07 86 59 - 06 74 55 57 67
Richard Frovarp
8 mrt 2023, 22:58:0208-03-2023
aan 'Richard Frovarp' via CAS Community
https://<whatever-your-proxy-or-lb-is>
Carl Waldbieser
9 mrt 2023, 09:44:4109-03-2023
aan cas-...@apereo.org
Richard,
Do you have `cas.server.name` set? https://apereo.github.io/cas/6.6.x/configuration/Configuration-Management.html
I have CAS 6.6.6 running behind an AWS ALB and I don't seem to have any issues with the Duo Universal prompt. We haven't rolled out Universal Prompt to production yet, though, so I'd be interested in what the particular symptoms are.
Thanks,
Carl Waldbieser
ITS
Lafayette College
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0a4aaf94-4e5f-69c2-c670-3f1e251cc333%40ndsu.edu.
Allen beantwoorden
Auteur beantwoorden
Doorsturen
0 nieuwe berichten