OK, I answer by myself.Found the solution by a colleague in a French list. Thanks a lot to him.I try to explain (sorry for my english) :Problem is in our UPortal behind a web front-end server. We have to add allowedProxyChains parameter in the web.xml of UPortal.CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).Thanks
Best regards- hide quoted text -
Le jeudi 22 février 2018 16:40:22 UTC+1, Didier Capdevielle a écrit :Hello CAS' Experts,We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x.SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration (except json-service-registry dependency and json location directory : different names). SAME Json files.5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol)
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of [PGTIOU-*************************************************jIOaCR1nRg-cas-test] for service: [https://xxxxxx.xx/uPortal/CasProxyServlet" rel="nofollow" target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return true;">https://xxxxxx.xx/uPortal/CasProxyServlet]2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - Successfully validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [https://xxxxxxxxx.xx/uPortal/Login" rel="nofollow" target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxxxxx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxxxxx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return true;">https://xxxxxxxxx.xx/uPortal/Login]
5.2.x : No error in logs but Impossible to have PGT Iou
What is changing in 5.2.x ?
Thanks in Advance,
Best regards.
--