[CAS 5.X] Proxy Mode and 5.2.x
99 views
Skip to first unread message
Didier Capdevielle
Feb 22, 2018, 10:40:22 AM2/22/18
to CAS Community
Hello CAS' Experts,
We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x.
SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration (except json-service-registry dependency and json location directory : different names). SAME Json files.
5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol)
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of [PGTIOU-*************************************************jIOaCR1nRg-cas-test] for service: [https://xxxxxx.xx/uPortal/CasProxyServlet]
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - Successfully validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [https://xxxxxxxxx.xx/uPortal/Login]
5.2.x : No error in logs but Impossible to have PGT Iou
What is changing in 5.2.x ?
Thanks in Advance,
Best regards.
We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x.
SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration (except json-service-registry dependency and json location directory : different names). SAME Json files.
5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol)
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of [PGTIOU-*************************************************jIOaCR1nRg-cas-test] for service: [https://xxxxxx.xx/uPortal/CasProxyServlet]
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - Successfully validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [https://xxxxxxxxx.xx/uPortal/Login]
5.2.x : No error in logs but Impossible to have PGT Iou
What is changing in 5.2.x ?
Thanks in Advance,
Best regards.
Didier Capdevielle
Feb 23, 2018, 11:05:07 AM2/23/18
to CAS Community
OK, I answer by myself.
Found the solution by a colleague in a French list. Thanks a lot to him.
I try to explain (sorry for my english) :
Problem is in our UPortal behind a web front-end server. We have to add allowedProxyChains parameter in the web.xml of UPortal.
CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).
Thanks
Best regards
Found the solution by a colleague in a French list. Thanks a lot to him.
I try to explain (sorry for my english) :
Problem is in our UPortal behind a web front-end server. We have to add allowedProxyChains parameter in the web.xml of UPortal.
CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).
Thanks
Best regards
Luke Whittington
Feb 26, 2018, 2:09:13 PM2/26/18
to cas-...@apereo.org
Hi, Didier. We're also experiencing some WebProxy and ClearPass issues with CAS 5.2.x and uPortal 4. What version of uPortal are you running?
thanks,
Luke
OK, I answer by myself.Found the solution by a colleague in a French list. Thanks a lot to him.I try to explain (sorry for my english) :Problem is in our UPortal behind a web front-end server. We have to add allowedProxyChains parameter in the web.xml of UPortal.CAS Server 5.2.x needs this parameter (CAS Server 5.1.x NO).Thanks
Best regards- hide quoted text -
Le jeudi 22 février 2018 16:40:22 UTC+1, Didier Capdevielle a écrit :Hello CAS' Experts,We have trouble using Proxy Mode (for UPortal) with CAS Server 5.2.x.SAME server (Debian Stretch ; OpenJDK 8 ; Tomcat8) and SAME configuration (except json-service-registry dependency and json location directory : different names). SAME Json files.5.1.7 / 5.1.8 : NO problem with proxy mode (CAS 2 protocol)
2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.ticket.proxy.support.Cas20ProxyHandler] - Sent ProxyIou of [PGTIOU-*************************************************jIOaCR1nRg-cas-test] for service: [https://xxxxxx.xx/uPortal/CasProxyServlet" rel="nofollow" target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxx.xx%2FuPortal%2FCasProxyServlet\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGsOkrTVC06oBSQAIBuvcgp92gXJQ';return true;">https://xxxxxx.xx/uPortal/CasProxyServlet]2018-02-22 16:35:02,692 DEBUG [org.apereo.cas.web.AbstractServiceValidateController] - Successfully validated service ticket [ST-2-jML5LiuPAf2x4cQMZlbt-cas-test] for service [https://xxxxxxxxx.xx/uPortal/Login" rel="nofollow" target="_blank" onmousedown="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxxxxx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return true;" onclick="this.href='https://www.google.com/url?q\x3dhttps%3A%2F%2Fxxxxxxxxx.xx%2FuPortal%2FLogin\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGZWafI9pdnN3mup73TrRfzCmR7Yg';return true;">https://xxxxxxxxx.xx/uPortal/Login]
5.2.x : No error in logs but Impossible to have PGT Iou
What is changing in 5.2.x ?
Thanks in Advance,
Best regards.
--
Luke Whittington
Software Developer
Development Services, University of Victoria
Didier Capdevielle
Mar 6, 2018, 7:52:00 AM3/6/18
to CAS Community
Hi Luke,
Sorry to answer so late.
We are in version 4.x but i don't know exactly what sub-version. Sorry we just manage authentication (CAS, Shibboleth) and so on.
Do you want i ask my colleague or version 4 is enough ?
Best regards,
Sorry to answer so late.
We are in version 4.x but i don't know exactly what sub-version. Sorry we just manage authentication (CAS, Shibboleth) and so on.
Do you want i ask my colleague or version 4 is enough ?
Best regards,
Lalot Dominique
Mar 6, 2018, 8:01:59 AM3/6/18
to CAS Community
Hello
For ClearPass you need uPortal5 or backports the code to 4.x to manage ClearPass, as it's a completely different approach. No more proxy needed.
Dom
Le lundi 26 février 2018 20:09:13 UTC+1, Luke Whittington a écrit :
Reply all
Reply to author
Forward
0 new messages