CAS Relogin Problem

[denizg]

I can login successfully to CAS. After success login, it shows authentication details page like below picture (loginsuccess.png).

When i try to login without login, it shows login screen (relogin.png), but i expect authentication details page, because i logged in before. 

It creates many problem for me. How can i solve this? (btw, i tried demos in this page https://apereo.github.io/cas/Demos.html , and it works expected.)

gradle.properties

cas.version=6.3.0-SNAPSHOT (also tried with 6.2.0)

cas.properties

cas.server.name=http://localhost:8443
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
server.ssl.enabled=false
# cas.authn.accept.users=

[denizg]

I checked browser network tab. After successfull login, the set-cookie TGC header is returned but chrome blocks it (the set cookie was blocked because it had the "secure"
attribute but was not received over a secure connection.). So, there is no TGC cookie and it treats like you didnt login. 

I added this configuration to cas.properties, the problem solved.

cas.tgc.secure=false
 

19 Ağustos 2020 Çarşamba tarihinde saat 12:37:47 UTC+3 itibarıyla denizg şunları yazdı:

[Ray Bon]

It will be better if the connection is made secure. The TGC is what gives your user access to the applications. If that cookie gets hijacked, ..., security problems.

Ray

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.