Cas 5.0.0 management webapp redirecting to root of site

117 views

Skip to first unread message

John Stevens II

unread,

Nov 10, 2016, 4:35:28 PM11/10/16

to CAS Community

Hey guys,

I am running cas 5.0.0 with the following configuration:

servlet: tomcat 8

ticket registry: hazelcast

service registry: file system json

Authentication is working for cas via ldap and I can hit the url http://cas.example.com/cas-management and it redirects me to the login page with the service in the url but after I login I get redirected to http://cas.example.com/

Been trying to figure this out for a while now, any help would be appreciated.

catalina.out:

=============================================================
WHO: user1
WHAT: Supplied credentials: [user1]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Thu Nov 10 15:56:13 EST 2016
CLIENT IP ADDRESS: 172.16.11.244
SERVER IP ADDRESS: 10.1.25.157
=============================================================

>
2016-11-10 15:56:13,418 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: TGT-**********************************************vVuaVC2sDN-cas1.example.com
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Nov 10 15:56:13 EST 2016
CLIENT IP ADDRESS: 172.16.11.244
SERVER IP ADDRESS: 10.1.25.157
=============================================================

>
2016-11-10 15:56:13,426 INFO [org.apereo.cas.CentralAuthenticationServiceImpl] - <Granted ticket [ST-3-guRqQXD0BC7RWNXCAEfc-cas1.example.com] for service [http://cas1.example.com:8080/cas-management/callback?client_name=CasClient] and principal [user1]>
2016-11-10 15:56:13,427 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-3-guRqQXD0BC7RWNXCAEfc-cas1.example.com for http://cas1.example.com:8080/cas-management/callback?client_name=CasClient
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Thu Nov 10 15:56:13 EST 2016
CLIENT IP ADDRESS: 172.16.11.244
SERVER IP ADDRESS: 10.1.25.157
=============================================================

>
2016-11-10 15:56:13,680 DEBUG [org.springframework.boot.web.filter.OrderedRequestContextFilter] - <Bound request context to thread: org.apache.catalina.connector.RequestFacade@160e66fa>
2016-11-10 15:56:13,681 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <DispatcherServlet with name 'dispatcherServlet' processing GET request for [/cas-management/callback]>
2016-11-10 15:56:13,681 DEBUG [org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - <Looking up handler method for path /callback>
2016-11-10 15:56:13,684 DEBUG [org.springframework.boot.actuate.endpoint.mvc.EndpointHandlerMapping] - <Did not find handler method for [/callback]>
2016-11-10 15:56:13,684 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Looking up handler method for path /callback>
2016-11-10 15:56:13,684 DEBUG [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] - <Returning handler method [public void org.pac4j.springframework.web.CallbackController.callback(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]>
2016-11-10 15:56:13,684 DEBUG [org.springframework.beans.factory.support.DefaultListableBeanFactory] - <Returning cached instance of singleton bean 'callbackController'>
2016-11-10 15:56:13,684 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Last-Modified value for [/cas-management/callback] is: -1>
2016-11-10 15:56:13,703 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-3-guRqQXD0BC7RWNXCAEfc-cas1.example.com
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Thu Nov 10 15:56:13 EST 2016
CLIENT IP ADDRESS: 10.1.25.157
SERVER IP ADDRESS: 10.1.25.157
=============================================================

>
2016-11-10 15:56:13,733 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Null ModelAndView returned to DispatcherServlet with name 'dispatcherServlet': assuming HandlerAdapter completed request handling>
2016-11-10 15:56:13,733 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Successfully completed request>
2016-11-10 15:56:13,733 DEBUG [org.springframework.boot.web.filter.OrderedRequestContextFilter] - <Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@160e66fa>
2016-11-10 15:56:44,727 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from JsonServiceRegistryDao>
2016-11-10 15:56:44,729 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(https|imaps|http)://.*>
2016-11-10 15:56:44,729 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services from JsonServiceRegistryDao.>
2016-11-10 15:57:04,710 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services from JsonServiceRegistryDao.>
2016-11-10 15:57:05,825 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired tickets removed.>
2016-11-10 15:57:08,380 WARN [com.hazelcast.nio.tcp.TcpIpConnectionManager] - <[localhost]:5701 [dev] [3.7.2] Wrong bind request from [cas2.example.com]:5701! This node is not requested endpoint: [cas1.example.com]:5701>
2016-11-10 15:57:44,729 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loading services from JsonServiceRegistryDao>
2016-11-10 15:57:44,730 DEBUG [org.apereo.cas.services.DefaultServicesManagerImpl] - <Adding registered service ^(https|imaps|http)://.*>
2016-11-10 15:57:44,730 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services from JsonServiceRegistryDao.>
2016-11-10 15:58:04,711 INFO [org.apereo.cas.services.DefaultServicesManagerImpl] - <Loaded 1 services from JsonServiceRegistryDao.>
2016-11-10 15:58:05,846 INFO [org.apereo.cas.ticket.registry.DefaultTicketRegistryCleaner] - <0 expired tickets removed.>

management.properties:

cas.server.name: http://cas1.example.com:8080
cas.server.prefix: http://cas1.example.com:8080/cas

cas.mgmt.adminRoles=ROLE_ADMIN
cas.mgmt.userPropertiesFile=file:/etc/cas/config/users.properties
cas.mgmt.serverName=http://cas1.example.com:8080

server.context-path=/cas-management
server.port=8080

cas.serviceRegistry.config.location=file:///etc/cas/services

spring.thymeleaf.mode=HTML
logging.config=file:/etc/cas/config/log4j2.xml

cas.properties:

#CAS Settings
cas.server.name=http://cas1.example.com:8080
cas.server.prefix=${server.name}/cas
cas.host.name=cas1.example.com
cas.authn.accept.users=

#Logging
logging.config=file:///etc/cas/log4j2.xml

#LDAP
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].dnFormat=%s...@example.com
cas.authn.ldap[0].ldapUrl=ldap://dc2.example.com
cas.authn.ldap[0].useSsl=false
cas.authn.ldap[0].useStartTls=true
cas.authn.ldap[0].connectTimeout=5000
cas.authn.ldap[0].baseDn=dc=example,dc=com
cas.authn.ldap[0].userFilter=sAMAccountName={user}
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].usePasswordPolicy=false
cas.authn.ldap[0].bindDn=cn=cas,ou=Service Accounts,dc=example,dc=com
cas.authn.ldap[0].bindCredential=secret
cas.authn.ldap[0].principalAttributeId=sAMAccountName
cas.authn.ldap[0].principalAttributeList=sAMAccountName,sn,co,givenName,displayName,mail,department,telephoneNumber,title
cas.authn.ldap[0].trustCertificates=file:///etc/certs/dc2.crt
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=10
cas.authn.ldap[0].validateOnCheckout=false
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000

#Not sure if we need this, verify
cas.personDirectory.principalAttribute=sAMAccountName
cas.personDirectory.returnNull=false

#LDAP Attributes
cas.authn.attributeRepository.ldap.ldapUrl=ldap://dc2.example.com
cas.authn.attributeRepository.ldap.useSsl=false
cas.authn.attributeRepository.ldap.useStartTls=true
cas.authn.attributeRepository.ldap.connectTimeout=5000
cas.authn.attributeRepository.ldap.baseDn=dc=example,dc=com
cas.authn.attributeRepository.ldap.userFilter=sAMAccountName={user}
cas.authn.attributeRepository.ldap.subtreeSearch=true
cas.authn.attributeRepository.ldap.bindDn=cn=cas,ou=Service Accounts,dc=example,dc=com
cas.authn.attributeRepository.ldap.bindCredential=secret
cas.authn.attributeRepository.ldap.minPoolSize=3
cas.authn.attributeRepository.ldap.maxPoolSize=10
cas.authn.attributeRepository.ldap.validateOnCheckout=true
cas.authn.attributeRepository.ldap.validatePeriodically=true
cas.authn.attributeRepository.ldap.validatePeriod=600
cas.authn.attributeRepository.ldap.failFast=true
cas.authn.attributeRepository.ldap.idleTime=500
cas.authn.attributeRepository.ldap.prunePeriod=600
cas.authn.attributeRepository.ldap.blockWaitTime=5000

#Hazelcast Ticket Registry
cas.ticket.registry.hazelcast.pageSize=500
cas.ticket.registry.hazelcast.mapName=tickets

#Service Registry
cas.serviceRegistry.config.location=file:///etc/cas/services

John Stevens II

unread,

Mar 22, 2017, 1:58:19 PM3/22/17

to CAS Community

For anyone else having this problem, the issue was fixed by running the webapp on a secure port (443,8443) w/ssl.

I was testing the new deployment outside of the load balancer which is why I was going directly to port 8080 (since i'm using ssl offloading via f5).

Even though I specified http and port 8080 in the management.properties file I guess it still required ssl.

cas.authn.ldap[0].dnFormat=%s@example.com

Reply all

Reply to author

Forward

0 new messages