CAS client 3.6.2 is not redirecting with samlArt param and 302 http status code.

Morning Star

unread,

Feb 12, 2021, 12:41:18 PM2/12/21

to CAS Community

Hi Team,

We have upgraded CAS Server to 6.2.2 and CAS client to 3.6.2. After successful authentication, CAS client is not redirecting to our application with samlArt param and 302 http status code.

We have updated the dependencies like below:

<groupId>org.jasig.cas.client</groupId>

<artifactId>cas-client-core</artifactId>

</dependency>

<groupId>org.jasig.cas.client</groupId>

<artifactId>cas-client-support-saml</artifactId>

</dependency>

We have overridden the Authentication & Validation filter class by providing Server Name, Login server url and Server URL Prefix.

Please find the code changes:

Web.xml

<filter-name>EXCASAuthenticationFilter</filter-name>

<filter-class>com.mercuryinsurance.epresentment.essweb.filter.EPCASAuthenticationFilter</filter-class>

<init-param>

<param-name>casServerLoginUrl</param-name>

<param-value> casServerLoginUrl </param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value> serverName </param-value>

</init-param>

</filter>

<filter-name>EXCASValidationFilter</filter-name>

<filter-class>com.mercuryinsurance.epresentment.essweb.filter.EPCASValidationFilter</filter-class>

<init-param>

<param-name>casServerUrlPrefix</param-name>

<param-value>https://example.com/cas</param-value>

</init-param>

<init-param>

<param-name>serverName</param-name>

<param-value>serverName</param-value>

</init-param>

<init-param>

<param-name>redirectAfterValidation</param-name>

<param-value>true</param-value>

</init-param>

<init-param>

<param-name>tolerance</param-name>

<param-value>5000</param-value>

</init-param>

<init-param>

<param-name>useSession</param-name>

<param-value>true</param-value>

</init-param> </filter>

<filter-name>CASHttpServletRequestWrapperFilter</filter-name>

<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>

</filter>

<filter-mapping>

<filter-name>CASAuthenticationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CASValidationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter-mapping>

<filter-name>CASHttpServletRequestWrapperFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

Java changes:

public class EXCASAuthenticationFilter extends Saml11AuthenticationFilter{

private static final String CLASS_NAME = EXCASAuthenticationFilter.class.getSimpleName();

Logger log = Logger.getLogger(getClass());

FilterConfig filterConfig = null;

@Override

public void destroy() {

// TODO Auto-generated method stub

}

@Override

public void initInternal(FilterConfig arg0) throws ServletException {

super.initInternal(arg0);

this.filterConfig = arg0;

String serverName = “https://example.com”

String casServerLoginUrl = ”https://example.com/cas/login”;

setServerName(serverName);

setCasServerLoginUrl(casServerLoginUrl);

}

public class EXCASValidationFilter extends Saml11TicketValidationFilter

{

private static final String CLASS_NAME = EXCASValidationFilter.class.getSimpleName();

FilterConfig filterConfig = null;

Logger log = Logger.getLogger(getClass());

@Override

public void destroy() {

// TODO Auto-generated method stub

}

@Override

public void initInternal(FilterConfig arg0) throws ServletException {

this.filterConfig = arg0;

String serverName = ”https://example.com”;

String casServerUrlPrefix = “https://example.com/cas”;

Saml11TicketValidator validator = new Saml11TicketValidator(casServerUrlPrefix);

super.initInternal(arg0);

setServerName(serverName);

setTicketValidator(validator);

setRedirectAfterValidation(true);

}

After adding these code changes, control comes to our overridden filter class and we are able to see logs with updated serverName, casServerUrlPrefix and casServerLoginUrl.

Still application gets redirected to default success page.

We are expecting CAS to redirect to our application with samlArt parameter. Are we missing any configuration or property?

In few pages, they are asking to use Cas30ProxyReceivingTicketValidationFilter and AuthenticationFilter. If we use these filters, whether we will get samlArt param with redirection?

Please help how to proceed further.

Thanks in advance!

Ray Bon

unread,

Feb 12, 2021, 1:06:53 PM2/12/21

to cas-...@apereo.org

Morning,

You do not need to override any classes/filters in cas client for it to work.

Turn up your cas server logs to debug to see what it is doing.

There is also this logger which will output the http client used for communication between the client application and cas for ticket validation etc. (not through the browser).

Also use the network tab in your browsers developer tools to see what redirects are taking place. Maybe your application is sending a redirect to cas without a service= or TARGET= parameter.

Ray

On Fri, 2021-02-12 at 09:41 -0800, Morning Star wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.

--

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.

Raul Mengod

unread,

Feb 14, 2022, 11:12:27 AM2/14/22

to CAS Community, anusu...@gmail.com

Hi,

I'm having this problem when migrating CAS from 5.x to 6.x.

Any idea of what should configure to get this functionality in 6.X

Thanks

Reply all

Reply to author

Forward