Hi,
Are you sure when you are redirected to CAS that the service url provided as parameter have a https ? something like : https://cas.domain.fr/cas/login?service=https://.....
Because it's like CAS register the service without https and it's
at this moment of the exchange that the url is mapped to the
ticket.
Else on my side my uPortal.properties:
## ## Portal Server ## #portal.protocol=http #portal.server=localhost:8080 #portal.context=/uPortal ## ## Central Authentication Service (CAS) ## #cas.protocol=http #cas.server=localhost:8080 #cas.context=/cas cas.ticketValidationFilter.service=${portal.protocol}://${portal.server}${portal.context}/Login cas.ticketValidationFilter.proxyReceptorUrl=/CasProxyServlet cas.ticketValidationFilter.ticketValidator.server=${cas.protocol}://${cas.server}${cas.context} cas.ticketValidationFilter.ticketValidator.proxyCallbackUrl=${portal.protocol}://${portal.lbServerName}${portal.context}${cas.ticketValidationFilter.proxyReceptorUrl} # depending on CAS version/conf cas.ticketValidationFilter.encodeServiceUrl=false org.apereo.portal.security.provider.cas.CasAssertionSecurityContextFactory.enabled=true org.apereo.portal.security.provider.cas.CasAssertionSecurityContextFactory.credentialToken=ticket org.apereo.portal.security.cas.assertion.copyAttributesToUserAttributes=true
And my global.properties (to share values with portlets):
portal.protocol=https portal.server=my.domain.fr # in load-balanced conf we need to be able to request a specific server for proxy CAS portal.lbServerName=portailX.domaine.fr portal.context=/portail # I use a pattern replacement for dynamic domaine as I manage several public servername on same instance # you can replace that by ${portal.protocol}://${portal.server}${portal.context} portal.protocol.server.context=${portal.protocol}://_CURRENT_SERVER_NAME_${portal.context} portal.login.url=${portal.protocol.server.context}/Login cas.protocol=https cas.server=cas.domain.fr cas.context=/cas
In my mind you should watch on portal.login.url value that is used by the portlet to connect.
Thanks,
Julien
--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-user...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/2c41d91f-2ec1-440e-b362-790a73602d77n%40apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/519108a4-214c-1f34-e2ee-01516d47829f%40recia.fr.
You should also debug your CAS, maybe the problem is there ;)
The serviceURL encoding is depending on your CAS
version/settings. It won't validate the service URL in the wrong
case.
Julien
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/CAEKnHSRZSiGZatDtbJS9ZK07jhd%3DrY5phufsw7UnJpXaJ0fbFA%40mail.gmail.com.
I've got it working now, using proxy authentication. In the end, the issues that I had, were caused by a firewall that is not able to redirect an external IP address from an internal server to an a different internal server, so I had to use the internal domainname for the cas.ticketValidationFilter.ticketValidator.proxyCallbackUrl and everything started working.
--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uportal-user...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-user/CAEKnHSSbPTK58VwxzXZQ1OPpjBHObp_usGk2NP81HhBJ6FMzfg%40mail.gmail.com.