CAS 5.0 SAML Authentication Request
401 views
Skip to first unread message
Todd Pratt
Jan 30, 2017, 2:57:07 PM1/30/17
to CAS Community
Hi,
I'm having an issue setting up CAS 5.0 as a SAML IdP. If I log into another app first like the CAS management application and then go to my saml test application it sends a SAMLRequest and then it redirects and I get back my user profile as expected. If I don't log into another application first and go to my saml test application it sends a SAMLRequest and I get sent to the login page I enter my username and password and click "Login" and it goes to a blank page and it doesn't go any further. I also don't see any log statement after I click "Login". Below is the login URL and below that is my post form. I also attached a portion of the log file and metadata file. I've been looking through the code and can't figure out where my issue is at, so any help would be greatly appreciated.
URL:
SAML Post Form
<html><body onload="document.forms[0].submit()" ><NOSCRIPT>Your browser does not support JavaScript. Please click the Continue button below to proceed. <br /></NOSCRIPT><form method="post" action="https://cas.mydomain.com:8443/cas/idp/profile/SAML2/POST/SSO"> <input type="hidden" name="SAMLRequest" value="PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6QXV0aG5SZXF1ZXN0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cDovLzE3Mi4yNC45OC4xNjk6ODA4MC9zYW1sX3Rlc3QyL3NzbyIgRGVzdGluYXRpb249Imh0dHBzOi8vY2FzLm1vcmxleXdlYi5jb206ODQ0My9jYXMvaWRwL3Byb2ZpbGUvU0FNTDIvUE9TVC9TU08iIElEPSJiNDI0ZTlmMy1kMzRlLTRlZmMtYTMxNS05ZjBiMjA1MWYzNTkiIElzc3VlSW5zdGFudD0iMjAxNy0wMS0zMFQxOToyMDowMi41MTBaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWwyOklzc3VlciB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+aHR0cDovLzE3Mi4yNC45OC4xNjk6ODA4MC9zYW1sX3Rlc3QyPC9zYW1sMjpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3JzYS1zaGExIi8+PGRzOlJlZmVyZW5jZSBVUkk9IiNiNDI0ZTlmMy1kMzRlLTRlZmMtYTMxNS05ZjBiMjA1MWYzNTkiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIi8+PGRzOkRpZ2VzdFZhbHVlPmpFTC9rVzRaTzNBaGVubmNDNWp6TVpMZlFXUT08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+aFp3WHBvYmkvQ2NmbTBUWkM3R3FVWmdpK2dKS29KOXlYNThyMjhEV1kwdVdBd2l0NFp3aHJIREZPM0l5RUhNOE9Na281RUYvN0JzaXRMemVEM05HOWhoNHpEYVdOQkJibHJ2bVk1TlVmck1GOTltM1A0eEhOTlJGYVNxQ1Q1MmlWK0ljMXlmR0RYTU5ycUMwYytnVkNnZEprSFJ4OE42cFZhcjFTK3hsaU5WS0JqUnZIRjNzaWZQOVMwQ3JQOTdZU1pHYTc3VVNBMEREYVlGdlN1dUEyb0xBMFpjZDhSMFRKL0lybEdPbGwxZjBoV2pOQXZhVExhSFFKK3BRWjEwZ20yQnhhRkJhODRKWmVPWFY0WVRnTFpORmp3ZnNlWndSZk40QUozNldaenJ3dzRQN1prUzNMWHA4Z05aSTE2WkFtYTgyLzRzVTA4b0NFR3FXY2tmT01nPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpLZXlWYWx1ZT48ZHM6UlNBS2V5VmFsdWU+PGRzOk1vZHVsdXM+aHQ2bjh1SkxHc0kxTUtCbmZ0NlNmeElSMEtYZllPMUhEU3hHUXRrak04Vzd6REpmbjgzWGlzemhqeUdtdnBjMUNDam12RmtCNXpyOQpIRmRqbzBDcllYZ2tUK0k3STFFL1hCa3JtaHVNbXpabFNHQWc3WDZEYkdERXpaSDVqM0w1dW1hblF3V3hpR2pndU9RRUR3M3JnelZsClZja1BhTWQwclB3UHV6b1Q2ZERSY3VSR2xiRXcrbTlId0h4STlFNGFlZDFFUGhuWmRSVFRFV1hlSjRyMGlNelZNbEtmMG5ZSHVqem0KOW5yb08vNVZOR2NSMGZaUGlLclFYeWsxRUlQZnBRVzZWaURKVHdJd3NDOGFqbUtSbzVlTFEvdFBKaVBjWTgxdTlRTXd0ZUNCL3AxRgpnNiswWWFOV1FsbHdpc1A0dUlsVzVaVG1JbFBBU2ZRajAzYXpOUT09PC9kczpNb2R1bHVzPjxkczpFeHBvbmVudD5BUUFCPC9kczpFeHBvbmVudD48L2RzOlJTQUtleVZhbHVlPjwvZHM6S2V5VmFsdWU+PGRzOlg1MDlEYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJRk16Q0NCQnVnQXdJQkFnSUpBUGtkeWZHWE56dzNNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JRzBNUXN3Q1FZRFZRUUdFd0pWVXpFUQpNQTRHQTFVRUNCTUhRWEpwZW05dVlURVRNQkVHQTFVRUJ4TUtVMk52ZEhSelpHRnNaVEVhTUJnR0ExVUVDaE1SUjI5RVlXUmtlUzVqCmIyMHNJRWx1WXk0eExUQXJCZ05WQkFzVEpHaDBkSEE2THk5alpYSjBjeTVuYjJSaFpHUjVMbU52YlM5eVpYQnZjMmwwYjNKNUx6RXoKTURFR0ExVUVBeE1xUjI4Z1JHRmtaSGtnVTJWamRYSmxJRU5sY25ScFptbGpZWFJsSUVGMWRHaHZjbWwwZVNBdElFY3lNQjRYRFRFMgpNRFF5TlRFMk1qTTBNVm9YRFRFNU1EUXlPREUwTlRZek1Gb3dQVEVoTUI4R0ExVUVDeE1ZUkc5dFlXbHVJRU52Ym5SeWIyd2dWbUZzCmFXUmhkR1ZrTVJnd0ZnWURWUVFEREE4cUxtMXZjbXhsZVhkbFlpNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXcKZ2dFS0FvSUJBUUNHM3FmeTRrc2F3alV3b0dkKzNwSi9FaEhRcGQ5ZzdVY05MRVpDMlNNenhidk1NbCtmemRlS3pPR1BJYWErbHpVSQpLT2E4V1FIbk92MGNWMk9qUUt0aGVDUlA0anNqVVQ5Y0dTdWFHNHliTm1WSVlDRHRmb05zWU1UTmtmbVBjdm02WnFkREJiR0lhT0M0CjVBUVBEZXVETldWVnlROW94M1NzL0ErN09oUHAwTkZ5NUVhVnNURDZiMGZBZkVqMFRocDUzVVErR2RsMUZOTVJaZDRuaXZTSXpOVXkKVXAvU2RnZTZQT2IyZXVnNy9sVTBaeEhSOWsrSXF0QmZLVFVRZzkrbEJicFdJTWxQQWpDd0x4cU9ZcEdqbDR0RCswOG1JOXhqelc3MQpBekMxNElIK25VV0RyN1JobzFaQ1dYQ0t3L2k0aVZibGxPWWlVOEJKOUNQVGRyTTFBZ01CQUFHamdnRzhNSUlCdURBTUJnTlZIUk1CCkFmOEVBakFBTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU9CZ05WSFE4QkFmOEVCQU1DQmFBd053WUQKVlIwZkJEQXdMakFzb0NxZ0tJWW1hSFIwY0RvdkwyTnliQzVuYjJSaFpHUjVMbU52YlM5blpHbG5Nbk14TFRJeU9TNWpjbXd3WFFZRApWUjBnQkZZd1ZEQklCZ3RnaGtnQmh2MXRBUWNYQVRBNU1EY0dDQ3NHQVFVRkJ3SUJGaXRvZEhSd09pOHZZMlZ5ZEdsbWFXTmhkR1Z6CkxtZHZaR0ZrWkhrdVkyOXRMM0psY0c5emFYUnZjbmt2TUFnR0JtZUJEQUVDQVRCMkJnZ3JCZ0VGQlFjQkFRUnFNR2d3SkFZSUt3WUIKQlFVSE1BR0dHR2gwZEhBNkx5OXZZM053TG1kdlpHRmtaSGt1WTI5dEx6QkFCZ2dyQmdFRkJRY3dBb1kwYUhSMGNEb3ZMMk5sY25ScApabWxqWVhSbGN5NW5iMlJoWkdSNUxtTnZiUzl5WlhCdmMybDBiM0o1TDJka2FXY3lMbU55ZERBZkJnTlZIU01FR0RBV2dCUkF3cjBuCmpzdzBnekNpTTlmN2JMUHd0Q3lBempBcEJnTlZIUkVFSWpBZ2dnOHFMbTF2Y214bGVYZGxZaTVqYjIyQ0RXMXZjbXhsZVhkbFlpNWoKYjIwd0hRWURWUjBPQkJZRUZJWmVSV1ZnWjRXRGZUeDVFbHg3ZWhSaFRPMk5NQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUFsSE1zRgpBdklkRzVUY2Noa0EyQm9zSFFNMnplTm5wZE40NkRINGZ6QjdiRjVBYXE5L0g2ekJhbDM3dDhGZk5uQlRvTDl5amVxbzI1SmVkNUd3CnFraS8vaVYrcHNoeW1sWnY1ZmcyV1NYK2Nka3FhamVUS3hEYlZlbkpkTmVmeDZ5WEJuNGJzSWJsN3ppSldjdkJGVkd0d0FkdlRKcE0KbzVtbEo4SkNZSnhFVHgxd3BocEthMUp5L3lOT0d1eWUwSGxiSENUU2RUazNrN1RBRFhMb3p3RkRjYTNUY3pyUllDMkNSSnUwdmErdgpSSjJFZ0ZBTHVtV0U4blFMOGc1T3ZOMkU3WjZwY1BGL1RMU1gvUi9ZWDFFbU1teFRTQ3ZmdEZDeE5QaVA4dzltYzBHSWJuZmhlZmhLClNiT3RYMzFzcElyR3hJVDlmZEljdGN6TUtZQTd3U09MPC9kczpYNTA5Q2VydGlmaWNhdGU+PC9kczpYNTA5RGF0YT48L2RzOktleUluZm8+PC9kczpTaWduYXR1cmU+PC9zYW1scDpBdXRoblJlcXVlc3Q+" /> <input type="hidden" name="RelayState" value="http://172.24.98.169:8080/saml_test2/" /> <input type="hidden" name="TARGET" value="http://172.24.98.169:8080/saml_test2/" /> <NOSCRIPT><input type="submit" value="Continue" /></NOSCRIPT> </form><script>document.forms[0].submit();</script><body></html>
##
# CAS SAML
#
cas.authn.samlIdp.entityId=https://cas.mydomain.com:8443/idp
cas.authn.samlIdp.hostName=cas.mydomain.com
cas.authn.samlIdp.scope=mydomain.com
cas.authn.samlIdp.metadata.cacheExpirationMinutes=30
cas.authn.samlIdp.metadata.failFast=true
cas.authn.samlIdp.metadata.location=/etc/cas/saml
cas.authn.samlIdp.metadata.privateKeyAlgName=RSA
cas.authn.samlIdp.metadata.requireValidMetadata=true
# cas.authn.samlIdp.metadata.basicAuthnUsername=
# cas.authn.samlIdp.metadata.basicAuthnPassword=
# cas.authn.samlIdp.metadata.supportedContentTypes=
# cas.authn.samlIdp.logout.forceSignedLogoutRequests=true
# cas.authn.samlIdp.logout.singleLogoutCallbacksDisabled=false
cas.authn.samlIdp.response.skewAllowance=0
cas.authn.samlIdp.response.signError=false
# cas.authn.samlIdp.response.overrideSignatureCanonicalizationAlgorithm=
# cas.authn.samlIdp.response.useAttributeFriendlyName=true
Misagh Moayyed
Jan 31, 2017, 4:39:29 AM1/31/17
to cas-...@apereo.org
Running on/inside what kind of server/container?
--Misagh
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/bb88db88-d700-41ca-99b0-b99cfbeae7f1%40apereo.org.
Todd Pratt
Jan 31, 2017, 9:37:35 AM1/31/17
to CAS Community, mmoa...@unicon.net
It's running as a war file in tomcat 8 & java 8.
Misagh Moayyed
Jan 31, 2017, 1:38:31 PM1/31/17
to CAS Community
You probably need to adjust/increase the HttpHeaderSize and HttpPostSize parameters for tomcat. Tomcat logs should indicate this, if it’s the cause.
--Misagh
This email has been scanned for spam and viruses by Proofpoint Essentials. Click here to report this email as spam.
=
Todd Pratt
Jan 31, 2017, 2:33:50 PM1/31/17
to cas-...@apereo.org
Yes that fixed it, Thank you!!!
You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group.
To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/RdhVWiGoZnU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/021901d27bf1%2433c29290%249b47b7b0%24%40unicon.net.
SOPHIE Fang
Aug 22, 2017, 11:36:47 AM8/22/17
to CAS Community
How did you change the headersize and postsize?
在 2017年1月31日星期二 UTC-5下午2:33:50,Todd Pratt写道:
I did following in my server.xml.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxPostSize="67589953" />
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443"
maxHttpHeaderSize="67589953" />
when i restarted the server, it threw bindException address in bind error.
----------No server uses the same port.....
But i can still hit the server when it completed the startUp.
在 2017年1月31日星期二 UTC-5下午2:33:50,Todd Pratt写道:
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/021901d27bf1%2433c29290%249b47b7b0%24%40unicon.net.
SOPHIE Fang
Aug 22, 2017, 11:39:21 AM8/22/17
to CAS Community
Also, i still see the same issues as you did.. sorry about the bothering.. SAVE ME
在 2017年8月22日星期二 UTC-4上午11:36:47,SOPHIE Fang写道:
在 2017年8月22日星期二 UTC-4上午11:36:47,SOPHIE Fang写道:
To unsubscribe from this topic, visit <a href="ht
Message has been deleted
SOPHIE Fang
Aug 22, 2017, 12:35:13 PM8/22/17
to CAS Community
EH.. I still need your tomcat headersize postsize configuration...
i did below and it still gave me 400 error back
i did below and it still gave me 400 error back
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" maxPostSize="-1" maxHttpHeaderSize="-1"/>
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\etc\cas\.cas" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
在 2017年1月31日星期二 UTC-5下午2:33:50,Todd Pratt写道:
Yes that fixed it, Thank you!!!
To unsubscribe from this group and all its topics, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/021901d27bf1%2433c29290%249b47b7b0%24%40unicon.net.
Todd Pratt
Aug 22, 2017, 12:46:03 PM8/22/17
to CAS Community
You need to define a max header size, below is what I used.
maxPostSize="-1" maxHttpHeaderSize="2097152"
Message has been deleted
SOPHIE Fang
Aug 22, 2017, 1:10:40 PM8/22/17
to CAS Community
yeah.. i tried quite a lot of different combination.. i also tried the one you suggested. i guess when i copy paste i was trying something else..none works though.. I just tried your again..it doesn't work..bleeding brain..
在 2017年8月22日星期二 UTC-4下午12:46:03,Todd Pratt写道:
在 2017年8月22日星期二 UTC-4下午12:46:03,Todd Pratt写道:
SOPHIE Fang
Aug 22, 2017, 1:11:23 PM8/22/17
to CAS Community, mmoa...@unicon.net
Hi Misagh,
I have adjusted sizes like according to Todd's suggestion but still getting http400 error back:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" maxPostSize="-1" maxHttpHeaderSize="2097152" />
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="C:\etc\cas\.cas" keystorePass="changeit"
clientAuth="false" sslProtocol="TLS"/>
Here is the request that get HTTP 400
10.4.33.12 - - [22/Aug/2017:12:51:51 -0400] "POST /cas/login?service=https%3A%2F%2Fabg-c100444%3A8443%2Fcas%2Fidp%2Fprofile%2FSAML2%2FPOST%2FSSO%2FCallback.%2B%3FentityId%3Dhttp%253A%252F%252Fnsdy4-tableau%26SAMLRequest%3DPD94bWwgdmVyc2lvbj0iMS4wI.......................HVlPjxkczpLZXlJbmZvPjxkczp...........QkFRVUZBREJlTVJNd0VRWUsNCkNaSW1pWlB5TEdRQkdSWURZMjl0TVJ3d0dnWUtDWkltaVpQeUxHUUJHUllNWVc1amFHOXlZV2RsWTJGd01SUXdFZ1lLQ1pJbWlaUHkNCkxHUUJHUllFWTI5eW.....................VdEUXg3TVBzYzFWT01ZWUxNc0NGK0ZlYzhp................28NCnFmRWVqM......NvVU4zdWV2ZGNaWVNuN3BDdjJmWDhRc3BERHpLYm04Y3lYaDcNCkR............UrbzNDVGh3cWFlRytJU2h5ZUxNejZjVmdBNDh2cng1QTdYRVpPY0tMWE8NCkRCK2FYazMxODFaRzJCbjFFeHFuR2x4anFPdlF0R3RCU010VE9OcVN6KzRKcVFJREFRQUJvNElDZHpDQ0FuTXdIUVlEVlIwT0JCWUUNCkZIZXFJKzBSWjNITzdaWkIzTnN1.........................RsWTJGd0xtTnZiUzlEWlhKMFJXNXliMnhzTDA1Wk5DMUVRekV1WTI5eWNDN..................................yUWI5c09JSEdrL2dOMTJtYWhnOURrTWZuZUwwNmhhTGtrcndndXFUcnFQbW.....d0VCOEFwazVHcy9GOG5MYUlmMTdVbU8rQ3ZJMVc5S2FCSGRFYmVDb1JCNXlyOD08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25hdHVyZT48L3NhbWwycDpBdXRoblJlcXVlc3Q%252B%26RelayState%3Ddest%253D%25252F%2526sendPodInfo%253Dfalse%2526authSetting%253D%2526siteLuid%253D%2526embedded%253Dfalse HTTP/1.1" 400 -
Form Data
username=sophie.fang&password=1234556&execution=4c7..5b-4..ca-4a.1-8e4e-1..e571c_ZX..GJH...VXpV..uVE..WEZoTkhKMVdVUnlOSEp4VFU5eFQx............a3hwT1dnNVlXOXhPV1p....RiakJ2VEZScWVqTkJkbUp3T1RWeU1TOWpXaXRKWWxBNU1tWldTMF..2UVRZM05HRkxUSFZXV0hCRFNVUkpRekZ..bVYzWkhkVEZoWVVoRFZXUXpTVlY2ZVV...................................iS09jb1JJMWE2S0E%3D&_eventId=submit&geolocation=
在 2017年1月31日星期二 UTC-5下午1:38:31,Misagh Moayyed写道:
SOPHIE Fang
Aug 23, 2017, 9:17:19 AM8/23/17
to CAS Community
How did you see the SAML post form?.. i would like to check mine comparing to yours..
在 2017年8月22日星期二 UTC-4下午12:46:03,Todd Pratt写道:
You need to define a max header size, below is what I used.
Todd Pratt
Aug 23, 2017, 4:29:40 PM8/23/17
to CAS Community
In your log4j2.xml file change the log level to trace on the following appenders. You may need to add them if they are not in that file.
<AsyncLogger name="org.apereo" level="trace" additivity="false" includeLocation="true">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
</AsyncLogger>
<AsyncLogger name="org.opensaml" level="trace" additivity="false">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
</AsyncLogger>
SOPHIE Fang
Aug 23, 2017, 5:12:45 PM8/23/17
to CAS Community
Can i get your cas.properties file?..I am integrating with Tableau and i used below according to CAS properties Documentation.
The SSO works when i first log into CAS server, then hit tableau. However, when i hit tableau directly, it gave me 400 error.
在 2017年8月23日星期三 UTC-4下午4:29:40,Todd Pratt写道:
cas.samlSP.tableau.metadata=/etc/cas/saml/tableau.xml
cas.samlSP.tableau.name=Tableau
cas.samlSP.tableau.description=Tableau Integration
cas.samlSP.tableau.attributes=username
在 2017年8月23日星期三 UTC-4下午4:29:40,Todd Pratt写道:
SOPHIE Fang
Aug 25, 2017, 12:55:26 PM8/25/17
to CAS Community
SOLVED. maxPostSize and maxHttpHeaderSize shall be put along with port 8443. Then it shouldn't be an extreme big number like 1 billion which failed me. depending on how much memory tomcat has, i put 1 million and it resolved...
在 2017年8月23日星期三 UTC-4下午5:12:45,SOPHIE Fang写道:
在 2017年8月23日星期三 UTC-4下午5:12:45,SOPHIE Fang写道:
Reply all
Reply to author
Forward
0 new messages