Loading different views depending on multiple domains

[snaffy]

How to load different views based on the domains if the client application is behind the apache2 proxy. Going to details - CAS client configuration requires "serverName" parameter.

"The name of the server this application is hosted on. Service URL will be dynamically constructed using this, i.e. https://localhost:8443 (you must include the protocol, but port is optional if it's a standard port)."). Based on it and the relevant service registers, CAS can decide which template to load.

However, my problem comes down to the question of how to load the right view when I am using apache2 and virtual glassfish servers. 

<VirtualHost *:433>

    ServerName test1.domain.com

    ProxyPass /WebApp http://test1.domain.com:8081/WebApp

    ProxyPassReverse /WebApp http://test1.domain.com:8081/WebApp

    ProxyPass / http://test1.domain.com:8081/WebApp

    ProxyPassReverse / http://test1.domain.com:8081/WebApp

    ProxyPreserveHost On

    ProxyTimeout 1500

    SetEnv           force-proxy-request-1.0 1

    SetEnv           proxy-nokeepalive       1

    SetEnv proxy-initial-not-pooled 1

    RewriteEngine On

    RewriteCond /var/www/maintenance.html -f

    RewriteCond %{REQUEST_FILENAME} !/maintenance.html

    RewriteRule ^.*$    /var/www/maintenance.html [L]

</VirtualHost>

<VirtualHost *:433>

    ServerName test2.domain.com

    ProxyPass /WebApp http://test2.domain.com:8081/WebApp

    ProxyPassReverse /WebApp http://test2.domain.com:8081/WebApp

    ProxyPass / http://test2.domain.com:8081/WebApp

    ProxyPassReverse / http://test2.domain.com:8081/WebApp

    ProxyPreserveHost On

    ProxyTimeout 1500

    SetEnv           force-proxy-request-1.0 1

    SetEnv           proxy-nokeepalive       1

    SetEnv proxy-initial-not-pooled 1

    

    RewriteEngine On

    RewriteCond /var/www/maintenance.html -f

    RewriteCond %{REQUEST_FILENAME} !/maintenance.html

    RewriteRule ^.*$    /var/www/maintenance.html [L]

</VirtualHost>

Going to the application through the test1.domain.com, the service parameter will look like this

https://sso.server.com/cas/login?service=https%3A%2F%2Ftest1.domain.com%2FWebApp%2F

However, it will look the same with test2.domain.com, therefore, cas will not load different views because my client has a clearly defined only one ${cas.service.host}

<bean id="casAuthenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter">

        <property name="casServerLoginUrl" value="${cas.server.host}/login"/>

        <property name="serverName" value="https://${cas.service.host}"/>

</bean>

Thanks in advance for your help, any suggestions are welcome.

[Ray Bon]

You can set the serverName parameter to the value you need test1.domain.com instead of localhost.

This you should be able to do in the glassfish server (in tomcat do this in $TOMCAT_HOME/bin/setenv.sh).

CATALINA_OPTS="$CATALINA_OPTS -Dcas.service.host=test1.domain.com"

export CATALINA_OPTS

If test1 and test2 are serving the same content (apache as load balancer), then set serverName to the name of the apache server (and configure apache as a load balancer instead of two separate virtual hosts).

Ray

-- 
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca

[snaffy]

I do not really understand how it could help me.

Both domains through apache2 proxy configuration point to the same application - WebApp (specifically, they refer to the appropriate glassfish virtual servers and the application uses them). The problem is that serverName is a parameter related to the application (cas client) and I can not set it dynamically depending on what domain the user is using. 

If the cas client (WebApp) configuration looks like:

<bean id="casAuthenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter">

        <property name="casServerLoginUrl" value="${cas.server.host}/login"/>

        <property name="serverName" value="https://test1.domain.com"/>

</bean>

then, going to the application using the test1.domain.com domain, the service parameter will look like this:

https://sso.server.com/cas/login?service=https%3A%2F%2Ftest1.domain.com%2FUtilimarcWebUI%2F

Going to the application using the test2.domain.com domain, the service parameter will look like the following:

https://sso.server.com/cas/login?service=https%3A%2F%2Ftest1.domain.com%2FUtilimarcWebUI%2F - the same template will always be loaded.

I can also directly specify the address of the service parameter

<bean id="casAuthenticationFilter" class="org.jasig.cas.client.authentication.AuthenticationFilter">

<property name="casServerLoginUrl" value="${cas.server.ip}/cas/login" />

<property name="serverName" value="test1.domain.co" />

<property name="service" value="https://test2.domain.com/casclient" />

</bean>

-- > https://sso.server.com/cas/login?service=https%3A%2F%2Ftest2.domain.com%casclient%2F

So my problem comes down to questions how to determine the service parameter in a dynamic way? Depending on the domain that the user went through?

[Ray Bon]

If you can not deploy WebApp with the serverName set, you should be able to set the variable for cas.service.host when you start glassfish.

Something like (I do not know glassfish):

glassfishstartupscrip.sh -Dcas.service.host=test1.domain.com

You may be able to put the variable in the glassfish startup script or some other glassfish config file.

A note about your virtual host config. ProxyPass and ProxyPassReverse need to have a trailing /

ProxyPass / http://test1.domain.com:8081/WebApp/

Ray

[snaffy]

But I can specify the serverName / service parameter at the application configuration stage and I do it. However, how can cas load different views since it will always be the same? (service parameter). I strive for the following situation:

when the user uses the https://test1.domain.com/WebApp address the standard login format will appear (authentication by the database)

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://test1.domain.com/.*",

  "name" : "JDBC",

  "id" : 1003,

  "description" : "Standard authentication method for users",

  "evaluationOrder" : 51,

  "requiredHandlers" : [ "java.util.HashSet", [ "QueryAndEncodeDatabaseAuthenticationHandler" ] ],

  "theme" : "apereo"

}

while by address https://test2.domain.com/WebApp the button with authentication by SAML protocol will appear

{

  "@class" : "org.apereo.cas.services.RegexRegisteredService",

  "serviceId" : "^https://test2.domain.com/.*",

  "name" : "SAML",

  "id" : 1002,

  "description" : "SAML services",

  "evaluationOrder" : 50,

  "attributeReleasePolicy" : {

    "@class" : "org.apereo.cas.services.ReturnAllAttributeReleasePolicy"

  },

  "theme" : "customsaml"

}

[Ray Bon]

Perhaps I am not fully understanding your situation.

If user goes to test1.domain.com the cas client there will redirect to sso.server.com/cas/login?service=test1.domain.com

test2.domain.com cas client will redirect to sso.server.com/cas/login?service=test2.domain.com

CAS will pick the right service and present the correct theme. If necessary you can turn logging for org.apereo to trace (set cas.log.level) to see what is happening.

Ray

[Pascal Rigaux]

serverName can contain several values, space separated.
Cf code !
https://github.com/apereo/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/util/CommonUtils.java#L230

snaffy <art....@gmail.com> a écrit :

--
Pascal Rigaux