[cas-user] Infinite loop problem between Cas Server and Cas Services Management

[Ayé Rayé]

Hello,

I have an infinite loop problem with my configuration on Cas Server and Cas Services Management. I precise I use the latest version of Cas Server, 5.0.2 . And for Cas Services Management I used  Maven war overlay on master branch. After authentication with casuser I enter in a loop with two urls:

https://cas.server:8443/login?service=https%3A%2F%2Fcas.mgmt%3A8443%2Fcallback%3Fclient_name%3DCasClient

and 

https://cas.mgmt:8443/callback?client_name=CasClient&ticket=ST-20-1XvJaiZgJ6zW7o2lJRyp-MW7Dkmzd  with a new ST ticket each time.

What's my mistake? Can you help me to have the right configuration please ?

I have added as attachments the configuration of the two applications. 

- application.properties for Cas Services Management

- bootstrap.properties for Cas Services Management

- management.properties for Cas Services Management

- cas-management.log for Cas Services Management

- cas.log for Cas Sever

- cas.properties for Cas Server

Thanks for your help.

Ayé Rayé

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9a43ef2-f255-46e5-bba7-c4aca7e3e55f%40apereo.org.

[Ayé Rayé]

Hi all,

No one has a solution for my problème ?

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a0706304-c591-4f71-bb7c-2ef848401ed8%40apereo.org.

[Uxío Prego]

Bonsoir, bienvenue á la liste.

> No one has a solution for my problem?

Probably someone has a solution for your problem. That does not
necessarily mean s/he is going to share a solution soon, even ever. Keep
working on your own while you wait for answers and feel free to answer
yourself to help others if you get the solution to your problem.

> What's my mistake?

I don't know, I am not CAS 5 enabled yet. But I have seen similar
problems in CAS 3. There, (not necessarily now too) misconfiguration or
customisation can cause a very similar redirect loop. In that case, I
could solve it, using CAS server debugging.

> Can you help me to have the right configuration please?

Sadly, not me.

Regards,

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/DD85929E-D5C1-4A0E-800A-FB8BE8200AB7%40madiva.com.

[Misagh Moayyed]

https://apereo.github.io/cas/development/installation/Troubleshooting-Guide.html

--Misagh

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/002001d28251%24183f7720%2448be6560%24%40unicon.net.

[Ayé Rayé]

Hello everyone and thank you for your feedback.

I made a gross mistake of not looking at all Tomcat logs. I only came to catalina.log thinking that all the traces were there. Last night after reading your returns, I took a look in tomcat8-stdout.2017-02-08.log and there ban i see :

2017-02-08 12:48:02,739 DEBUG [org.pac4j.core.engine.J2ERenewSessionCallbackLogic] - <client: #CasClient# | callbackUrl: https://cas.mgmt:8443/callback?client_name=CasClient | configuration: #CasConfiguration# | loginUrl: https://cas.server:8443/login | prefixUrl: https://cas.server:8443/ | protocol: CAS30 | renew: false | gateway: false | encoding: UTF-8 | logoutHandler: org.pac4j.cas.logout.CasSingleSignOutHandler@1cec1ab8 | acceptAnyProxy: false | allowedProxyChains: [] | proxyReceptor: null | timeTolerance: 1000 | |>

2017-02-08 12:48:02,739 DEBUG [org.pac4j.cas.credentials.extractor.TicketAndLogoutRequestExtractor] - <casCredentials: #TokenCredentials# | token: ST-8-qvCl1FXsvQVHKtvcyyvp-MW7Dkmzd | clientName: CasClient |>

2017-02-08 12:48:02,774 ERROR [org.jasig.cas.client.util.CommonUtils] - <java.security.cert.CertificateException: No name matching cas.server found>

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching cas.server found

at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_77]

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) ~[?:1.8.0_77]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_77]

at sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_77]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:1.8.0_77]

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-util.jar:8.5.9]

at java.lang.Thread.run(Unknown Source) [?:1.8.0_77]

Caused by: java.security.cert.CertificateException: No name matching cas.server found

at sun.security.util.HostnameChecker.matchDNS(Unknown Source) ~[?:1.8.0_77]

at sun.security.util.HostnameChecker

I will then generate other keystores in agreement with my hostnames and continue my POC. I keep you informed of the outcome.  It may be useful for other people in the same situation.

A big thank to you. Very good job on Cas Server and Cas Services Management.

Ayé Rayé

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e77259b5-3dd3-477a-8e9f-cc791d72abcc%40apereo.org.

[Julio Dehesa Martin]

Hi! 

I have the same problem, did you find the solution?

Thanks!

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG

---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9b95a7e3-f1a0-4bfe-8748-3bde68c49ede%40apereo.org.