I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas].
the log shows the CALLBACK code/filter being activated:
cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: /callback> [https-openssl-nio-8443-exec-9]
cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> [https-openssl-nio-8443-exec-9]
No redirect to cas, just a message that cas-management is unavailable.
in v7-SNAPSHOT, the SECURITY code/filter is activated:
cas-management | 2024-05-15 20:33:03,637 INFO [ org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework adapter> [https-openssl-nio-8443-exec-3]
cas-management | 2024-05-15 20:33:03,650 DEBUG [ org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> [https-openssl-nio-8443-exec-3]
And there is a redirect to cas.
The callback endpoint is behind security (when it should not be).
If you need to access cas-management, turn off cas authn
mgmt.cas-sso=false
and use spring security login default:
username: user
password:
logged on first access to the application:
cas-management | 2024-05-15 20:30:13,159 WARN [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - <
cas-management |
cas-management | Using generated security password: 5243a8b5-cd24-47e7-9f46-103fee3c2ebb