Re: [cas-user] CAS 7.0.4 Can't get cas-management (7.0.0-SNAPSHOT) to authenticate to CAS

[Ray Bon]

Tom,

I am experiencing the same problem (too many redirects).
I will be comparing the behaviour of cas-management 6.5 to 7-snapshot today.

Ray

On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote:

You don't often get email from ajjrei...@gmail.com. Learn why this is important

I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not get Password reset working on 6.6.15).

Password reset is working fine, but if I try to login to cas-management I end up in a redirection loop.

I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an apache reverse proxy).

If I browse to cas-management, it redirectts to cas (as expected). If I login as the user mentioned in the users.json file configured in management.properties I get redirected to 

https://cas.XXXX/cas-management/callback?client_name=CasClient&ticket=xxxxx

So far so good. But then I get redirected to cas again (that verifies the ticket) and redirects to cas-management, etc.

What am I doing wrong??

The service definition for cas-management is as follows:

{
  @class: org.apereo.cas.services.CasRegisteredService
  serviceId: ^https://cas.XXXXX/cas-management.*
  name: CAS Management
  id: 1001
  description: Management of CAS enabled services
  evaluationOrder: 5
  logoutUrl: https://cas.XXXXX/cas-management/logout
}

Regards,

Tom

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/52648d65b1a49df03c7ffbf19dd56fa9633268cc.camel%40uvic.ca.

[Ray Bon]

I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas].

In cas-management 6.5, if one directly access the callback endpoint, https://local.uvic.ca/cas-management/callback

the log shows the CALLBACK code/filter being activated:

cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: /callback> [https-openssl-nio-8443-exec-9]

cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> [https-openssl-nio-8443-exec-9]

No redirect to cas, just a message that cas-management is unavailable.

in v7-SNAPSHOT, the SECURITY code/filter is activated:

cas-management | 2024-05-15 20:33:03,637 INFO [ org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework adapter> [https-openssl-nio-8443-exec-3]

cas-management | 2024-05-15 20:33:03,650 DEBUG [ org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> [https-openssl-nio-8443-exec-3]

And there is a redirect to cas.

The callback endpoint is behind security (when it should not be).

If you need to access cas-management, turn off cas authn

mgmt.cas-sso=false

and use spring security login default:

username: user

password:

logged on first access to the application:

cas-management | 2024-05-15 20:30:13,159 WARN [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - <

cas-management |

cas-management | Using generated security password: 5243a8b5-cd24-47e7-9f46-103fee3c2ebb

see https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/boot-features-security.html

To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/920326c32b331054636f1d1350b48876c0f142ea.camel%40uvic.ca.