phantomtypist
commented
5 years ago Well, that should work with what you have there.
My best guess is that your CAS server has disabled certain secure channels (schannel) and the ones it has enabled.... aren't matching or being used on the server your application runs on.
For example: let's say that your CAS server only allows TLS 1.2. Now, if your web application server allows TLS 1.1 and TLS 1.2 that's great, BUT... is your ASP.NET application configured to use the correct security protocol? By default in .NET 4.0/4.5.x only TLS 1.1 is used even if the server it's running on supports TLS 1.2. If you don't physically force a .NET 4.x application to use TLS 1.2 then it won't... it'll use TLS 1.1 if it's enabled. Right when your application starts up you have to call ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12; That's actually if you are using .NET 4.5.x. I believe 4.6 or 4.7 use TLS 1.2 as the default. If your app is using .NET 4.0 then you'll have to do a hack because the SecurityProtocol enum will not have the Tls12 entry. For that use ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;.
When Firefox is saying "server is redirecting the request for this address in a way that will never complete", Firefox is saying it has detected a cyclical redirect between CAS and your server. The client browser authenticates just find with CAS, provided they have TLS 1.2 enabled, and gets redirected back to your application. At that point the application will contact your CAS server from the server-side to validate the authenticate ticket the client browser provided your application. If your CAS server only allows TLS 1.2 and your application is not configured to use TLS 1.2, then the HTTP request to your CAS server from your application will fail because they two will not be able to communicate. At that point your application will think "hey, I can't contact CAS, we can't validate this users' authentication" and thus redirect the client browser back to the CAS login site to force the user to authenticate with CAS again. The end user/browser won't show the login page again because as far as the CAS server is concern then browser is authenticated.... and around and around we go in an endless circle :)
That's my guess as to what your problem is.
eastsea2
I am trying to set up the ExampleWebSite. It gave me this error message &&&&&&&&&&&&&&&&&&&&&&&&&&&& The page isn’t redirecting properly Firefox has detected that the server is redirecting the request for this address in a way that will never complete. This problem can sometimes be caused by disabling or refusing to accept cookies. &&&&&&&&&&&&&&&&&&&&&&&&&&&&
Can you help me? What is wrong in my web.config? This is the lines I edited in the file: ########################################## <casClientConfig casServerLoginUrl="https://login.vcu.edu/cas/login" casServerUrlPrefix="https://login.vcu.edu/cas/" serverName="donghai.vcu.edu/CAS1.1/ExampleWebSite/" ............ <forms loginUrl="https://login.vcu.edu/cas/login" ##########################################
Thanks.