Closed Panmax closed 7 years ago
@Panmax Thank you for feedback, can you please share with me your configuration file?
The strange thing is the multiple '?' char between url.
And if you have more log on log output :)
this is my config file:
server:
port: 8081
security:
cas:
server:
base-url: http://127.0.0.1:8080/cas/
service:
resolution-mode: dynamic
ignored: /ignored
and there is no error log in terminal.
this config is ok:
server:
port: 8081
security:
cas:
server:
base-url: http://127.0.0.1:8080/cas/
service:
base-url: http://127.0.0.1:8081
ignored: /ignored
In fact it's more an issue with static
mode which does not compute URL correctly
http://localhost:8781/cas/p3/proxyValidate?pgtUrl=%2Fcas%2Fproxy-callback&ticket=ST-12-jcxNnklCEm3bIEIdjbb7-6caae9445ce0&service=http%3A%2F%2F127.0.0.1%3A8080%2Flogin
Check pgtUrl
parameter is not a valid url, thus is disabling pgt callback.
I think when fixed you will have same problem with static
and dynamic
.
Does your CAS server is able to contact your service, during PGT callback process?
@Panmax When 0.1.2
will be released can you please upgrade your configuration like following:
server:
port: 8081
security:
cas:
server:
base-url: http://127.0.0.1:8080/cas/
service:
proxy-callback-enabled: false
resolution-mode: dynamic
ignored: /ignored
ok, i will try. thank you.
I will release it in 5min (+ time to maven central to be fresh)
i am a new CAS user, i don't know what's PGT callback process.
My CAS config :
server.context-path=/cas
cas.server.port=
cas.server.http.port=8080
cas.server.name: http://127.0.0.1:8080
cas.server.prefix: http://127.0.0.1:8080/cas
cas.adminPagesSecurity.ip=127\.0\.0\.1
logging.config: file:/etc/cas/config/log4j2.xml
# cas.serviceRegistry.config.location: classpath:/services
cas.authn.accept.users=
server.ssl.enabled=false
cas.tgc.secure=false
cas.warningCookie.secure=false
cas.logout.followServiceRedirects=true
cas.authn.jdbc.query[0].sql=select password from account where username=?
cas.authn.jdbc.query[0].healthQuery=SELECT 1 FROM INFORMATION_SCHEMA.VIEWS
cas.authn.jdbc.query[0].isolateInternalQueries=false
cas.authn.jdbc.query[0].url=jdbc:mysql://localhost:3306/jupiter?&useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false
cas.authn.jdbc.query[0].failFast=true
cas.authn.jdbc.query[0].isolationLevelName=ISOLATION_READ_COMMITTED
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQL56InnoDBDialect
cas.authn.jdbc.query[0].leakThreshold=10
cas.authn.jdbc.query[0].propagationBehaviorName=PROPAGATION_REQUIRED
cas.authn.jdbc.query[0].batchSize=1
cas.authn.jdbc.query[0].user=root
cas.authn.jdbc.query[0].ddlAuto=update
cas.authn.jdbc.query[0].maxAgeDays=180
cas.authn.jdbc.query[0].password=
cas.authn.jdbc.query[0].autocommit=false
cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver
cas.authn.jdbc.query[0].idleTimeout=500
cas.authn.jdbc.query[0].passwordEncoder.type=DEFAULT
cas.authn.jdbc.query[0].passwordEncoder.encodingAlgorithm=MD5
@Panmax Unfortunately I'm most a CAS client user than CAS server power user so I can't help you with CAS server configuration.
About proxy callback you may find some useful information here https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
But to summaries, when client validate the ticket using /serviceValidate
or /proxyValidate
API if you add pgtUrl
as parameter (see specification) then CAS server will contact your server (is new request, CAS server will use its own http client) to send you PGT
proxy granting ticket ticket (ticket that in mandatory to ask PT
proxy ticket ticket). But if CAS server is not able to contact your server (network issue, DNS issue, etc?) it will break the flow.
i understood, thank you very much.
@Panmax After more thinking I will change configuration, I will delete proxy-callback-enabled
property instead I will do other way. I will keep you in touch
👌🏻
i upgrade to 0.1.2 but when i visit my site, it doesn't redirect to CAS login page, but shows Hello anonymous.
Artifact is not yet upload. I think maven simply just not find the artifact that has disable starter since maven can't fetch it
alright😂
@Panmax with this new PR
you will no need to change your initial configuration, so please keep
server:
port: 8081
security:
cas:
server:
base-url: http://127.0.0.1:8080/cas/
service:
resolution-mode: dynamic
ignored: /ignored
@Panmax Just deploy to maven central, you should now use 0.1.2
version
but static mode is ok.