cas+spring security issue

**userio** · Oct 3rd, 2012, 10:01 AM

now I have link:
https://localhost:9443/cas-server-we...security_check
as I understand, it's a correct link, but I get the next stacktrace(in different browsers they are described differently):
SSL connection error

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol Error.

I incorrectly configured or what?

**jleleu** · Oct 3rd, 2012, 11:05 AM

Indeed, the url looks correct. However, it seems that you have a SSL problem : is your CAS server accepting SSL connections ?

**userio** · Oct 3rd, 2012, 11:16 AM

when CAS server is started, the link http://localhost:9443/cas-server-webapp-3.4.10/login works fine and I can enter there any credentials and login. and when the link is http://localhost:9080/cas-server-webapp-3.4.10/login, CAS server works fine, but there is warning You are currently accessing CAS over a non-secure connection. Single Sign on WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.

**jleleu** · Oct 3rd, 2012, 01:23 PM

Hi,

It's logical : CAS security is based on the use of SSL. When you don't use SSL (for testing for example), you have a warning.
Nothing special here, nonetheless, if you want that SSO works on none SSL environment, you need to setup your CAS server to set its cookie on none-secure connection. You should set p:cookieSecure="false" in this case (cas-server-webapp/src/main/webapp/WEB-INF/spring-configuration/ticketGrantingTicketCookieGenerator.xml).
Best regards,
Jérôme

**userio** · Oct 4th, 2012, 04:26 AM

there was incorrect port in my config. when I entered the correct port, I finally obtained the needed CAS server login page via SSL.
BUT my happiness was not so long... when I entered credetials, I saw in my browser next message:
HTTP Status 404 - /spring-security-cas/j_spring_cas_security_check

type Status report

message /spring-security-cas/j_spring_cas_security_check

description The requested resource (/spring-security-cas/j_spring_cas_security_check) is not available.

**jleleu** · Oct 4th, 2012, 10:13 AM

What's your web application context ?

**userio** · Oct 5th, 2012, 09:30 AM

in web context(not in web.xml) I import spring security context and in web.xml I set filters, listeners and etc. I have looked up in this article. Now I have noticed and all my ssugestion lie on the bean serviceProperties.

when I edit this value, I have different results. From the article, it's not obvious, what values should be.
For my case my app runs on the tomcat with 8080 port and CAS-server runs on the other one with 9080 port.
so what value is correct?

**jleleu** · Oct 5th, 2012, 09:50 AM

I reformulate my question : what is the path (<Context path="...") for your application deployed in Tomcat ? because for the previous definition bean, it should be spring-security-cas.

**userio** · Oct 8th, 2012, 10:04 AM

hi, Jérôme!
I'm very grateful for all your help

I've already implemented CAS login, the problem was indeed in the link.
Also I've impleemented single sign out, BUT I've faced the next problem:
when I logout (CAS really logs me out), I go to CAS logout page, which says that logout was successfull. But I want to setup it in a such way, that it should somehow redirect me to myApp index page (for instance, http://localhost:8080/myApp/). Is it possible?

**jleleu** · Oct 8th, 2012, 10:21 AM

Hi,

Yes, you can do that by using the "service" request parameter in your logout url. Depending on CAS version, you can have to do additionnal configuration : set the followServiceRedirects property to true and add a CAS service matching your service url.
Best regards,
Jérôme

Thread: cas+spring security issue

Thread Tools

Display

Tags for this Thread

Posting Permissions