سؤال
I've two webapp integrated A and B with Cas. When I try to access to protected area of webapp A the filter redirect me to cas login. After login I came back to webapp A and all works well. When I navigate from webapp A to protected area of webapp B, cas filter redirect to login form again. I've tried this apps also on tomcat 6.0.37 and all work fine without another request of login.
Regarding the log in Jboss, I see a truncated TGT. The first time I login on cas, it write:
09 nov 2013 11:14:40,533 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Added ticket [TGT-1-KYSi1x1t1MlcefajmccwatceNEqMprKj7j5ZpVDJwtJOf5OSgA-http://localhost:8000] to registry. 09 nov 2013 11:14:40,533 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] Audit trail record BEGIN ============================================================= WHO: [username: myuser] WHAT: TGT-1-KYSi1x1t1MlcefajmccwatceNEqMprKj7j5ZpVDJwtJOf5OSgA-http://localhost:8000 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Sat Nov 09 11:14:40 CET 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 =============================================================
When I go from app A to app B the log is:
09 nov 2013 11:14:54,339 DEBUG [org.jasig.cas.ticket.registry.DefaultTicketRegistry] Attempting to retrieve ticket [TGT-1-KYSi1x1t1MlcefajmccwatceNEqMprKj7j5ZpVDJwtJOf5OSgA-http] 09 nov 2013 11:14:54,340 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: http://localhost:8000/webappB/desktop.iface ACTION: SERVICE_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Sat Nov 09 11:14:54 CET 2013 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 =============================================================
As you can see, cas generates TGT:
TGT-1-KYSi1x1t1MlcefajmccwatceNEqMprKj7j5ZpVDJwtJOf5OSgA-http://localhost:8000
and attempt to retrieve:
TGT-1-KYSi1x1t1MlcefajmccwatceNEqMprKj7j5ZpVDJwtJOf5OSgA-http
I find a workaround changing the value property of bean DefaultUniqueTicketIdGenerator using from ${host.name} to a string without chars ':' and '/'.
I wouldn't change the cas configuration because it's used by a lot of applications and is deployed in different environment. Why cas in Jboss doesn't work as in tomcat? Have I missed some configuration?
المحلول
The host.name property is usually only used in generating tickets, and there is no requirement that it is actually the host name. It is just used to ensure that tickets are unique particularly when in a clustered CAS environment.
Try removing the protocol and port components of your host.name as it looks the colon is not being processed correctly on the return trip.
You can see it use in the CAS manual at https://wiki.jasig.org/display/CASUM/Clustering+CAS.
https://stackoverflow.com/questions/19876788
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian