Regarding the infinite redirection in IE6, does the order of filter
evaluation makes this? My evaluation order for the filters is as follows:
CAS Single Sign Out Filter,CAS Filter(Authentication
filter),Cas10TicketValidationFilter(ticket validation
filter),AssertionThreadLocalFilter.
Lekhnath Bhusal wrote:
Previously it worked well. When I add few more views it started
redirecting infinitely. Now it does not work if I add any new view
without that customization also.
Scott Battaglia wrote:
Does it work if you remove that customization?
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Fri, Dec 5, 2008 at 11:36 AM, Lekhnath Bhusal
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I am really thankful to this prompt response. Regarding my
configuration detail, I am using cas-server-3.2.1 and
cas-client-3.1.3. Due to some of the issues with our version
compatibility with the product, I have changed the client part
slightly to support java version 1.4.
The infinite redirection problem after login does not occur in
firefox as far as I am aware and does not occur in other versions
of IE (except for IE6 Sp1) as well. Let me detail this problem
some more..
When I browse to productA it redirects to CAS server. I
provide my credentials there. Then the browser keeps showing the
same page. When I look in the console of productA, it is
displaying the following message in an infinite loop.
/No Proxy Ticket found for
/I am not using any proxy service so I think this message is
appropriate. Now, if I stop this loop and hit productA in the
same browser instance it can display productA's landing page.
This shows that Browser is not being able to render the
productA's landing page while redirecting from the CAS server.
The first problem I mentioned is the problem of infinite
redirection before login- if I add a view to
default-views.properties. This occurs in any browser. This
problem actually occurs before displaying the login view. My view
parameter is resolved like this:
<view-state id="interActiveLogin"
view="${externalContext.requestParameterMap['view'] != ''
&& externalContext.requestParameterMap['view']!=null ?
externalContext.requestParameterMap['view'] : 'casLoginView'}">
Is there any limitation in ResourceBundleViewResolver or I am
missing something in configuration?
Regards,
Lekhnath
Scott Battaglia wrote:
My guess would be that the client application is failing to show
an error message if it can't correctly validate the ticket and
instead just redirecting to the CAS server.
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Fri, Dec 5, 2008 at 8:41 AM, Robert Oschwald
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I bet this is a ssl certificate issue.
Please check whether the ssl cert is trusted by the jre. If
not, add
it to the keystore.
See the casum wiki for details.
Robert
Am 05.12.2008 um 14:26 schrieb Andrew Feller:
> Lekhnath,
>
> 1. What is your setup? Which version of the CAS Server
and which CAS
> client? Does this only happen in IE6? What about Firefox?
>
> 2. Could you diagram the HTTP activity in the endless
loop? (e.g. /
> login w/
> view A => ...)
>
> 3. The CAS server is configured with a 5 minute session
timeout in
> web.xml.
> You would either need to extend this timeout or say it is an
> acceptable
> loss.
>
> As far as the endless loop is concerned, I believe there
is probably a
> misconfiguration where there CAS client you are using to
protect your
> application is not seeing the service ticket provided by
the CAS
> server. It
> would help if you could give us more.
>
> If you want an easy way to recording what is going on when
you do
> this, use
> FireFox and the "Live HTTP Headers" add-on. This will
allow you to
> capture
> all HTTP requests made so they can be analyzed.
>
> HTH,
> A-
>
> On 12/5/08 5:46 AM, "Lekhnath Bhusal"
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
>
>> Hello team,
>> I am working on to integrate three products in our
product line to
>> centrally authenticate through CAS. I changed the login
page that
>> JASIG
>> provides by default and customize it. The list of issues are
>> 1. I use request parameter 'view' to dynamically use
different login
>> view for different product line. Now, when I add more
views to
>> default_views.properties file the request goes to infinite
>> redirection loop.
>> 2.If I leave the login page idle for some time (5 minutes
or more),
>> then
>> I have to enter my credentials twice. i.e. when I enter
userName and
>> password first time no response occurs just the username
and password
>> fields are reset and I have to re-enter the credentials
and this
>> time I
>> am successfully authenticated.
>> 3. In IE6 Service pack 1, when I browse to a product it
redirects to
>> login server where I provide my credentials. After that the
>> application
>> redirects to the requested product and runs in an
infinite loop in
>> the
>> product side. While it is looping if I provide the url
directly
>> then the
>> product page is seen. This shows that in IE 6 SP1 CAS server
>> authenticates the user but after redirecting to the
product the
>> browser
>> can not open the product page.
>> I need your help in this regard.
>> Regards,
>> Lekhnath
>>
>>
>>
>> PRIVACY NOTICE
>>
>> This email and any attachments may be confidential and/or
>> privileged. Use of
>> the information contained in this email by anyone other
than the
>> intended
>> recipient is strictly prohibited. If you have received
this email
>> in error,
>> please notify the sender by replying to this message and
delete
>> this email.
>> _______________________________________________
>> cas-dev mailing list
>> [email protected] <mailto:[email protected]>
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
> _______________________________________________
> cas-dev mailing list
> [email protected] <mailto:[email protected]>
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________ cas-dev mailing
list [email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas-dev
PRIVACY NOTICE
This email and any attachments may be confidential and/or
privileged. Use of the information contained in this email by
anyone other than the intended recipient is strictly prohibited.
If you have received this email in error, please notify the
sender by replying to this message and delete this email.
_______________________________________________
cas-dev mailing list
[email protected] <mailto:[email protected]>
http://tp.its.yale.edu/mailman/listinfo/cas-dev
------------------------------------------------------------------------
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
------------------------------------------------------------------------
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
_______________________________________________
cas-dev mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas-dev
