Hello, Thank you for the suggestion. You are absolutely correct with the timing issues. We did experience this in one of our other CASified apps. After reading your suggestion, we double checked just to be sure......both servers (CAS and CASified .Net app) are both pulling from the same time source.
The redirect problem has been resolved! I was originally using this web app: https://github.com/UniconLabs/cas-sample-dotnet-webapp Misagh suggested I use this tutorial (and the app it links to): https://wiki.jasig.org/display/CASUM/HOWTO+CASifying+ASP.NET+WebApp+-+ExampleWebsite I downloaded the web app linked in that tutorial, configured it per the directions, and uploaded it to our .Net server. it worked without any issues. The AD attributes appear to be working as well. I'm not sure the difference between the original web app I was using and the one in that tutorial, but this issue is resolved. Thanks to all that responded with suggestions, Roger On Mon, Jun 27, 2016 at 11:28 AM, Richard Frovarp <richard.frov...@ndsu.edu> wrote: > What's the time sensitivity of the .Net client and/or your implementation? > I know that somewhere in my Java stack (might be in Apache Shiro) the > sensitivity for time skew is only a couple of seconds. If you aren't > running NTP (like on a default install of Ubuntu on a desktop), eventually > you hit a skew large enough to cause issues. You log into CAS, it sends you > back to the web app, it tries to back channel validate, but rejects because > of time skew, redirects you back to CAS, SSO on CAS kicks you in, sends you > over with a new ticket, which that still is rejected because of skew, SSO, > repeat until the browser finally gives up. > > ________________________________________ > From: cas-user@apereo.org <cas-user@apereo.org> on behalf of Roger Spears > <rspe...@northweststate.edu> > Sent: Friday, June 24, 2016 2:59:09 PM > To: cas-user@apereo.org > Subject: [cas-user] .Net client and redirect issue > > Hello, > > Using the example and instructions located at: > https://github.com/UniconLabs/cas-sample-dotnet-webapp > > We deployed the .Net client to a Windows Server 2012 running IIS 8. > > The .Net app is pointing at our CAS installation (version 3.5.2.1). Our > CAS works with other applications, but none of them are .Net applications. > When we load the .Net app in a browser, we are sent to the CAS login page. > After providing our login credentials, we eventually see a message that > states "The page isn't redirecting properly" in the browser. When the > message appears, the URL in the URL bar of the browser is: > https://<fqdn>/Public/Default.aspx > > At this point, the browser has 2 cookies for CAS. There is a JSESSIONID > cookie and a CASTGC cookie. Both are set to the /cas/ path. The CASTGC > cookie has a value that begins with TGT. > > We set the logs to DEBUG. In the log(s) I can see the authentication is > working against our AD, complete with attributes. > > If we adjust the web.config file so the redirectAfterValidation="false", > we do see the default CAS login page and after entering valid credentials > we see the "You have successfully logged in" message on the CAS login > page...but we are never sent back to the .Net application. > > Things we tried that didn't make a difference: > 1. Setting the defaultURL in the <forms> section of the web.config to be: > https://<fqdn>/Public/Default.aspx > 2. Setting the path in the <forms> section to "/" > > What's in the log that is questionable: > 1. CAS and catalina log: Error getting service from flow state / no > active flowsession to access; this FlowExecution has ended. I don't know > enough to tell if this is the cause or a result of the cause. > 2. localhost log for Tomcat lists the following entries: > CASSERVER -- POST -- > /cas/login;jsessionid=97fbdsdddd?service=https://<fqdn>/Public/Default.aspx > -- 302 > NETAPPLICATION -- GET -- > /validate?service=https://<fqdn>/Public/Default.aspx&ticket=ST-1-ingfsdJKdklam > -- 404 > CASSERVER -- GET -- /cas/login?service=https://<fqdn>/Public/Default.aspx > -- 302 > NETAPPLICATION -- GET -- > /validate?service=https://<fqdn>/Public/Default.aspx&ticket=ST-2-Bsdjklwe39fdsm > -- 404 > These repeat and the ST increases all the way to ST-7 > > Any hints on what might be mis-configured? > > Thanks, > Roger > -- > Roger Spears > Northwest State Community College > 22600 State Route 34 > Archbold, Ohio 43502 > P: 419-267-1304 > F: 419-267-3891 > > *********************************** > This message and any attachment are confidential, intended solely for the > use of the individual or entity to whom it is addressed and may be > protected under FERPA ( http://www2.ed.gov/policy/gen/reg/ferpa/index.html > ). If you have received it by mistake, or are not the named recipient(s), > please immediately notify the sender and delete the message. You are hereby > notified that any unauthorized use, copying or dissemination of any or all > information contained in this message is prohibited. Northwest State > Community College and/or any part thereof shall not be liable for the > message if altered, falsified, or in case of error in the recipient. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org<mailto: > cas-user+unsubscr...@apereo.org>. > To post to this group, send email to cas-user@apereo.org<mailto: > cas-user@apereo.org>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFHJ8H2zR5jPXnN9-xatGAEy0QO8BF4CJqBZbsE2vTmKf5f3ww%40mail.gmail.com > < > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFHJ8H2zR5jPXnN9-xatGAEy0QO8BF4CJqBZbsE2vTmKf5f3ww%40mail.gmail.com?utm_medium=email&utm_source=footer > >. > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To post to this group, send email to cas-user@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY1PR01MB13599E304BF298B9016BB1338B210%40CY1PR01MB1359.prod.exchangelabs.com > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- Roger Spears Northwest State Community College 22600 State Route 34 Archbold, Ohio 43502 P: 419-267-1304 F: 419-267-3891 *********************************** This message and any attachment are confidential, intended solely for the use of the individual or entity to whom it is addressed and may be protected under FERPA ( http://www2.ed.gov/policy/gen/reg/ferpa/index.html ). If you have received it by mistake, or are not the named recipient(s), please immediately notify the sender and delete the message. You are hereby notified that any unauthorized use, copying or dissemination of any or all information contained in this message is prohibited. Northwest State Community College and/or any part thereof shall not be liable for the message if altered, falsified, or in case of error in the recipient. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFHJ8H1DgwxTh%2B9haD_hj7RwHYOSnMMNeyWpFufds5oe%2B2pBEQ%40mail.gmail.com. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
