On Mon, 23 Apr 2012 20:14:08 -0400 "Smith, Matthew J." <[email protected]> wrote:
> Jérôme, Hello, > Could you verify your CASLoginURL and CASValidateURL? If your CAS > server is listening on :8443, then your CASLoginURL and your > CASValidateURL also need to reference :8443. But, if these are > really wrong in your Apache config, then I'm not sure how you are > getting the initial redirect to the login screen. I get it because auth.domain.tld is in a vhost that is a reverse proxy of auth.domain.tld:8443 tomcat6 HTTP server. > So, could you > confirm that the following two lines: CASLoginURL > https://auth.domain.tld/cas/login CASValidateURL > https://auth.domain.tld/cas/serviceValidate > > Really should look like this: > CASLoginURL https://auth.domain.tld:8443/cas/login > CASValidateURL https://auth.domain.tld:8433/cas/serviceValidate https://auth.asso-cocktail.org/cas/login?service=https%3a%2f%2fdev.asso-cocktail.org%2fftpprivate is the real URI. The login screen is the same than the one given by tomcat6. https://auth.asso-cocktail.org/cas/serviceValidate just give me xml output (auth failure). The pb seems to be a redirection loop between dev.asso-cocktail.org and auth.asso-cocktail.org, it looks like either the reverse proxy forgot to pass the correction URI extension or I fail to understand. What should be the correct full URI the browser should get after the login screen ? > > Note that CASProxyValidateURL is unnecessary and should just be > removed. Ok. Thks. -- Jérôme Benoit aka fraggle La Météo du Net - http://grenouille.com OpenPGP Key ID : 9FE9161D Key fingerprint : 9CA4 0249 AF57 A35B 34B3 AC15 FAA0 CB50 9FE9 161D
signature.asc
Description: PGP signature
