To be clear in Step 4, are you sure that the user is never redirected to the external service -- i.e. that when you POST back to /cas/login?... you're simply being served up the success page (200) and not 302'd to the vendor and then bounced back again? Based on your history, it seems most likely that the vendor doesn't support TLS in their ticket validation stack (we've seen that here), and they could just be redirecting generically to your CAS site as a panic azimuth when ticket validation fails. But, that of course assumes that the browser is hitting their server at some point in the timeline in order to pass the ticket.
On 12/16/14, 9:56 AM, Bryan Wooten wrote: > > This problem is with a hosted solution and only started when we > disable SSL and went with TLS on the reverse proxy front ending our > CAS servers. (The proxy does SSL termination). > > Here is what happens: > > 1.Go to vendor.utah.edu This is a CNAME > > 2.Get redirected to this: > https://go.utah.edu/cas/login?service=https://www.vendorlogin.com/utah/app/sso > > 3.Enter credentials > > 4.Redirected to the generic CAS successful login page > > So we never get redirected back to the application. Their entry in the > JSON service registry has not changed is like all the others. This is > the only application (out of several hundred) that exhibits this problem. > > I am not seeing any issues in our CAS log file. The vendor is going to > run a trace between their server and our CAS proxy. What should we > tell them to look for? > > We think the issue is on their side and of course they think it is on > our side. > > Thanks for any ideas / suggestions, > > Bryan Wooten > > UIT-Common Infrastructure Systems > > Work: 801.585.9323 > > Cell: 801.414.3593 > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > sean.ba...@usuhs.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
