Thanks Sean, That appears to be the case. We have used Chrome developer to trace all the interaction with the browser between the vendor and our portal.
Sure enough there is no redirect coming back from the vendor application, just as you describe. -Bryan From: Sean Baker [mailto:sean.ba...@usuhs.edu] Sent: Tuesday, December 16, 2014 9:48 AM To: cas-user@lists.jasig.org Subject: Re: [cas-user] Trouble redirecting back to vendor hosted application after login To be clear in Step 4, are you sure that the user is never redirected to the external service -- i.e. that when you POST back to /cas/login?... you're simply being served up the success page (200) and not 302'd to the vendor and then bounced back again? Based on your history, it seems most likely that the vendor doesn't support TLS in their ticket validation stack (we've seen that here), and they could just be redirecting generically to your CAS site as a panic azimuth when ticket validation fails. But, that of course assumes that the browser is hitting their server at some point in the timeline in order to pass the ticket. On 12/16/14, 9:56 AM, Bryan Wooten wrote: This problem is with a hosted solution and only started when we disable SSL and went with TLS on the reverse proxy front ending our CAS servers. (The proxy does SSL termination). Here is what happens: 1. Go to vendor.utah.edu This is a CNAME 2. Get redirected to this: https://go.utah.edu/cas/login?service=https://www.vendorlogin.com/utah/app/sso 3. Enter credentials 4. Redirected to the generic CAS successful login page So we never get redirected back to the application. Their entry in the JSON service registry has not changed is like all the others. This is the only application (out of several hundred) that exhibits this problem. I am not seeing any issues in our CAS log file. The vendor is going to run a trace between their server and our CAS proxy. What should we tell them to look for? We think the issue is on their side and of course they think it is on our side. Thanks for any ideas / suggestions, Bryan Wooten UIT-Common Infrastructure Systems Work: 801.585.9323 Cell: 801.414.3593 -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: sean.ba...@usuhs.edu<mailto:sean.ba...@usuhs.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: bryan.woo...@utah.edu<mailto:bryan.woo...@utah.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user