Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-08 Thread Meysam Shirazi
I did not test it by myself because I'm not using embedded tomcat, anyway the main config was server.tomcat.redirect-context-root = false and the /hweproxy was a sample config so you should replace your context path. I think including "/themes/**" pattern is the best way in this situation. On

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-08 Thread atilling
I know the F5 is sending x-forwarded-proto, x-forwarded-port, x-forwarded-by, and x-forwarded-for I tried the setting you suggested from that case | server.servlet.context-path = /hweproxy | breaks the application altogether, the other settings seem to have no effect. Looking at

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-07 Thread Meysam Shirazi
For embedded tomcat in Spring boot it seams that tomcat ignor x-forward-* setting for the redirect so you have to disable context path redirects so based on this issue (I don't test it by myself)you can use these setting:

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-07 Thread atilling
We're using the embedded tomcat with the settings: server.port=8080 server.ssl.enabled=false server.tomcat.remoteip.port-header=x-forwarded-port server.tomcat.remoteip.protocol-header=x-forwarded-proto server.tomcat.remoteip.remote-ip-header=x-forwarded-for Can I add those tomcat settings to the

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-07 Thread Meysam Shirazi
As Ray said it's because you use custom theme and /themes/** is not define in list of excluded endpoints from web security, so Spring Security redirect the request to secure channel it means redirect to port 8443(default port) that does not exist in your situation! I think there are multiple

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-06 Thread atilling
VIP only connects external 443 to 8080 at the cas servers We have the same config with our production cas 5.1.x servers and CSS is displaying fine. On Friday, November 3, 2023 at 6:19:18 PM UTC-4 Ray Bon wrote: > I see /css/** in my startup but not /themes/**. That could be because we > have

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-03 Thread Ray Bon
I see /css/** in my startup but not /themes/**. That could be because we have no custom theme. Could it be a problem with a rewrite rule in VIP? Ray On Fri, 2023-11-03 at 07:24 -0700, atilling wrote: Notice: This message was sent from outside the University of Victoria email system. Please be

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-03 Thread atilling
There is nothing on the VIP that specifies any security for any URI. The developer console shows that cas.css is redirecting to cas.css, [image: Screenshot 2023-11-03 at 10.22.53 AM.png] During startup I'm seeing: INFO [org.springframework.security.web.DefaultSecurityFilterChain] - On

Re: [cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-02 Thread Ray Bon
Is it possible that vip...themes is protected/secured and needs login to access? Check your developer console to see where the redirects are going. Check cas logs to see which URIs are unprotected (shows on startup). Ray On Thu, 2023-11-02 at 09:24 -0700, atilling wrote: Notice: This message was

[cas-user] CAS 6.6.x CSS with SSL Offload

2023-11-02 Thread atilling
Offloading SSL to F5 BigIP In cas.properties we have: server.port=8080 server.ssl.enabled=false if we go to https://node.domain.tld:8080/cas/login the page displays fine and the CSS is loaded if we go to https://vip.domain.tld/cas/login the page displays but the CSS is not loaded