Hello all,
I am attempting to add in CAS SSO support to a handful of web
applications that use Shiro and am running into an issue when using a
DefaultWebSessionManager as my session manager, instead of
ServletContainerSessionManager. I want to use DefaultWebSessionManager
so I can retain the functionality of logging to a database session
expiration and termination via a SessionListener.
After being redirected to CAS and authenticating, I appear to get what
appears to me to be endless redirects and the browser recognizes this
and displays an error message after a while (Firefox: "The page isn't
redirecting properly. Firefox has detected that the server is
redirecting the request for this address in a way that will never
complete.")
I am brand new to CAS, and only-slightly-less new to Shiro, so I'm not
exactly sure what is going on or what I need to fix. At this point, my
best guess is that this has to do with DefaultWebSessionManager using
Shiro native sessions, rather than ServletContainerSessionManager using
HTTP sessions, and maybe something to do with session IDs. I hesitate to
provide any further speculation lest I am completely off base and
redirect attention away from whatever is the real issue here.
I have searched the Shiro User Nabble and StackOverflow and have tried a
number of things to attempt to fix my issue, but have not hit upon a fix
yet. The most promising (to me) attempts had to with the session id cookie.
To demonstrate my issue, I have created a repo on GitHub
(https://github.com/rvenutolo/java-shiro-cas-client-demo-defaultwebsessionmanager)
that is a fork of Jérôme's java-shiro-cas-client-demo repo where I've
made some changes to demonstrate my issue. The README file has
information about how to demo the problem. I've also included, but
commented out, the session id cookie stuff that seemed most promising to me.
Any help with this is appreciated.
Thanks,
Rick
