[jboss-user] [JBoss Portal Users] - CAS SSO failed with https

ike do-not-reply at jboss.com
Fri Aug 28 13:33:36 EDT 2009 

Hi! I've just implemented CAS according to http://docs.jboss.org/jbportal/sso/eclipse/portal_cas.html#1.3. Everything works fine when I use http protocol in portal, but fails with https. Looks like portal sends http service instead of https.


  | 21:16:37,799 INFO  [STDOUT] 2009-08-28 21:16:37,798 ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-7-p2ZLXLJGIqtywrqjpWKH-localhost] with service [https://localhost/portal/authsec/portal/default/default does not match supplied service [http://localhost/portal/authsec/portal/default/default]>
  | 

Why portal uses service [http://localhost/portal/authsec/portal/default/default] even if I browse it via https protocol?

My configs:
<Connector port="80" address="${jboss.bind.address}"    
  |    maxThreads="250" maxHttpHeaderSize="8192"
  |    emptySessionPath="true" protocol="HTTP/1.1"
  |    enableLookups="false" redirectPort="443" acceptCount="100"
  |    connectionTimeout="20000" disableUploadTimeout="true" 
  | />
  | 


  | <Connector port="443" maxHttpHeaderSize="8192" address="${jboss.bind.address}"
  | 	maxThreads="250" minSpareThreads="25" maxSpareThreads="75"
  | 	enableLookups="false" disableUploadTimeout="true"
  | 	acceptCount="100" scheme="https" secure="true"
  | 	clientAuth="false" sslProtocol="TLS"
  | 	SSLEnabled="true"
  | 	keystoreFile="${jboss.server.home.dir}/conf/server.keystore"
  | 	keystorePass="changeit"
  | />
  | 


  | <Valve className="org.jboss.portal.identity.sso.cas.CASAuthenticationValve"
  |    	casLogin="https://localhost/cas/login"
  |    	casLogout="https://localhost/cas/logout"
  |    	casValidate="https://localhost/cas/serviceValidate"
  |    	casServerName="localhost"
  |    	authType="FORM"
  | />
  | 


  | sudo ./run.sh -Djavax.net.ssl.trustStore="$JBOSS_HOME/server/default/conf/server.keystore"
  | 

JBoss AS 4.2.3.GA
JBoss Portal 2.7.2
CAS 3.0.7
Ubuntu linux (jaunty)

I have another application uses acegi security with CAS. It works perfectly both with http and https.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4252367#4252367

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4252367

More information about the jboss-user mailing list