Hi Andy, I've attached our cleansed cas.properties file. We do use https. I'm also including our virtual hosts set up that shows we redirect to https if a http request to the CAS server comes in.
Many thanks for having your eyes on this. Rod On Wednesday, 1 December 2021 at 22:55:06 UTC-8 Andy Ng wrote: > Hi Rod, > > Usually this happen when you setup your CAS as *http *instead of https. > - When CAS is in http, SSO will not work. Making sure it is https should > make it work again. > - The services you provided seems fine, didn't see any issue on them. > - But the ssoEnabled part should be not neccesary since that would be the > default > > If the above still not able to solve your issue, then you might need to > provide a little bit more information, like a full cas.properties > (sensitive data removed of course). > > Cheers! > - Andy > > On Thursday, 2 December 2021 at 08:49:09 UTC+8 [email protected] wrote: > >> Hello Everyone! >> >> I'm held up deploying 6.4.2 so I'm back on 6.1 for the Google App >> integration provided by it. >> >> I'm able to log into a testing site in the /etc/cas/services directory. >> I'm redirected to the CAS login page. Once I authenticate, I continue to >> the testing site. >> >> I'm also able to log into Google calendar where I'm redirected to the CAS >> login page. Once I authenticate I continue to the Google calendar. >> >> However, when I log into the testing site and then attempt on another tab >> go to Google calendar, I'm redirected to the CAS login page and not SSO'd >> into Google Calendar. >> >> This happens also if I log into Google Calendar and then attempt to >> access the testing site. >> >> I believe this is the relevant bits of the /etc/cas/config/cas.properties >> file (I could be missing something) >> >> >> cas.tgc.crypto.encryption.key=**redacted** >> cas.tgc.crypto.signing.key=**redacted** >> cas.webflow.crypto.signing.key=**redacted** >> cas.webflow.crypto.encryption.key=**redacted** >> >> This is how it looks for the two /etc/cas/services JSON files: >> >> google_apps-44.json >> >> { >> >> "@class" : "org.apereo.cas.services.RegexRegisteredService", >> "serviceId" : "https://www.google.com/a/example.com/acs";, >> "name" : "Google Apps", >> "theme" : "ourschool", >> "id" : 44, >> "accessStrategy" : { >> "@class" : >> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", >> "ssoEnabled" : true >> } >> "evaluationOrder" : 10 >> } >> For the test site: >> >> { >> "@class" : "org.apereo.cas.services.RegexRegisteredService" >> "serviceId" : "http://cas-test.dev.ourschool.ca/wp-login.php*";, >> "name" : "CasTest", >> "id" : 1, >> "accessStrategy" : { >> "@class" : >> "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy" >> "ssoEnabled" : true >> } >> "theme" : "ourschool" >> "evaluationOrder" : 1 >> } >> I'm thinking I'm missing something in cas.properties as I don't think I >> need to put in the accessStrategy part, I was just seeing if it would work. >> >> I do see that a TGC cookie is granted on the browser. >> >> Thank you for any suggestions and help. >> >> Rod >> >> >> >> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/48ebba93-993b-4e72-85b0-fa6766311084n%40apereo.org.
cas.properties
Description: Binary data
<VirtualHost 10.255.3.37:443>
ServerName 3cas_server.ip.our_school_domain.ca
ErrorLog /var/log/httpd/cas_server.ip.our_school_domain.ca-ssl-error.log
CustomLog /var/log/httpd/cas_server.ip.our_school_domain.ca-ssl-access.log
combined
SSLEngine on
SSLCertificateFile
/etc/httpd/conf/ssl.crt/cas_server.ip.our_school_domain.ca.pem
SSLCertificateKeyFile
/etc/httpd/conf/ssl.key/cas_server.ip.our_school_domain.ca.pem
SSLCertificateChainFile
/etc/httpd/conf/ssl.crt/cas_server.ip.our_school_domain.ca.chain.pem
SSLProtocol all -SSLv2 -SSLv3
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>
