I have been able to determine that the problem results from cas-management not knowing how to handle the callback [from cas]. In cas-management 6.5, if one directly access the callback endpoint, https://local.uvic.ca/cas-management/callback the log shows the CALLBACK code/filter being activated:
cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: /callback> [https-openssl-nio-8443-exec-9] cas-management | 2024-05-15 20:21:40,263 DEBUG [ org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> [https-openssl-nio-8443-exec-9] No redirect to cas, just a message that cas-management is unavailable. in v7-SNAPSHOT, the SECURITY code/filter is activated: cas-management | 2024-05-15 20:33:03,637 INFO [ org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework adapter> [https-openssl-nio-8443-exec-3] cas-management | 2024-05-15 20:33:03,650 DEBUG [ org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> [https-openssl-nio-8443-exec-3] And there is a redirect to cas. The callback endpoint is behind security (when it should not be). If you need to access cas-management, turn off cas authn mgmt.cas-sso=false and use spring security login default: username: user password: logged on first access to the application: cas-management | 2024-05-15 20:30:13,159 WARN [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - < cas-management | cas-management | Using generated security password: 5243a8b5-cd24-47e7-9f46-103fee3c2ebb see https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/boot-features-security.html Ray On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: You don't often get email from ajjreijnd...@gmail.com. Learn why this is important<https://aka.ms/LearnAboutSenderIdentification> I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not get Password reset working on 6.6.15). Password reset is working fine, but if I try to login to cas-management I end up in a redirection loop. I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an apache reverse proxy). If I browse to cas-management, it redirectts to cas (as expected). If I login as the user mentioned in the users.json file configured in management.properties I get redirected to https://cas.XXXX/cas-management/callback?client_name=CasClient&ticket=xxxxx So far so good. But then I get redirected to cas again (that verifies the ticket) and redirects to cas-management, etc. What am I doing wrong?? The service definition for cas-management is as follows: { @class: org.apereo.cas.services.CasRegisteredService serviceId: ^https://cas.XXXXX/cas-management.* name: CAS Management id: 1001 description: Management of CAS enabled services evaluationOrder: 5 logoutUrl: https://cas.XXXXX/cas-management/logout } Regards, Tom -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/920326c32b331054636f1d1350b48876c0f142ea.camel%40uvic.ca.
