Hi Ray, Thank you for your sharing. I've been troubled by the same problem these days. I compared cas-management 7.0.0-SNAPSHOT and 6.6.4. As you said, in 7.x the request goes into DefaultSecurityLogic but never entered DefaultCallbackLogic. I guess the problem may lie here: 7.x added the following code:
registry.addInterceptor(new SecurityInterceptor(config)).addPathPatterns( "/**"); See on Github <https://github.com/apereo/cas-management/blob/4d22990f41693741a5beb55ecd8e4ec2b48c142b/webapp/cas-mgmt-webapp-config/src/main/java/org/apereo/cas/mgmt/config/CasManagementSecurityConfiguration.java#L89> I don't know if I am right, I hope it helps someone. 在2024年5月16日星期四 UTC+8 20:41:43<Ray Bon> 写道: > I have been able to determine that the problem results from cas-management > not knowing how to handle the callback [from cas]. > In cas-management 6.5, if one directly access the callback endpoint, > https://local.uvic.ca/cas-management/callback > the log shows the CALLBACK code/filter being activated: > > cas-management | 2024-05-15 20:21:40,263 DEBUG [ > org.pac4.spri.secu.web.CallbackFilter] - <path: /callback | suffix: > /callback> [https-openssl-nio-8443-exec-9] > cas-management | 2024-05-15 20:21:40,263 DEBUG [ > org.pac4.core.engi.DefaultCallbackLogic] - <=== CALLBACK ===> > [https-openssl-nio-8443-exec-9] > > No redirect to cas, just a message that cas-management is unavailable. > > in v7-SNAPSHOT, the SECURITY code/filter is activated: > > cas-management | 2024-05-15 20:33:03,637 INFO [ > org.pac4.core.adap.FrameworkAdapter] - <Using Spring Security framework > adapter> [https-openssl-nio-8443-exec-3] > cas-management | 2024-05-15 20:33:03,650 DEBUG [ > org.pac4.core.engi.DefaultSecurityLogic] - <=== SECURITY ===> > [https-openssl-nio-8443-exec-3] > > And there is a redirect to cas. > The callback endpoint is behind security (when it should not be). > > If you need to access cas-management, turn off cas authn > > mgmt.cas-sso=false > > and use spring security login default: > username: user > password: > > logged on first access to the application: > > cas-management | 2024-05-15 20:30:13,159 WARN > [spri.boot.auto.secu.serv.UserDetailsServiceAutoConfiguration] - < > cas-management | > cas-management | Using generated security password: > 5243a8b5-cd24-47e7-9f46-103fee3c2ebb > > see > https://docs.spring.io/spring-boot/docs/2.0.0.M4/reference/html/boot-features-security.html > > Ray > > > On Tue, 2024-05-14 at 07:48 -0700, Tom Reijnders wrote: > > You don't often get email from ajjrei...@gmail.com. Learn why this is > important <https://aka.ms/LearnAboutSenderIdentification> > > I am trying to migrate from CAS 6.6.15 to CAS 7.04 (because I could not > get Password reset working on 6.6.15). > > Password reset is working fine, but if I try to login to cas-management I > end up in a redirection loop. > > I use the overlays generated by getcas.apereo.org/ui (CAS 7.0.4, > cas-management 7.0.0-SNAPSHOT) and deployed using tomcat11 (behind an > apache reverse proxy). > > If I browse to cas-management, it redirectts to cas (as expected). If I > login as the user mentioned in the users.json file configured in > management.properties I get redirected to > > https://cas.XXXX/cas-management/callback?client_name=CasClient&ticket=xxxxx > > So far so good. But then I get redirected to cas again (that verifies the > ticket) and redirects to cas-management, etc. > > What am I doing wrong?? > > The service definition for cas-management is as follows: > > { > @class: org.apereo.cas.services.CasRegisteredService > serviceId: ^https://cas.XXXXX/cas-management.* > name: CAS Management > id: 1001 > description: Management of CAS enabled services > evaluationOrder: 5 > logoutUrl: https://cas.XXXXX/cas-management/logout > } > > Regards, > > Tom > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/11d92444-f4c5-47db-879b-a4e6a7b99905n%40apereo.org.
