We're updating the issue view to help you get more done. 

Using CAS SSO behind a reverse proxy providing SSL termination doesn't work correctly

Steps to reproduce

Steps to reproduce:
1. Configure CAS SSO within opencast ( using the public https:// urls provided by the reverse proxy )
2. The SSO login redirects you to the login page, the ticket that gets returned tries to validate
3. Ticket validation error.

Actual Results:

The service url configured in the config is in the form of https://PUBLIC_URL/... but get rewritten by the springframework security cas library to https://PUBLIC_URL:80/... . This is the reason the validation fails. Looking at the springframework code it seems that the library is taking the port from the incoming request, and when it isn't set set's it to the default port 80.

Expected Results:

Don't touch the configured service url.

Workaround (if any):

When using Nginx it's possible to add a header including the port :
proxy_set_header Host $host:$server_port;

When using HaProxy with Openshift we were unable to fix it in a similar fashion. By using the following settings :

http-request set-header Host %[req.hdr(Host)]:%[dst_port]

We were able to get through the login but after login we get redirected to http://PUBLIC_URL:443/... for some unknown reason.

Status

Assignee

Kristof Keppens

Reporter

Kristof Keppens

Severity

Incorrectly Functioning With Workaround

Tags (folksonomy)

Components

Affects versions

7.0

Priority

Major