Confluence & Jira SSO with Soulwing

Iikku Mattila iikku.mattila at eduix.fi
Wed Dec 17 10:36:27 EST 2008 

Thanks for the https tip! I changed my setup a bit, but only encountered 
new problems. I now have Apache frontend with mod_ssl proxying requests 
from https://example.com/ to ajp://localhost:8009/, which is where 
tomcat is answering.

Now https://example.com/jira/ is redirected to the cas login screen, 
where user enters correct username&password and here it gets 
interesting: instead of logging in, the request goes into an endless loop.

Apache access_log alternates between

"GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 - "...
"GET 
/cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F 
HTTP/1.1" 302 - "...

and tomcat's catalina.out says
INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service 
ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service 
[https://example.com/jira/] for user [me]>
about a ten times - which is when firefox stops the redirection cycle.

Retrying https://example.com/jira/ enters the redirection cycle immediately.

Is it possible to get CAS working with this setup? Have I made somekind 
of obvious&common setup error, that somebody might have fixed for 
themselves? Any ideas?

Iikku

Scott Battaglia wrote:
> Are you running CAS over HTTPS or HTTP?  If you're running over HTTP, 
> then you won't get SSO.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila <iikku.mattila at eduix.fi 
> <mailto:iikku.mattila at eduix.fi>> wrote:
>
>     Hi,
>     I have a (seemingly) working CAS installation with
>     BindLdapAuthenticationHandler, setup like
>     http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified Confluence
>     and Jira with Soulwing as per instructions on
>     http://soulwing.org/confluence-cas.jsp and
>     http://soulwing.org/jira-cas.jsp . When user logs on to either of
>     those
>     apps, he's redirected to CAS login screen, he logs on successfully and
>     is redirected to the app. So all is okay with both individual
>     applications. However, after the user has logged on to one of the apps
>     and tries to use the other, he is not logged in automatically via CAS,
>     but instead redirected to the CAS login screen, where he can login
>     normally with username/password.
>
>     So there is no single sign on, but instead two individuals logins both
>     handled through CAS. I'd rather have the sso. Is there perhaps
>     some kind
>     of a switch that I've missed?
>
>     Thanks,
>     Iikku Mattila
>     _______________________________________________
>     Yale CAS mailing list
>     cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
>     http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>   


-- 
************************************************************************
Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet
TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten
psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän
toiveidensa mukaisesti.
Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle vuodelle 2009!
************************************************************************

More information about the cas mailing list