jasig asp.net mvc cas client page is not redirecting properly

Question

I have been using jasig .net cas client. I have setup cas server on my local computer which can be assessed using https://localhost:8443/cas-server-webapp-3.4.12/login

I have set authorize attribute on Account controllers logon action.

i am following everything given in this url https://wiki.jasig.org/pages/viewpage.action?pageId=32210981

when i run the application, it does go to cas login page but after authentication it returns with http://localhost:1672/ and then in browser it gives error as "The page isn't redirecting properly".

i don't know how i am getting this error, everything is setup properly in web.config.

Please help

when i use http://localhost:8080/cas-server-webapp-3.4.12/login (non secure url) instead of https://localhost:8443/cas-server-webapp-3.4.12/login(secure url) it works.

I think i have a problem with self signed certificate. Is it possible to create valid certificate and use it. At least i should try creating a valid certificate and try. But i don't know how to create valid certificate. Please also tell me how to create valid certificate. I tried google but not successful to find how to create valid certificate so that browser doesn't display "self signed certificate error".

Answer 1

I found what the problem was. When we are using secure connection we need to have SSL certificate on both side, at CAS server side and at our webapplication side.

so at CAS server side it has to be

https://localhost:8443/cas-server-webapp-3.4.12/login

and at our web application side it has to be

https://servername/mywebapp

If you are using a self-signed certificate be sure that the server running CAS trusts the certificate of the web application.

Answer 2

you should specify the return url after success login in the web.config (just the server not the entire url) example: you app is on http://localhost:8080/someWebApp/

when you go to the login page, you can see on the query string parameter the return url encoded

<casClientConfig casServerLoginUrl="https://localhost:8443/cas-server-webapp-3.4.12/login" 
                   casServerUrlPrefix="https://localhost:8443/cas-server-webapp-3.4.12/" 
                   serverName="http://localhost:8080" 
                   notAuthorizedUrl="~/notAuthorized.html" 
                   cookiesRequiredUrl="~/CookiesRequired.html" 
                   redirectAfterValidation="true" 
                   renew="false" 
                   singleSignOut="true" 
                   ticketValidatorName="Cas20" 
                   serviceTicketManager="CacheServiceTicketManager"/>

Answer 3

For my own experience, other than getting the self-signed cert to work:

I have to install the self-signed cert from the SSO server to my Windows 2008 Server hosting the webapp).

Install the certificate under Trusted Root Cert Authorities on BOTH the user account and the machine account.

You can do this under MMC and then Add the certificate Snap-in.

Test your setup using IE to browse to the sso server in question.You should not see anymore warnings about the cert. Remember use IE to check, other browser does not seem to care about the Trusted Root Cert setup.

Next, when deployed the ASP MVC, I have to use classic Application Pool and for my cas config setup in web.config leave both the proxyTicketManager and the gatewayStatusCookieName as empty string.

I am connecting directly to the sso server so these two be taken out, or else protocol error and infinite loop.

Then no more infinite redirect loops complains.