由于http / https冲突，CAS登录/重定向不起作用 [英] CAS login/redirect not working because of http/https conflict

问题描述

我有一个CAS服务器，大多数仍然是默认服务器，通过端口：8080在HTTP上运行，并且通过端口：8008在https上运行

I have a CAS server, mostly still default, running on http via port:8080, and https via port:8008

生产环境为CAS 3.4.11 ，tomcat 5，并且正在使用maven2部署

The production environment is CAS 3.4.11, tomcat 5, and is using maven2 deployment

有人登录时，我们尝试将CAS网站导航到 https：// mydomain：8008 / cas / services / manage.html 验证其登录名，它将他们重定向到：
HTTP：// mydomain：8008 / cas / login

When someone logs in, and we try to navigate the CAS site to something like https://mydomain:8008/cas/services/manage.html to verify their login it redirects them to: HTTP://mydomain:8008/cas/login

Tomcat配置为仅在端口8008上提供HTTPS，导致毫无戒心的浏览器通过http接收加密的字节流并将其提供给用户

Tomcat is configured to serve up https ONLY on port 8008, causing the unsuspecting browser to receive an encrypted byte stream via http and offers it to the user as a download.

我是CAS的新手，我知道在配置中的某处可以选择在重定向中使用HTTPS而不是使用HTTPS，但我没有

I'm new to CAS, and I know somewhere in the configs is the option to use HTTPS in the redirects as opposed to http but I have not found it yet.

请回答，我对CAS文档站点和Blog都说p：client-use-https = true感到厌烦说明。我需要文件，节/小节，bean以及其他相关信息来实现最佳实践。

When your answer, PLEASE, I am tired of CAS documentation sites and blogs that say p:client-use-https="true" as their entire explanation. I need file, section/subsection, bean, and other relevant info to best practices.

我也认识到可以配置从未使用过的tomcat。拒绝/将HTTP请求重定向到选定端口上的https。最好我想同时制定两个解决方案。

I also recognize that tomcat, which I have never worked with before, could be configured to refuse/redirect http requests to https on a select port. Preferably I would like to enact both solutions.

推荐答案

tomcat / webapps / cas / WEB-INF / cas.properties文件包含一个server.prefix，如果以http：//开头，则会在所有Location：标头的开头强制使用http。

the file tomcat/webapps/cas/WEB-INF/cas.properties has a server.prefix that if it is proceded by http://, will force http at the begining of all Location: headers. likewise, using https will force it to include that instead.

Tomcat具有连接器端口定义：

Tomcat has the connector port defintion:

<!-- Define an AJP 1.3 Connector on port 8080 -->
<Connector port="8080"
           enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />

redirectionPort实际上暗示如果需要HTTPS，请在此处发送，我必须对其进行更改以匹配SSL我在8009配置的端口

the redirectionPort actually implies IF HTTPS is needed, send here and I have to change it to match the SSL port I configured at 8009

这篇关于由于http / https冲突，CAS登录/重定向不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！