I have a .NET 4.0 MVC 3 site that is currently set up to authenticate against an older 3.4.4 Jasig CAS server. I'm simply attempting to update the configuration to connect against a newer 3.5.1 server (this server has been in use for some time and many apps successfully use it). After updating the configuration, it directs to CAS correctly, and I'm able to successfully authenticate, but it does not redirect back to the website as it did previously. I also noticed it is consistently adding a renew=true
query parameter to the URL, even though I specify renew="false"
in my configuration. Any ideas why it wouldn't redirect after authentication and why it keeps adding this parameter?
Old configuration (that connected to 3.4.4 CAS server):
<casClientConfig casServerLoginUrl="https://old.example.com:8443/cas/login"
casServerUrlPrefix="https://old.example.com:8443/cas/"
serverName="http://wwwtest.example.com/mysite/"
notAuthorizedUrl="~/Home/NotAuthorized"
cookiesRequiredUrl="~/Home/CookiesRequired"
redirectAfterValidation="true"
gateway="false"
renew="false"
singleSignOut="true"
ticketTimeTolerance="5000"
ticketValidatorName="Cas20"
proxyTicketManager="CacheProxyTicketManager"
serviceTicketManager="CacheServiceTicketManager"
gatewayStatusCookieName="CasGatewayStatus" />
Updated configuration (to connect to 3.5.1 CAS server):
<casClientConfig
casServerUrlPrefix="https://new.example.com/cas/"
casServerLoginUrl="https://new.example.com/cas/login"
serverName="https://wwwtest.example.com"
ticketValidatorName="Cas20"
singleSignOut="true"
renew="false"
redirectAfterValidation="true"
serviceTicketManager="CacheServiceTicketManager" />
I eventually figured out that the redirect loop was due to a TLS incompatibility between the CAS server and the application. The newer CAS server used a more-up-to-date TLS version by default. I updated my application to use the same protocol and the redirect loop stopped.
More information: https://github.com/apereo/dotnet-cas-client/issues/72#issuecomment-337612023