oauth-2.0casapereo

Why does Apereo CAS server redirect to localhost for OAuth2 endpoint?


I have setup a CAS server at 172.16.238.10 that generally works with the CAS protocol. However, for OAuth2 there is a strange redirection behavior:

REQ: https://172.16.238.10:8443/ooscas/oauth2.0/authorize

RESP: 302, Location: https://localhost:8443/ooscas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fooscas%2Foauth2.0%2FcallbackAuthorize%3Fclient_name%3DCasOAuthClient

Never mind the service and client_name parameters for this staged example, but my question is about the hostname:

Where does the "localhost" come from? How can I configure that to be something else?

In a real OAuth2 webflow localhost will simply not work, even if 172.16.238.10 happens to be localhost. The reason is that by posting the login form to localhost, the CAS server then redirects to itself using localhost (https://localhost:8443/oauth2.0/callbackAuthorize) and that will lead to an internal SSL handshake error, because the server's certificate is not valid for localhost.


Solution

  • Most likely, you need to define the following:

    cas.server.name=
    cas.server.prefix=${cas.server.name}/cas
    

    You're referencing the prefix in your setup, but its definition seems absent. If you fail to do that, default values take place.

    PS Always specify the CAS version in your posts.