CAS4.2.7作为服务端,配置CAS客户端,用tomcat作服务器,由客户端跳转到CAS服务端时出错下面错误提示
CAS 未认证授权服务 不允许使用CAS来认证您访问的目标应用
跳转的URL是这样的:
https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost%3A8080%2F
这里主要问题是在于我们在客户端的web.xml中配置的客户端server地址是http://……
而服务端无此规则所以进入错误提示页。
解决方法:
打开cas-server-webapp下的resources/services下的HTTPSandIMAPS-10000001.json文件
{
"@class" : "org.jasig.cas.services.RegexRegisteredService",
"serviceId" : "^(https|imaps)://.*",
"name" : "HTTPS and IMAPS",
"id" : 10000001,
"description" : "This service definition authorized all application urls that support HTTPS and IMAPS protocols.",
"proxyPolicy" : {
"@class" : "org.jasig.cas.services.RefuseRegisteredServiceProxyPolicy"
},
"evaluationOrder" : 10000,
"usernameAttributeProvider" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceUsernameProvider"
},
"logoutType" : "BACK_CHANNEL",
"attributeReleasePolicy" : {
"@class" : "org.jasig.cas.services.ReturnAllowedAttributeReleasePolicy",
"principalAttributesRepository" : {
"@class" : "org.jasig.cas.authentication.principal.DefaultPrincipalAttributesRepository"
},
"authorizedToReleaseCredentialPassword" : false,
"authorizedToReleaseProxyGrantingTicket" : false
},
"accessStrategy" : {
"@class" : "org.jasig.cas.services.DefaultRegisteredServiceAccessStrategy",
"enabled" : true,
"ssoEnabled" : true
}
}
注意标红的那一行:
把这一行改成
"serviceId" : "^(https|imaps|http)://.*"
即加入http规则,这样http类型的sever地址就不会被当作特殊处理了。