I have installed cas-overlay-template-master with a tomcat 9.0.41 listening on 8080 proxied by an nginx listening on 443 in a domain called cas.mydomain.net
with an ssl created with letsencrypt which is currently valid.
In the below directory
/opt/cas/apache-tomcat-9.0.41/cas/
and a host in the /opt/cas/apache-tomcat-9.0.41/conf/server.xml
<Host name="cas.mydomain.net" appBase="cas" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="cas.mydomain.net_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
I have created a file called /etc/cas/config/services/myliferay-1001.json
with the bellow content
{
@class: org.apereo.cas.services.RegexRegisteredService
serviceId: https://myliferay.mydomain.net/c/portal/login.*
name: myliferay
id: 1001
proxyTicketExpirationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
}
serviceTicketExpirationPolicy:
{
@class: org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
}
evaluationOrder: 1
logoutType: FRONT_CHANNEL
attributeReleasePolicy:
{
@class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
}
logoutUrl: https://cas.mydomain.net/logout
}
I also connected cas into a postgres db placing the following into /etc/cas/config/cas.properties
cas.server.name=https://cas.mydomain.net
cas.server.prefix=${cas.server.name}
logging.config=file:/etc/cas/config/log4j2.xml
Log4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector
cas.authn.accept.users=
cas.authn.jdbc.query[0].driver-class=org.postgresql.Driver
cas.authn.jdbc.query[0].url=jdbc:postgresql://localhost:5432/cas
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.PostgreSQL95Dialect
cas.authn.jdbc.query[0].driver-class=org.postgresql.Driver
cas.authn.jdbc.query[0].user=postgres
cas.authn.jdbc.query[0].password=
cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE emailaddress = ?
cas.authn.jdbc.query[0].password-encoder.type=DEFAULT
cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=MD5
cas.authn.jdbc.query[0].field-password=password
cas.authn.jdbc.query[0].field-expired=expired
cas.authn.jdbc.query[0].field-disabled=disabled
I created a table users and a user with a certain email and password and I can login from the web... all work!
I have also installed liferay-dxp 7.3 which comes with tomcat 9.0.37 listening on 8081 proxied by an nginx listening on 443 under the domain myliferay.mydomain.net
with also with an ssl created with letsencrypt which is currently valid.
In the below directory
/opt/liferay/
and a host in the /opt/liferay/tomcat-9.0.37/conf/server.xml
<Host name="myliferay.mydomain.net" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="myliferay.mydomain.net_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
Installing liferay I chose a postgres db on localhost/iportal which was predefined. A user in liferay was created which I chose to have the same email and password as the one I use in the cas db
In liferay control panel -> system settings -> sso -> cas
I made the following settings
Enable - Checked
Import from LDPA: Unchecked
Login URL: https://cas.mydomain.net
Logout on Session Expiration: Unchecked
Logout URL: https://cas.mydomain.net/logout
Server Name: https://myliferay.mydomain.net
Server URL: https://cas.mydomain.net
Service URL: https://myliferay.mydomain.net/c/portal/login
No Such User Redirect URL: https://myliferay.mydomain.net
Now I browsed to https://myliferay.mydomain.net
and clicked on Sign In
on the upper right corner which redirected me to
https://cas.mydomain.net/login?service=https%3A%2F%2Fmyliferay.mydomain.net%2Fc%2Fportal%2Flogin
and presented me with the Cas login screen.
When I use a random email or password cas represents me with the login screen as expected.
If I use the correct email and password it redirects me to
https://myliferay.mydomain.net/c/portal/login?ticket=ST-21-[arandomstring]-[myserverhostname]
which is a blank page, and also if I browse to https://myliferay.mydomain.net
I am still logged out.
If I click Sign In again I am redirected instantly to cas.mydomain.net and back to
https://myliferay.mydomain.net/c/portal/login?ticket=ST-22-[arandomstring]-[myserverhostname]
Which means that cas already knows who I am but
Its like liferay does not know how to handle the ticket parameter
in the request
Am I supposed to create any other file somewhere? Am I supposed to somehow install cas.mydomain.net or/and myliferay.mydomain.net ssl certificate to each tomcat installation? Am I supposed to make any other setting into liferay's control panel?
Any help would be much appreciated!
question from:https://stackoverflow.com/questions/65872109/liferay-shows-white-page-after-login-to-cas