Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERR_TOO_MANY_REDIRECTS with cas login when web-app is deployed with context path in aks #106

Open
shrede01 opened this issue May 7, 2024 · 0 comments
Open

ERR_TOO_MANY_REDIRECTS with cas login when web-app is deployed with context path in aks #106

shrede01 opened this issue May 7, 2024 · 0 comments

Comments

@shrede01
Copy link

shrede01 commented May 7, 2024
edited
Loading

We had grails 4 app which we recently upgraded to grails 6. This app uses CAS for login and the app works fine when running locally. However when we deploy this app to AKS, we add context path(sonic) to access the service since we have multiple web applications running under same host name.

When we browse the app, it correctly redirects to CAS login page and after logging in, the url address change from :

https:[HOST]/sonic/login/cas?ticket=[SERVICE TICKET]

and then to to

https:[CAS server]/cas/login?service=https%3A%2F%2F[HOST]%2Fsonic%2Flogin%2Fcas

with error message:

This page isn’t working
[HOST] redirected you too many times.
Try deleting your cookies.
ERR_TOO_MANY_REDIRECTS

This issue however was not happening with old (grails 4) code, so it makes me believe that when we upgraded the spring security library for grails 6, there must be something we have missed. But its been really difficult to track since this is only happening in aks and cannot be reproduced locally(with/without context path).

These are the spring security plugins used in the web app:

    implementation("org.grails.plugins:spring-security-cas:4.0.0")
    implementation("org.grails.plugins:spring-security-core:6.0.3")
    implementation("org.grails.plugins:spring-security-rest:3.0.1")

And the cas configs are:

grails:
  plugin:
    springsecurity:
      cas:
        loginUri: "/login"
        serviceUrl: "${SONIC_APPLICATION_URL}/login/cas"
        serverUrlPrefix: "${SONIC_CAS_URL}"
        useSingleSignout: true
        filterProcessesUrl: '/login/cas'
        whiteListAlgorithms: 'RS256,RS512'

UPDATE:

when enabling debug logs I see:

  2024-05-10 15:53:08.694 [http-nio-8080-exec-36] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Failed to authorize filter invocation [GET /sonic/login/cas?ticket=ST-5981-YBdk3BekFB1U4uPo-1OHKCYhBA0-cas-deployment-558466988-9kj4b] with attributes [ROLE_CONCEPT_ARCHIVE]

Asked the same here as well : https://stackoverflow.com/questions/78443531/err-too-many-redirects-with-cas-login-when-web-app-is-deployed-with-context-path
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shrede01