-
Type:
Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.0 M7
-
Fix Version/s: 7.0.0 Beta 3, 7.0.0 DXP FP35, 7.0.0 DXP SP7, 7.0.5 CE GA6, 7.0.X, 7.1.0 M1, 7.1.0 M2, Master
-
Component/s: Application Security, Application Security > CAS
-
Branch Version/s:7.0.x
-
Backported to Branch:Committed
-
Story Points:1
-
Fix Priority:4
-
Git Pull Request:
Steps to Reproduce
- Start a Docker container with a pre-built "cas.war" that allows HTTP service providers.
docker run --name LPS-57166 -p 8443:8443 holatuwol/liferayissue:LPS-57166
- Navigate to https://localhost:8443/cas and confirm that you can login as the default CAS user, username "casuser", password "Mellon"
- Copy "thekeystore" from the container to the Tomcat folder for your Tomcat bundle.
cd /path/to/catalina/home docker cp LPS-57166:/etc/cas/thekeystore .
- Open "setenv.sh" for your Tomcat bundle and update CATALINA_OPTS to accept the certificates in the CAS keystore.
CATALINA_OPTS="${CATALINA_OPTS} -Djavax.net.ssl.trustStore=${CATALINA_HOME}/thekeystore -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStoreType=jks"
- Start up Liferay and log in as the admin user
- Navigate to Control Panel > Configuration > Instance Settings
- Select the Authentication section
- Update the configuration to login by screen name and save the configuration
- Select the Authentication section, and click on the CAS tab
- Update the form fields to be the following, and click on the Test CAS Configuration button to confirm that all values pass:
- Login URL: https://localhost:8443/cas/login
- Logout URL: https://localhost:8443/cas/logout
- Server Name: http://localhost:8080
- Server URL: https://localhost:8443/cas
- Service URL: http://localhost:8080/c/portal/login
- No Such User Redirect URL: http://localhost:8080
- Check the "Enabled" checkbox and save the configuration.
- Create a new user with the screen name "casuser" (all other fields do not matter)
- Open a New Incognito window and click on the Sign In link
- Sign in as the default CAS user, username "casuser", password "Mellon"
- Accept the Terms of Use
Note: After the error, you will need to delete the casuser and recreate them in order to reproduce the error again. If you are signed out and need to login as the test user, you will need to access the login portlet directly via http://localhost:8080/?p_p_id=com_liferay_login_web_portlet_LoginPortlet&p_p_state=maximized
The issue is that the session is now invalidated after login, which means the check for a CAS_LOGIN session attribute added in LPS-28432 no longer works.