Authorizer CAS Disruption after Server move to DMZ

  • Resolved hsweat1

    (@hsweat1)


    2 years ago

    Due to recent security concerns we have decided to migrate our Blogs solution from our internal network to a DMZ. While all other services appear to be working correctly, our CAS/SSO solution is failing. CAS is issuing a service ticket for the blogs login and redirects browser to blogs, but blogs isn’t validating the user’s CAS service ticket and redirects browser back to CAS. Any help would be appreciated, Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Paul Ryan

    (@figureone)

    It sounds like the blogs server in the DMZ doesn’t have network access to the CAS server, can you check whether the notification appears in Authorizer Settings?

    View post on imgur.com

    Thread Starter hsweat1

    (@hsweat1)

    It does. It cant make connection to the CAS server. I’m looking for guidance on what issues could be causing this (such as firewall configurations ect.)

    Plugin Author Paul Ryan

    (@figureone)

    Sounds like the CAS server needs to explicitly accept traffic on port 443 from the IP address of the Blogs server in the DMZ. That would be my guess of where the traffic is getting filtered.

    Basically, the CAS library in Authorizer uses curl to communicate with the CAS server. So to test, from the command line on the Blogs server you can try:

    $ curl https://your-cas-server.edu/cas/login

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Authorizer CAS Disruption after Server move to DMZ’ is closed to new replies.