nginx - Liferay shows white page after login to cas

Question

I have installed cas-overlay-template-master with a tomcat 9.0.41 listening on 8080 proxied by an nginx listening on 443 in a domain called cas.mydomain.net with an ssl created with letsencrypt which is currently valid. In the below directory

/opt/cas/apache-tomcat-9.0.41/cas/

and a host in the /opt/cas/apache-tomcat-9.0.41/conf/server.xml

<Host name="cas.mydomain.net"  appBase="cas" unpackWARs="true" autoDeploy="true">
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
        prefix="cas.mydomain.net_access_log" suffix=".txt"
        pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>

I have created a file called /etc/cas/config/services/myliferay-1001.json with the bellow content

{
  @class: org.apereo.cas.services.RegexRegisteredService
  serviceId: https://myliferay.mydomain.net/c/portal/login.*
  name: myliferay
  id: 1001
  proxyTicketExpirationPolicy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceProxyTicketExpirationPolicy
  }
  serviceTicketExpirationPolicy:
  {
    @class: org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy
  }
  evaluationOrder: 1
  logoutType: FRONT_CHANNEL
  attributeReleasePolicy:
  {
    @class: org.apereo.cas.services.DenyAllAttributeReleasePolicy
  }
  logoutUrl: https://cas.mydomain.net/logout
}

I also connected cas into a postgres db placing the following into /etc/cas/config/cas.properties

cas.server.name=https://cas.mydomain.net
cas.server.prefix=${cas.server.name}
logging.config=file:/etc/cas/config/log4j2.xml
Log4jContextSelector=org.apache.logging.log4j.core.async.AsyncLoggerContextSelector

cas.authn.accept.users=
cas.authn.jdbc.query[0].driver-class=org.postgresql.Driver
cas.authn.jdbc.query[0].url=jdbc:postgresql://localhost:5432/cas
cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.PostgreSQL95Dialect
cas.authn.jdbc.query[0].driver-class=org.postgresql.Driver
cas.authn.jdbc.query[0].user=postgres
cas.authn.jdbc.query[0].password=
cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE emailaddress = ?
cas.authn.jdbc.query[0].password-encoder.type=DEFAULT
cas.authn.jdbc.query[0].password-encoder.encoding-algorithm=MD5
cas.authn.jdbc.query[0].field-password=password
cas.authn.jdbc.query[0].field-expired=expired
cas.authn.jdbc.query[0].field-disabled=disabled

I created a table users and a user with a certain email and password and I can login from the web... all work!

I have also installed liferay-dxp 7.3 which comes with tomcat 9.0.37 listening on 8081 proxied by an nginx listening on 443 under the domain myliferay.mydomain.net with also with an ssl created with letsencrypt which is currently valid. In the below directory

/opt/liferay/

and a host in the /opt/liferay/tomcat-9.0.37/conf/server.xml

<Host name="myliferay.mydomain.net"  appBase="webapps" unpackWARs="true" autoDeploy="true">
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
        prefix="myliferay.mydomain.net_access_log" suffix=".txt"
        pattern="%h %l %u %t &quot;%r&quot; %s %b" />
</Host>

Installing liferay I chose a postgres db on localhost/iportal which was predefined. A user in liferay was created which I chose to have the same email and password as the one I use in the cas db

In liferay control panel -> system settings -> sso -> cas I made the following settings

Enable - Checked
Import from LDPA: Unchecked

Login URL: https://cas.mydomain.net

Logout on Session Expiration: Unchecked

Logout URL: https://cas.mydomain.net/logout
Server Name: https://myliferay.mydomain.net
Server URL: https://cas.mydomain.net
Service URL: https://myliferay.mydomain.net/c/portal/login
No Such User Redirect URL: https://myliferay.mydomain.net

Now I browsed to https://myliferay.mydomain.net and clicked on Sign In on the upper right corner which redirected me to

https://cas.mydomain.net/login?service=https%3A%2F%2Fmyliferay.mydomain.net%2Fc%2Fportal%2Flogin

and presented me with the Cas login screen.

When I use a random email or password cas represents me with the login screen as expected.

If I use the correct email and password it redirects me to

https://myliferay.mydomain.net/c/portal/login?ticket=ST-21-[arandomstring]-[myserverhostname] 

which is a blank page, and also if I browse to https://myliferay.mydomain.net I am still logged out. If I click Sign In again I am redirected instantly to cas.mydomain.net and back to

https://myliferay.mydomain.net/c/portal/login?ticket=ST-22-[arandomstring]-[myserverhostname] 

Which means that cas already knows who I am but Its like liferay does not know how to handle the ticket parameter in the request

Am I supposed to create any other file somewhere? Am I supposed to somehow install cas.mydomain.net or/and myliferay.mydomain.net ssl certificate to each tomcat installation? Am I supposed to make any other setting into liferay's control panel?

Any help would be much appreciated!

question from:https://stackoverflow.com/questions/65872109/liferay-shows-white-page-after-login-to-cas

Answer 1

I made it work by placing the following two lines in webapps/ROOT/WEB-INF/classes/portal-ext.properties

auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin
auto.login.hooks=com.liferay.portal.security.auth.BasicAutoLogin,com.liferay.portal.security.auth.CASAutoLogin

and in com.liferay.filters.ss.cas.CASFilter the following line

com.liferay.filters.sso.cas.CASFilter=true