Q: Why was SSO authentication fail after the CAS authentication server was configured?

A: If the CAS authentication server and the GIS server are not on the same machine, because of the time difference between the two machines, sometimes it would result in unsuccessful logon verification. In this case it is required to adjust the time of these two machines to the same, or enlarge the fault tolerance of time difference, of which the default value is 3 minutes in iServer(or iProtal, iExpress). The way to modify the tolerance of time difference is to edit shiro.ini (under WEB-INF) and modify the cas Realm.tolerance parameters as follows(unit is milliseconds);

casRealm.enabled = false
casRealm.reserveSystemAccount = true
casRealm.casServerUrlPrefix = http://{ip}:{port}/cas
casRealm.casService = http://{ip}:{port}/{contextPath}/shiro-cas
casRealm.securityInfoDAO = $sqliteRealm
casRealm.tolerance = 180000

08 July,2019
Tags: iServer

More iServer FAQ