We have cas running behind a netscaler. Three nodes using the internal
tomcat. I don't have any X-Forwarded-Fo configuration in the cas
configuration. The netscaler is configured to send the client ip to the
node.
Here is an example audit
WHO: audit:unknown
WHAT: {result=Service Access Granted, service=
https://mywsu.wichita.edu/myWSU/authenticate.aspx, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Thu Oct 03 12:00:00 CDT 2024
CLIENT IP ADDRESS: 199.127.59.6
SERVER IP ADDRESS: 10.0.79.44On Thu, Oct 3, 2024 at 11:52 AM Wickham, Jeremy <jeremy.wick...@msstate.edu> wrote: > We have been using CAS for 10+ years for our authentication and have been > using an external tomcat. With my next release I am moving to using the > embedded tomcat. I have noticed that my audits are logging our load > balancer IP Address instead of the client’s. I have extended > CasTomcatServletWebServerFactoryCustomizer to include the RemoteIpValve and > to write the X-Forwarded-For header to this valve. > > > > Saying this, am I approaching this wrong? I could not find a configuration > to enable this behavior. > > > > I do have the following set in my properties file. > > > > cas.audit.engine.alternate-client-addr-header-name=X-Forwarded-For > > > > I was curious if there was another setting I am missing before my > deployment next week. > > > > Thanks, > > -Jeremy > > ________________________ > > Jeremy Wickham > > Mississippi State University > > jeremy.wick...@msstate.edu > > Webex Personal Room: https://msstate.webex.com/meet/jrw16 > > > > -- > - Website: https://apereo.github.io/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83124634A3DA07C8B76F347099712%40CYYPR01MB8312.prod.exchangelabs.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CYYPR01MB83124634A3DA07C8B76F347099712%40CYYPR01MB8312.prod.exchangelabs.com?utm_medium=email&utm_source=footer> > . > -- Erik Mallory ------------------------ "A happy man's paradise is his own good nature." - Edward Abbey -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CANgg2%2BwFX0n69xokgtGB8KdLuwZkhJgG9Ofsi8C2Rp4C1edJpg%40mail.gmail.com.
