I'm currently writing a NextJS app that will use our CAS server for SSO login and running the NextJS server over HTTPS.
Once the user clicks Login, they are directed to 'https://mycasserver.com/cas/login?service=https://localhost:3000' and, after login, are redirected back to my site where I have stored the ST from the resulting localhost:3000/ST-ticketinfostring.
In my Middleware.ts file, when the user lands on the above page, I take the ticket and make a fetch request out to the serviceValidate url as such:
This does return the attributes expected, and I am able to parse the XML. The issue is that the previously mentioned auth_tkt and jsessionid cookies are missing.
let res = await fetch('https://mycasserver.com/cas/serviceValidate?ticket=${ticket}&service=https://localhost:3000',
{method: 'GET',
redirect: 'follow'}
);
After checking the status of the response, console logging the response headers shows that the cookies param is null.
If I direct the browser to the serviceValidate url instead, I can see the cookies, but this is undesired. The CAS server is configured properly, as I did not run into these issues with prior development using Python/Pyramid with the cas-client package.
I'm wracking my brain here. In my next-config.js exports, I have additionally added the following, unsure if it would even assist:
async headers() {
return [
{
// matching all routes
source: '/((?!api|_next|static|public|favicon.ico).*)',
headers: [
{ key: "Access-Control-Allow-Credentials", value: "true" },
{ key: "Access-Control-Allow-Origin", value: "*" },
{ key: "Access-Control-Allow-Methods", value: "GET,DELETE,PATCH,POST,PUT" },
{ key: "Access-Control-Allow-Headers", value: "X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version" },
]
}
]
}