We've successfully configured the Liferay portal to have multiple organizations that are mapped to different sub-domains (i.e. test1.domain.com, test2.domain.com).
The problem arises when we enable CAS within Liferay. The CAS server lives on www.domain.com. We noticed that when you try to login to one of the sub-domains (such as test1.domain.com), it redirects to CAS, and then CAS redirects back to Liferay. However, instead of redirecting back to say test1.domain.com, it redirects back to www.domain.com. It looks like when Liferay initially redirects to CAS, it's not sending the sub-domain as part of the service URL and is instead sending www.domain.com for the service URL.
I know you can set the CAS service URL within Liferay, but we need it to be dynamic based upon which organization/sub-domain of Liferay you're trying to log into. So that if you're logging into test1.domain.com, the service URL sent to CAS will be something like service=http://test1.domain.com
Any ideas?
You could modify com.liferay.portal.servlet.filters.sso.cas.CASFilter, or create your own filter based on it.
Service url is constructed in method processFilter, there you can change that it doesn't use "Service URL" from configuration, but construct it based on incoming request properties (schema, serverName, ...).