If you're offloading SSL to the load balancer, and using Apache, you need to pass the appropriate parameter to Tomcat.
You should have had to do that regardless, or I believe the cookie would not have been set correctly. Apologies, but I can't remember the flag off the top of my head. Perhaps a more experienced Apache admin will remember it. On Mon, Aug 8, 2011 at 9:45 PM, William G. Thompson, Jr. <[email protected]>wrote: > Folks, > > I've been working on a 3.4.8 Maven Overlay build that I'm deploying to > RHEL/Tomcat/Apache running in the clear on 80, but on a private > network behind an F5 LTM doing SSL and load-balancing. I did the > 3.4.9 upgrade today and now I'm getting the CAS-991 messaging that I'm > "accessing CAS over a non-secure connection...SSO won't work, etc". > > However, I am accessing the site over https (via the LTM) and SSO is > working just fine. Is the messaging wrong or should SSO really not be > working? > > Bill > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
