Hi Misagh, Thanks for your reply.
How can we enable SSO without HTTPS? On Monday, February 8, 2016 at 12:20:57 PM UTC-5, Misagh Moayyed wrote: > > > On Feb 8, 2016, at 8:14 PM, Robert <[email protected] <javascript:>> > wrote: > > *Our current Production Setup* > > For CAS3.x.x having SSL was not required to support Single Sign On. This > was perfect as we have Reverse Proxy Servers fronting our Application > Server farm and it took care of providing all TLS for our user facing > interface. All handshake between the reverse-proxy server and JBOSS/ IBM > WAS server farm was “as if” no SSL was in place. This also helped us > immensely in terms of performance, as all SSL encryption/decryption was > handled on our Reverse Proxy Servers. And helped cut cost for our clients > in terms of maintaining and purchasing certificates to bare essential. > > > All of that still true in CAS4. > > > > *Now, we are trying to work with CAS4 * > > We found out that it requires HTTPS or else Single Sign On just won’t > work. > > > HTTPS is always required by default. How you satisfy that requirement > remains the same across all CAS versions. There are not considerations on > the CAS side to dictate a particular form of container configuration. > > Can you help us understand as to how do we make this new solution work > within our production sites? > > 1. Will this not force us to have certificates deployed on each > and every Application Server? How do we make our clients understand the > cost benefit of doing so when having Reverse Proxy Fronting was already > taking care of this? > > 2. What happens where the server farms are running behind > 3-Zone architecture? > > 3. What would be performance hit on Application Server when > during peak load the server would also have to deal with TLS over and above > the work that it is currently supposed to be handling? > > > > Can we turn off this HTTPS requirement to support SSO with CAS4? If so can > you help us as to where to begin. > > > You can enable SSO without HTTPS. This is of course a bad idea. > > > Our situation has become very urgent, so we don't mind if we have to write > Java code and change XML configuration. > > > Thanks for your help. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
