I’m curious what you have for your cas.server.name and cas.server.prefix
properties. They are the https address of your load balancer, right?
Another thing I realize that might be different is that I am not currently
using a load balance but just using Nginx to proxy all web requests including
CAS. As a result I do have the following settings for the location in Nginx
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
I wonder if you need to try something similar in your setup.
Doug
From: [email protected] [mailto:[email protected]] On Behalf Of casuser
Sent: Thursday, December 14, 2017 3:54 PM
To: CAS Community
Subject: Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it
listen to HTTP?
Thanks Doug for the reply,
I have tried this configuration but I am still getting the same warning "You
are currently accessing CAS over a non-secure connection. Single Sign On WILL
NOT WORK."
server.port=8080
server.ssl.enabled=false
FAZLA
On Thursday, December 14, 2017 at 3:31:03 PM UTC+8, Doug C wrote:
This may not be what you are working for or it might be different in 5.2.0 or
it is possible I am forgetting something else but I believe all I did is the
following:
Configure CAS to only listen on port 8080
Edit cas.properties and add the following lines:
# configure CAS to only listen for non-SSL traffic on port 8080
server.port=8080
server.ssl.enabled=false
Doug
From: [email protected] <javascript:> [mailto:[email protected]
<javascript:> ] On Behalf Of casuser
Sent: Thursday, December 14, 2017 3:13 PM
To: CAS Community
Subject: Re: [cas-user] CAS 5.2.0 How to configure cas in that way so that it
listen to HTTP?
Thank you Cristina,
Actually what I meant was lets say https://example.com will go to a load
balancer and it will check the ssl and provide the ssl certificate then it will
go to CAS. I want to configure CAS in a way so that it doesn't need to check
for the ssl because from the load balancer there will be a http connection will
go to CAS and if CAS finds it as HTTP Single Sign On WILL NOT WORK. So I need
to configure CAS so that it listen to HTTP for the Single Sign On to work. Is
there a way to achieve that?
Best Regards,
FAZLA
On Thursday, December 14, 2017 at 2:55:20 PM UTC+8, Cristina Vlaicu wrote:
Hello,
I had configured https on the application server. I had nothing to configure
in CAS properties.
Thank you,
Cristina
On Dec 14, 2017 6:51 AM, "casuser" <[email protected]> wrote:
There is a load balancer in between the user and the CAS . The load balancer
will check allow the SSL certificate. But from the load balancer to the CAS the
connection will be HTTP.
How to configure cas in that way so that it listen to HTTP?
I have tried this in my cas.properties but didn't solve my problem:
cas.server.httpProxy.enabled=true
cas.server.httpProxy.secure=false ## changed from True
cas.server.httpProxy.protocol=AJP/1.3
cas.server.httpProxy.scheme=http ## changed to http
cas.server.httpProxy.redirectPort=8080
cas.server.httpProxy.proxyPort=8080
cas.server.httpProxy.attributes.attributeName=attributeValue
I do have the warning:
"Non-secure Connection You are currently accessing CAS over a non-secure
connection. Single Sign On WILL NOT WORK. In order to have single sign on work,
you MUST log in over HTTPS." but the warning still remains.
"https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-proxying";
<https://apereo.github.io/cas/5.2.x/installation/Configuration-Properties.html#http-proxying>
CAS Properties
apereo.github.io
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fa53de5-dc4e-42c8-ba3f-04e107a36aa5%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/0fa53de5-dc4e-42c8-ba3f-04e107a36aa5%40apereo.org?utm_medium=email&utm_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected] <javascript:> .
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e2dc1f6-b27e-4f1f-9fad-bb973a2b2a4f%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1e2dc1f6-b27e-4f1f-9fad-bb973a2b2a4f%40apereo.org?utm_medium=email&utm_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/59bfb03e-3b35-4a73-8b38-e063b7adce86%40apereo.org
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/59bfb03e-3b35-4a73-8b38-e063b7adce86%40apereo.org?utm_medium=email&utm_source=footer>
.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/021901d374b4%24921bd830%24b6538890%24%40gmail.com.
