Its not possible CA's won't work in SSO if it's over http
El jueves, 8 de febrero de 2018, Ramakrishna G <r...@tts.in> escribió:
> Hello Man H,
>
> I am planning to use NGINX Load balancer over https. The load balancer
> takes care of redirecting to CAS Server and CAS client in *http*. Do you
> recommend this approach? If yes then how do I enable SSO over http?
>
> For outside world it would be https but internally I am planning to
> communicate in http.
>
> Thanks
> Ramakrishna G
>
> On Thu, Feb 8, 2018 at 4:35 PM, Man H <info.ings...@gmail.com> wrote:
>
>> You will have to install it in both but this is not a CA's issue you will
>> find more information in stack overflow etc about SSL tomcat apache
>> configuration.
>>
>> If you install self signed certificate browser will challenge user to
>> accept that as insecure.
>>
>>
>> El jueves, 8 de febrero de 2018, Ramakrishna G <r...@tts.in> escribió:
>>
>>> Hello,
>>>
>>> I am using CAS on development server and soon I'll be shifting to
>>> production. I am using mod_auth_cas as client and I am running CAS server
>>> and CAS Client in same machine. Should I create certificates for both
>>> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?
>>>
>>> In mod_auth_cas which certificates does this *CASCertificatePath* refer
>>> to?
>>>
>>> How do I create self signed certificates for both CAS Server and CAS
>>> Client?
>>>
>>> It would be helpful if someone clarify me on this.
>>>
>>>
>>>
>>> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G <r...@tts.in> wrote:
>>>
>>>> Yes. I am just using at my development server. When releasing to
>>>> production I'll get a valid SSL Certificate.
>>>>
>>>> Thanks
>>>> Ramakrishna G
>>>>
>>>> On Tue, Feb 6, 2018 at 6:36 PM, Man H <info.ings...@gmail.com> wrote:
>>>>
>>>>> There is a potential security risk in doing this .
>>>>> CA's needs SSL in order to function safely with SSO.
>>>>>
>>>>>
>>>>> El martes, 6 de febrero de 2018, Ramakrishna G <r...@tts.in> escribió:
>>>>>
>>>>>> Hi Mukunthini Jeyakumar,
>>>>>>
>>>>>> To resolve this error you need have a valid SSL certificate signed by
>>>>>> CA. If you don't have you can just disable SSL in cas.properties file.
>>>>>>
>>>>>> server.ssl.enabled= false
>>>>>> cas.serviceRegistry.initFromJson=true
>>>>>> cas.serviceRegistry.config.location: file:/etc/cas/services
>>>>>>
>>>>>> in somename.json inside /etc/cas/services folder
>>>>>>
>>>>>> {
>>>>>> "@class": "org.apereo.cas.services.RegexRegisteredService",
>>>>>> "serviceId": "^(*http|*https|imaps)://.*",
>>>>>> "name": "HTTPS/IMAPS wildcard",
>>>>>> "id": 20170905111650,
>>>>>> "evaluationOrder": 99999
>>>>>> }
>>>>>> and enable http in services. Also comment all CASValidateSAML in
>>>>>> client side. Now you are good to access over http which will solve the
>>>>>> problem.
>>>>>>
>>>>>> Thanks
>>>>>> Ramakrishna
>>>>>>
>>>>>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
>>>>>> mukunth...@gmail.com> wrote:
>>>>>>
>>>>>>> Hi Ramakrishna,
>>>>>>>
>>>>>>> have you find the way to resolve the issue? I'm having the same
>>>>>>>
>>>>>>> Thanks
>>>>>>> Thini
>>>>>>> Other recipients:
>>>>>>> Ramakrishna, Perhaps there is something not right with your client
>>>>>>> application config? Is it running on https://192.168.111.118:8443
>>>>>>> or is that CAS? Multiple service tickets in the URL suggests that the
>>>>>>> request is being redirected to CAS multiple
>>>>>>>
>>>>>>> --
>>>>>>> - Website: https://apereo.github.io/cas
>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>>> ---
>>>>>>> You received this message because you are subscribed to the Google
>>>>>>> Groups "CAS Community" group.
>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>> send an email to cas-user+unsubscr...@apereo.org.
>>>>>>> To view this discussion on the web visit
>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f
>>>>>>> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org
>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3fd%40apereo.org?utm_medium=email&utm_source=footer>
>>>>>>> .
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> - Website: https://apereo.github.io/cas
>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>>> ---
>>>>>> You received this message because you are subscribed to the Google
>>>>>> Groups "CAS Community" group.
>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>> send an email to cas-user+unsubscr...@apereo.org.
>>>>>> To view this discussion on the web visit
>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGS
>>>>>> T5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>>> .
>>>>>>
>>>>> --
>>>>> - Website: https://apereo.github.io/cas
>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>>>> - List Guidelines: https://goo.gl/1VRrw7
>>>>> - Contributions: https://goo.gl/mh7qDG
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "CAS Community" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to cas-user+unsubscr...@apereo.org.
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY
>>>>> 5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com
>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>>
>>>>
>>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnM
>>> QuHGWxH%3DF4wrm4TYw%40mail.gmail.com
>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%3DF4wrm4TYw%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3%
>> 2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com
>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3%2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7%
> 2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7%2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif2xR_%3DB51iopH8ENp4GBN6KHxw%2BRqc%3DqttMmugwmWqaw%40mail.gmail.com.
