Hello, I have a similar setup, though I’m using an F5 load balancer for ssl offload and using my own tomcat install instead of the embedded to serve the war file. These are the options I’ve found I needed, your mileage may vary: cas.server.http.secure=ture cas.server.httpProxy.enabled=true cas.server.httpProxy.secure=true cas.server.httpProxy.protocol=HTTP/1.1 cas.server.httpProxy.scheme=https server.contextPath=/cas server.port=8080 server.ssl.enabled=false
Jeremiah From: [email protected] [mailto:[email protected]] On Behalf Of Ramakrishna G Sent: Thursday, February 8, 2018 6:16 AM To: [email protected] Subject: Re: [cas-user] Cas - Unauthorized Hello Man H, I am planning to use NGINX Load balancer over https. The load balancer takes care of redirecting to CAS Server and CAS client in http. Do you recommend this approach? If yes then how do I enable SSO over http? For outside world it would be https but internally I am planning to communicate in http. Thanks Ramakrishna G On Thu, Feb 8, 2018 at 4:35 PM, Man H <[email protected]<mailto:[email protected]>> wrote: You will have to install it in both but this is not a CA's issue you will find more information in stack overflow etc about SSL tomcat apache configuration. If you install self signed certificate browser will challenge user to accept that as insecure. El jueves, 8 de febrero de 2018, Ramakrishna G <[email protected]<mailto:[email protected]>> escribió: Hello, I am using CAS on development server and soon I'll be shifting to production. I am using mod_auth_cas as client and I am running CAS server and CAS Client in same machine. Should I create certificates for both tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine? In mod_auth_cas which certificates does this CASCertificatePath refer to? How do I create self signed certificates for both CAS Server and CAS Client? It would be helpful if someone clarify me on this. On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G <[email protected]<mailto:[email protected]>> wrote: Yes. I am just using at my development server. When releasing to production I'll get a valid SSL Certificate. Thanks Ramakrishna G On Tue, Feb 6, 2018 at 6:36 PM, Man H <[email protected]<mailto:[email protected]>> wrote: There is a potential security risk in doing this . CA's needs SSL in order to function safely with SSO. El martes, 6 de febrero de 2018, Ramakrishna G <[email protected]<mailto:[email protected]>> escribió: Hi Mukunthini Jeyakumar, To resolve this error you need have a valid SSL certificate signed by CA. If you don't have you can just disable SSL in cas.properties file. server.ssl.enabled= false cas.serviceRegistry.initFromJson=true cas.serviceRegistry.config.location: file:/etc/cas/services in somename.json inside /etc/cas/services folder { "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^(http|https|imaps)://.*", "name": "HTTPS/IMAPS wildcard", "id": 20170905111650, "evaluationOrder": 99999 } and enable http in services. Also comment all CASValidateSAML in client side. Now you are good to access over http which will solve the problem. Thanks Ramakrishna On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <[email protected]<mailto:[email protected]>> wrote: Hi Ramakrishna, have you find the way to resolve the issue? I'm having the same Thanks Thini Other recipients: Ramakrishna, Perhaps there is something not right with your client application config? Is it running on https://192.168.111.118:8443<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2F192.168.111.118%3A8443&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=n%2BQJqHbkrT4msqsTnZg3nwZnZACHz1wiGz53MR3uorI%3D&reserved=0> or is that CAS? Multiple service tickets in the URL suggests that the request is being redirected to CAS multiple [ ] -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3fd%40apereo.org<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fcf0f4046-95d5-40a1-870e-492fca9db3fd%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QBPMhd2C3rWQfzDm75vLovfbKGznYgKcqwJIdW6O2gk%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P89Z-F6U161br1ymQ79_V%252BbvyFi5fkSKLx1R%253DX9yOLe1g%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=muWsHx8gJcn2V7ZHXuG4zHkqPPfZ55GZgzJdw46iIa8%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%253DVkdkv%252BRF3nw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=J%2B3acwlV1p%2FE7SY52%2BVTnwjPyBg64KyrPgWq8Skerjs%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%3DF4wrm4TYw%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%253DF4wrm4TYw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=nKz%2Bgfy%2Bpwgv%2FTsa%2BC9%2FePWYpYCmnxtY%2FuxQmyY1IyU%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3%2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAMY5mid6U_Q0q%253DWjWbEeUMnhg1w8m3%252BaxEBiHZWsZVJfVLuOsA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=aRRtuaYyQDT1Qr5wArU5Kfpjqq2y3BwIXyBzuaKWLFM%3D&reserved=0>. -- - Website: https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0> - Gitter Chatroom: https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0> - List Guidelines: https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0> - Contributions: https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0> --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]<mailto:[email protected]>. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7%2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P929UB15Y28aM7s09yM7%252BYCm64%252BZStrBSuWEo2R1uvuQA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=Ki%2FR%2FLajpr5a9BPgKHTIPE0D4cb66Zk0OOZn1Cykoxc%3D&reserved=0>. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR08MB2615C0B24C2D56C5BC44621CA8F30%40CY4PR08MB2615.namprd08.prod.outlook.com.
