Hello,

I have a similar setup, though I’m using an F5 load balancer for ssl offload 
and using my own tomcat install instead of the embedded to serve the war file. 
These are the options I’ve found I needed, your mileage may vary:
cas.server.http.secure=ture
cas.server.httpProxy.enabled=true
cas.server.httpProxy.secure=true
cas.server.httpProxy.protocol=HTTP/1.1
cas.server.httpProxy.scheme=https
server.contextPath=/cas
server.port=8080
server.ssl.enabled=false

Jeremiah

From: ramakris...@teligenz.in [mailto:ramakris...@teligenz.in] On Behalf Of 
Ramakrishna G
Sent: Thursday, February 8, 2018 6:16 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] Cas - Unauthorized

Hello Man H,

I am planning to use NGINX Load balancer over https. The load balancer takes 
care of redirecting to CAS Server and CAS client in http. Do you recommend this 
approach? If yes then how do I enable SSO over http?

For outside world it would be https but internally I am planning to communicate 
in http.

Thanks
Ramakrishna G

On Thu, Feb 8, 2018 at 4:35 PM, Man H 
<info.ings...@gmail.com<mailto:info.ings...@gmail.com>> wrote:
You will have to install it in both but this is not a CA's issue you will find 
more information in stack overflow etc about SSL tomcat apache configuration.

If you install self signed certificate browser will challenge user to accept 
that as insecure.


El jueves, 8 de febrero de 2018, Ramakrishna G 
<r...@tts.in<mailto:r...@tts.in>> escribió:
Hello,

I am using CAS on development server and soon I'll be shifting to production. I 
am using mod_auth_cas as client and I am running CAS server and CAS Client in 
same machine. Should I create certificates for both tomcat(CAS Server) and 
apache(CAS Client) or only tomcat(keystore) is fine?

In mod_auth_cas which certificates does this CASCertificatePath refer to?

How do I create self signed certificates for both CAS Server and CAS Client?

It would be helpful if someone clarify me on this.



On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G <r...@tts.in<mailto:r...@tts.in>> 
wrote:
Yes. I am just using at my development server. When releasing to production 
I'll get a valid SSL Certificate.

Thanks
Ramakrishna G

On Tue, Feb 6, 2018 at 6:36 PM, Man H 
<info.ings...@gmail.com<mailto:info.ings...@gmail.com>> wrote:
There is a potential security risk in doing this .
CA's needs SSL in order to function safely with SSO.


El martes, 6 de febrero de 2018, Ramakrishna G 
<r...@tts.in<mailto:r...@tts.in>> escribió:
Hi Mukunthini Jeyakumar,

To resolve this error you need have a valid SSL certificate signed by CA. If 
you don't have you can just disable SSL in cas.properties file.


server.ssl.enabled= false
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location: file:/etc/cas/services

in somename.json inside /etc/cas/services folder

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(http|https|imaps)://.*",
  "name": "HTTPS/IMAPS wildcard",
  "id": 20170905111650,
  "evaluationOrder": 99999
}
and enable http in services. Also comment all CASValidateSAML in client side. 
Now you are good to access over http which will solve the problem.

Thanks
Ramakrishna

On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar 
<mukunth...@gmail.com<mailto:mukunth...@gmail.com>> wrote:

Hi Ramakrishna,

have you find the way to resolve the issue? I'm having the same

Thanks
Thini
Other recipients:
Ramakrishna, Perhaps there is something not right with your client application 
config? Is it running on 
https://192.168.111.118:8443<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2F192.168.111.118%3A8443&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=n%2BQJqHbkrT4msqsTnZg3nwZnZACHz1wiGz53MR3uorI%3D&reserved=0>
 or is that CAS? Multiple service tickets in the URL suggests that the request 
is being redirected to CAS multiple
[          ]
--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3fd%40apereo.org<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fcf0f4046-95d5-40a1-870e-492fca9db3fd%2540apereo.org%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QBPMhd2C3rWQfzDm75vLovfbKGznYgKcqwJIdW6O2gk%3D&reserved=0>.

--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P89Z-F6U161br1ymQ79_V%252BbvyFi5fkSKLx1R%253DX9yOLe1g%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=muWsHx8gJcn2V7ZHXuG4zHkqPPfZ55GZgzJdw46iIa8%3D&reserved=0>.
--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%253DVkdkv%252BRF3nw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=J%2B3acwlV1p%2FE7SY52%2BVTnwjPyBg64KyrPgWq8Skerjs%3D&reserved=0>.


--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%3DF4wrm4TYw%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%253DF4wrm4TYw%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=nKz%2Bgfy%2Bpwgv%2FTsa%2BC9%2FePWYpYCmnxtY%2FuxQmyY1IyU%3D&reserved=0>.
--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3%2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAMY5mid6U_Q0q%253DWjWbEeUMnhg1w8m3%252BaxEBiHZWsZVJfVLuOsA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=aRRtuaYyQDT1Qr5wArU5Kfpjqq2y3BwIXyBzuaKWLFM%3D&reserved=0>.

--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contributions: 
https://goo.gl/mh7qDG<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=D91fCUsoXOSqaK3Fg0cghUaCltkKxIessz0ee5A5nYQ%3D&reserved=0>
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7%2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2FCAGST5P929UB15Y28aM7s09yM7%252BYCm64%252BZStrBSuWEo2R1uvuQA%2540mail.gmail.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=Ki%2FR%2FLajpr5a9BPgKHTIPE0D4cb66Zk0OOZn1Cykoxc%3D&reserved=0>.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CY4PR08MB2615C0B24C2D56C5BC44621CA8F30%40CY4PR08MB2615.namprd08.prod.outlook.com.

Reply via email to