Well, it's more of a company IT requirement rather than a desirable approach. I just wanted to find out what are the features that we could miss by not having CAS running on https.
Is there any place listing the HTTPS ONLY features? Nevertheless, I'll try to push the option of having it running on HTTPS. Thanks. Best Regards, Pedro Rosas On Thu, Oct 4, 2018 at 6:09 PM Ray Bon <[email protected]> wrote: > Pedro, > > Why? > Setting up certificates, even self signed ones, is painless. There is > plenty of documentation (some on CAS site). > Other aspects of CAS, such as proxying, require https. > > Ray > > On Thu, 2018-10-04 at 04:37 -0700, Pedro Rosas wrote: > > Hi all, > > I'm currently building a cas-overlay instance (based on CAS 5.3.3) that > will be deployed to a standalone Tomcat 9 server. > Our production environment will have a load balancer that will offload the > SSL certificates. > Between the load balancer and the Tomcat server communication will be > using HTTP only. > > So, we want to have CAS running on http ONLY. > On my development machine, I have it running on http. > If I navigate to the login page " > http://localhost:8080/cas-overlay/login?service=https://www.example.org"; > everything seems to be working fine. > Typing the correct credentials, gets me redirected to the example.org > domain with a ticket as a GET parameter " > https://www.example.org/?ticket=ST-1-kP1yT6Q8VVBPlpi0NEBWi7mV0gUL-BR-PEDROR01 > " > > But... if I navigate to the standard login page " > http://localhost:8080/cas-overlay/login"; the page includes the > "Non-Secure Connection" warning - "*You are currently accessing CAS over > a non-secure connection. Single Sign On WILL NOT WORK. In order to have > single sign on work, you MUST log in over HTTPS.*" > > What does it mean that single sign on WILL NOT WORK? > Am I missing something, or is my setup running fine? > Can I simply safely ignore the warning? > > > Thanks. > Best Regards, > Pedro Rosas > > > On Tuesday, December 19, 2017 at 4:46:07 PM UTC, Jozef Kotlar - EEA.sk > wrote: > > And? That doesn't work? > It was just my guess. I am actually using another configuration to proxy > standalone CAS behind Apache HTTP Server . Following configuration allows > me to define both AJP (for proxying) and HTTP (for local monitoring) ports. > > $ cat /etc/cas/config/application.yml > info: > description: CAS Configuration > > # Embedded tomcat > cas.server: > http: > enabled: true > port: 8480 > ajp: > secure: true > enabled: true > proxyPort: 443 > scheme: https > port: 8409 > > > On Tuesday, December 19, 2017 at 3:46:37 AM UTC+1, casuser wrote: > > > Hello Jozef that's my current configuration: > > cas.server.httpProxy.enabled=true > cas.server.httpProxy.secure=true > cas.server.httpProxy.protocol=AJP/1.3 > cas.server.httpProxy.scheme=http > cas.server.httpProxy.redirectPort=8080 > cas.server.httpProxy.proxyPort=8080 > cas.server.httpProxy.attributes.attributeName=attributeValue > > > > > > On Friday, December 15, 2017 at 10:20:48 PM UTC+8, Jozef Kotlar - EEA.sk > wrote: > > I think you should leave cas.server.httpProxy.secure=true, this is > actually setting on container connector the CAS is checking. > > > > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/aey5xVaTLGI/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538672971.2852.10.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538672971.2852.10.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- Abraço, Pedro Rosas -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHjSeeuoTFtsY7B%3DO_FiMj2LT%3DBhyOhAp6%2Bnj%3D03P-VPxk-RfQ%40mail.gmail.com.
