This might help: https://apereo.github.io/cas/5.3.x/planning/Security-Guide.html#secure-transport-https
Cheers, D. From: Pedro Rosas Silva <[email protected]> Reply: [email protected] <[email protected]> Date: October 4, 2018 at 1:44:06 PM To: [email protected] <[email protected]> Subject: Re: [cas-user] Re: CAS 5.2.0 How to configure cas in that way so that it listen to HTTP? Well, it's more of a company IT requirement rather than a desirable approach. I just wanted to find out what are the features that we could miss by not having CAS running on https. Is there any place listing the HTTPS ONLY features? Nevertheless, I'll try to push the option of having it running on HTTPS. Thanks. Best Regards, Pedro Rosas On Thu, Oct 4, 2018 at 6:09 PM Ray Bon <[email protected]> wrote: Pedro, Why? Setting up certificates, even self signed ones, is painless. There is plenty of documentation (some on CAS site). Other aspects of CAS, such as proxying, require https. Ray On Thu, 2018-10-04 at 04:37 -0700, Pedro Rosas wrote: Hi all, I'm currently building a cas-overlay instance (based on CAS 5.3.3) that will be deployed to a standalone Tomcat 9 server. Our production environment will have a load balancer that will offload the SSL certificates. Between the load balancer and the Tomcat server communication will be using HTTP only. So, we want to have CAS running on http ONLY. On my development machine, I have it running on http. If I navigate to the login page "http://localhost:8080/cas-overlay/login?service=https://www.example.org"; everything seems to be working fine. Typing the correct credentials, gets me redirected to the example.org domain with a ticket as a GET parameter "https://www.example.org/?ticket=ST-1-kP1yT6Q8VVBPlpi0NEBWi7mV0gUL-BR-PEDROR01"; But... if I navigate to the standard login page "http://localhost:8080/cas-overlay/login"; the page includes the "Non-Secure Connection" warning - "You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS." What does it mean that single sign on WILL NOT WORK? Am I missing something, or is my setup running fine? Can I simply safely ignore the warning? Thanks. Best Regards, Pedro Rosas On Tuesday, December 19, 2017 at 4:46:07 PM UTC, Jozef Kotlar - EEA.sk wrote: And? That doesn't work? It was just my guess. I am actually using another configuration to proxy standalone CAS behind Apache HTTP Server . Following configuration allows me to define both AJP (for proxying) and HTTP (for local monitoring) ports. $ cat /etc/cas/config/application.yml info: description: CAS Configuration # Embedded tomcat cas.server: http: enabled: true port: 8480 ajp: secure: true enabled: true proxyPort: 443 scheme: https port: 8409 On Tuesday, December 19, 2017 at 3:46:37 AM UTC+1, casuser wrote: Hello Jozef that's my current configuration: cas.server.httpProxy.enabled=true cas.server.httpProxy.secure=true cas.server.httpProxy.protocol=AJP/1.3 cas.server.httpProxy.scheme=http cas.server.httpProxy.redirectPort=8080 cas.server.httpProxy.proxyPort=8080 cas.server.httpProxy.attributes.attributeName=attributeValue On Friday, December 15, 2017 at 10:20:48 PM UTC+8, Jozef Kotlar - EEA.sk wrote: I think you should leave cas.server.httpProxy.secure=true, this is actually setting on container connector the CAS is checking. -- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected] -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to a topic in the Google Groups "CAS Community" group. To unsubscribe from this topic, visit https://groups.google.com/a/apereo.org/d/topic/cas-user/aey5xVaTLGI/unsubscribe. To unsubscribe from this group and all its topics, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1538672971.2852.10.camel%40uvic.ca. -- Abraço, Pedro Rosas -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAHjSeeuoTFtsY7B%3DO_FiMj2LT%3DBhyOhAp6%2Bnj%3D03P-VPxk-RfQ%40mail.gmail.com. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.5bb65cdd.1fca92b3.a00%40unicon.net.
