Hello, for testing purposes you have to emulate your load balancer, using httpd or nginx, or any other tool and point your CAS client in example.org to that HTTPS URL. I am usually using for testing generated certificate for https://localhost.localdomain and locally deployed CAS protected service from https://github.com/cas-projects/cas-sample-java-webapp
Jozef On Thu, Oct 4, 2018 at 1:37 PM Pedro Rosas <[email protected]> wrote: > Hi all, > > I'm currently building a cas-overlay instance (based on CAS 5.3.3) that > will be deployed to a standalone Tomcat 9 server. > Our production environment will have a load balancer that will offload the > SSL certificates. > Between the load balancer and the Tomcat server communication will be > using HTTP only. > > So, we want to have CAS running on http ONLY. > On my development machine, I have it running on http. > If I navigate to the login page " > http://localhost:8080/cas-overlay/login?service=https://www.example.org"; > everything seems to be working fine. > Typing the correct credentials, gets me redirected to the example.org > domain with a ticket as a GET parameter " > https://www.example.org/?ticket=ST-1-kP1yT6Q8VVBPlpi0NEBWi7mV0gUL-BR-PEDROR01 > " > > But... if I navigate to the standard login page " > http://localhost:8080/cas-overlay/login"; the page includes the > "Non-Secure Connection" warning - "*You are currently accessing CAS over > a non-secure connection. Single Sign On WILL NOT WORK. In order to have > single sign on work, you MUST log in over HTTPS.*" > > What does it mean that single sign on WILL NOT WORK? > Am I missing something, or is my setup running fine? > Can I simply safely ignore the warning? > > > Thanks. > Best Regards, > Pedro Rosas > > > On Tuesday, December 19, 2017 at 4:46:07 PM UTC, Jozef Kotlar - EEA.sk > wrote: >> >> And? That doesn't work? >> It was just my guess. I am actually using another configuration to proxy >> standalone CAS behind Apache HTTP Server . Following configuration allows >> me to define both AJP (for proxying) and HTTP (for local monitoring) ports. >> >> $ cat /etc/cas/config/application.yml >> info: >> description: CAS Configuration >> >> # Embedded tomcat >> cas.server: >> http: >> enabled: true >> port: 8480 >> ajp: >> secure: true >> enabled: true >> proxyPort: 443 >> scheme: https >> port: 8409 >> >> >> On Tuesday, December 19, 2017 at 3:46:37 AM UTC+1, casuser wrote: >>> >>> >>> Hello Jozef that's my current configuration: >>> >>> cas.server.httpProxy.enabled=true >>> cas.server.httpProxy.secure=true >>> cas.server.httpProxy.protocol=AJP/1.3 >>> cas.server.httpProxy.scheme=http >>> cas.server.httpProxy.redirectPort=8080 >>> cas.server.httpProxy.proxyPort=8080 >>> cas.server.httpProxy.attributes.attributeName=attributeValue >>> >>> >>> >>> >>> >>> On Friday, December 15, 2017 at 10:20:48 PM UTC+8, Jozef Kotlar - EEA.sk >>> wrote: >>>> >>>> I think you should leave cas.server.httpProxy.secure=true, this is >>>> actually setting on container connector the CAS is checking. >>>> >>>> >>>> -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to a topic in the > Google Groups "CAS Community" group. > To unsubscribe from this topic, visit > https://groups.google.com/a/apereo.org/d/topic/cas-user/aey5xVaTLGI/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b225a201-5aad-41db-b65c-5783ea4838eb%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b225a201-5aad-41db-b65c-5783ea4838eb%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CACKWwDh3YLvC_5CrLmYmqRw8fuWiVbDb2MOfnMzS_edYiEqcKw%40mail.gmail.com.
