> i spent 3 days searching for how to disable SSL in cas > i m using Tomcat 6 , CAS 3.3.1, ldap . > when default authetification evrythings works fine ,when i was use phpCAs > from application > i have this msg error "CAS authetification Failed". > after checking cas LOG i ve noticed that tikect is sent from cas in ssl mod
I would strongly recommend you focus your energy fixing what sounds like an SSL trust problem instead of disabling SSL. phpCAS relies on curl for SSL, and most curl installs use OpenSSL. http://gagravarr.org/writing/openssl-certs/others.shtml#ca-openssl has a list of where trusted CA certs live on common Unix platforms. > i read in one forum that s possible to disable using this tag in > deployerConfigContext.xml > <bean > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" > p:requireSecure="false" /> If you are only interested in a service ticket, changing the above will not help. The above bean controls proxy ticket security checks. Setting requireSecure to false _dramatically_ reduces the security of the proxy callback check. I see in your log extract that the proxy callback fails, but that is a benign failure unless you _need_ a proxy ticket. If you do need a proxy ticket, I would recommend you configure your Tomcat trust store to trust the cert on your application instead of disabling SSL. Hope that helps, Marvin -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
