Are you running CAS over SSL? CAS only sets its global session cookie over SSL. Otherwise, it won't open you up to the risk of having that cookie captured by something else.
-Scott On Mon, Mar 30, 2009 at 5:45 PM, Naresh Narayana <[email protected]> wrote: > I am currently using cas-server-3.3.1 and cas-client-3.3.1 for SSO. I have > configured two applications to callback CAS for authentication. > > The problem I see now is that I have have to log on to each application. > Please let me know if I am missing any settings. > > To elaborate more on it. > > I use http://myhost/app1 for application1. I would be redirected to CAS > login page. The login in successful. > Then I type in http://myhost/app2 in the same browser, I am again > redirected to CAS instead of the actual application. If I use the same > ticket for the second application's URL, TicketValidationException is > thrown. > > After I log on to each application, then I can switch the URLs without any > problem. Is a separate cookie getting generated for each application in this > scenario? > > Please advise. > > Thanks in advance, > Naresh > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
