That class is an authentication handler used for authenticating proxy credentials (i.e. the proxy callback url). If you browse the archives, or do a Google search, you'll probably encounter the threads that say if you want to send the cookie back over a non-secure request, which is NOT RECOMMENDED at all for a production environment, you should disable it on the cookie generators.
Cheers, Scott On Mon, Apr 27, 2009 at 1:33 PM, rrakesh <[email protected]> wrote: > > > I deployed the CAS server on HTTP:8080 port without SSL. And I also made > sure that I set the following property in the CAS server > deployerConfigContext.xml > <bean > > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" > p:httpClient-ref="httpClient" > p:requireSecure="false"/> > > And Now I got two web application deployed are deployed on different tomcat > server with out SSL, and I also made sure that these application contacting > the CAS server with HTTP protocol instead. > > And now with such a configuration and deployment structure SSO does not > work > any more. > > 1. If CAS server sends the cookie only on SSL (HTTPS), then what is the > need > for the flag "requireSecure" on the > "HttpBasedServiceCredentialsAuthenticationHandler" > > Thanks > RR > -- > View this message in context: > http://www.nabble.com/CAS-SERVER-with-deployed-with-requireSecure%3D%22false%22-does-not-do-SSO-tp23261229p23261229.html > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
