Ok I got it, the property "requireSecure" means if the CALL back URL to the
two web applciations I have need to be communicated over SSL or not.
<bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
p:httpClient-ref="httpClient"
p:requireSecure="false"/>
But CAS Server web application does need SSO for sure. The two web
application to communication with the CAS server over SSL.
It's my fault I miss read the documentation comments.
Thanks
RR
rrakesh wrote:
>
>
> I deployed the CAS server on HTTP:8080 port without SSL. And I also made
> sure that I set the following property in the CAS server
> deployerConfigContext.xml
> <bean
> class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
> p:httpClient-ref="httpClient"
> p:requireSecure="false"/>
>
> And Now I got two web application deployed are deployed on different
> tomcat server with out SSL, and I also made sure that these application
> contacting the CAS server with HTTP protocol instead.
>
> And now with such a configuration and deployment structure SSO does not
> work any more.
>
> 1. If CAS server sends the cookie only on SSL (HTTPS), then what is the
> need for the flag "requireSecure" on the
> "HttpBasedServiceCredentialsAuthenticationHandler"
>
> Thanks
> RR
>
--
View this message in context:
http://www.nabble.com/CAS-SERVER-with-deployed-with-requireSecure%3D%22false%22-does-not-do-SSO-tp23261229p23261318.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
