You don't need to do anything other than change the cookie generators (in the spring-configuration directory) from "secure" equals "true" to "false" so that it will send the cookies back over HTTP.
However, we DO NOT EVER recommend enabling this in production. You should NEVER send username/passwords in the clear, or the our session token/cookie in the clear. Cheers Scott On Mon, May 18, 2009 at 3:53 PM, Carlos Adolfo Ortiz Q < [email protected]> wrote: > Hi you all > > I want to know how to use CAS without the HTTPS as my client does not > required to authenticate using HTTPS, only HTTP. > > I don't see how to configure it properly. > NOTE: I am extremely new to CAS. > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
