You should only have one cookie from the CAS server itself.
Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Thierry Delaitre <[email protected]> Date: Sat, 11 Jul 2009 16:22:30 To: <[email protected]> Subject: Re: [cas-user] SSO Both apache servers are configured identically. <Directory "/var/www/td"> AllowOverride AuthConfig Order allow,deny Allow from all AuthType CAS AuthName "xxx" require valid-user </Directory> >you mean to sign again redirect to CAS or (re)supply username and password? I get redirected to CAS where I enter a login/password and gets redirected back to the resource. ÿ¹ve got 2 cookies for the CAS on the browser and a cookie for the first apache server. I doÿ¹t see a cookie added when I try accessing the second apache server unless I sign in again. Thierry. On 11/07/2009 16:10, "Giovanni Cocco" <[email protected]> wrote: > Probably in the second server you need to redirect to CAS > (when you require a protected resources) and a this time SSO cookie > would be accessed by CAS.... > you mean to sign again redirect to CAS or (re)supply username and password? > > GC > >___________________________ > > http://www.japsportal.org/ > > 2009/7/11 Thierry Delaitre <[email protected]> >> The 2 apache servers have https enabled and the tomcat server also. The >> authentication works with each apache server. The problem is that I have to >> sign in again when switching from one to the other. >> >> CASLoginURL https://xxx/cas-server-webapp-3.3.3/login >> CASValidateURL https://xxx/cas-server-webapp-3.3.3/serviceValidate >> >> Cheers, >> >> Thierry. >> >> >> >> On 11/07/2009 15:56, "Scott Battaglia" <[email protected] >> <http://[email protected]> > wrote: >> >>> The most common cause of this is that you're not running CAS over HTTPÿÿ If >>> CAS is not run over HTTPS, then it will not send the SSO session cookie to >>> the browseÿÿ >>> >>> Cheers, >>> Scott >>> >>> >>> On Sat, Jul 11, 2009 at 10:48 AM, Thierry Delaitre >>> <[email protected] <http://[email protected]> > wrote: >>>> Hello, >>>> >>>>ÿÿ¹ve just deployed Cas 3.3.3 on a debian box. >>>> >>>> ÿ¹ve got 2 apache servers on 2 separate linux box using the above CAS >>>> server. >>>> >>>> I can authenticate via cas on each apache server but I have to login to >>>> each apache server. I dÿÿ¹t seem to be able to login once and use any >>>> server. >>>> >>>> It seems I have to login again when switching to the second apache server. >>>> Iÿÿ¹t it meant tÿÿ re-use the already logged in session/ticket ? >>>> >>>> This is what I see in the cas log when I¹m already logged in to one of the >>>> 2 apache server and tries to use the second one: >>>> >>>> Can you help me ? >>>> >>>> Thanks >>>> >>>> Thierry. >>>> >>>> 2009-07-11 15:30:39,565 DEBUG >>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action >>>> 'InitialFlowSetupAction' beginning execution >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in >>>> FlowScope: https://users.ecs.westminster.ac.uk/td/ >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action >>>> 'InitialFlowSetupAction' completed execution; result is 'success' >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action >>>> 'GenerateServiceTicketAction' beginning execution >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action >>>> 'GenerateServiceTicketAction' completed execution; result is 'error' >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>> 'AuthenticationViaFormAction' beginning execution >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>> object with name 'credentials' >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new >>>> instance of form object class [class >>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object >>>> of type [class >>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in >>>> scope Flow with name 'credentials' >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>> errors for object with name 'credentials' >>>> 2009-07-11 15:30:39,566 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor >>>> registrar set, no custom editors to register >>>> 2009-07-11 15:30:39,567 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors >>>> instance in scope Flash >>>> 2009-07-11 15:30:39,567 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>> 2009-07-11 15:30:39,567 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>> 'AuthenticationViaFormAction' beginning execution >>>> 2009-07-11 15:30:39,567 DEBUG >>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>> >>>> The Universiÿÿ ÿÿ Westminster ÿÿ ÿ charity anÿ a company >>>> limiteÿ bÿ guarantee. Registratioÿ number: 97781ÿ England. >>>> Registered Officÿÿ 309 Regenÿ Street, Londoÿ Wÿÿ 2UW. >> >> Tÿÿ Universitÿ oÿ Westminster iÿ a charity andÿÿ company >> limiteÿ bÿ guarantee. Registratioÿ number: 97781ÿ England. >> Registereÿ Office: 30ÿ Regeÿÿ Street, Londÿÿ W1B 2UW. -- The University of Westminster is a charity and a company limited by guarantee. Registration number: 977818 England. Registered Office: 309 Regent Street, London W1B 2UW, UK. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
