I¹ve got a standard installation (have not done anything special other than LDAP interfacing)
There is a JSESSIONID and CASTGC (both from CAS) There is a MOD_AUTH_CAS_S for the 1st web server. Thierry. On 11/07/2009 16:28, "[email protected]" <[email protected]> wrote: > You should only have one cookie from the CAS server itself. > > Sent from my Verizon Wireless BlackBerry > > > From: Thierry Delaitre > Date: Sat, 11 Jul 2009 16:22:30 +0100 > To: <[email protected]> > Subject: Re: [cas-user] SSO > Both apache servers are configured identically. > > <Directory "/var/www/td"> > AllowOverride AuthConfig > Order allow,deny > Allow from all > AuthType CAS > AuthName "xxx" > require valid-user > </Directory> > >> >you mean to sign again redirect to CAS or (re)supply username and password? > > I get redirected to CAS where I enter a login/password and gets redirected > back to the resource. > > I¹ve got 2 cookies for the CAS on the browser and a cookie for the first > apache server. I don¹t see a cookie added when I try accessing the second > apache server unless I sign in again. > > Thierry. > > On 11/07/2009 16:10, "Giovanni Cocco" <[email protected]> wrote: > >> Probably in the second server you need to redirect to CAS >> (when you require a protected resources) and a this time SSO cookie >> would be accessed by CAS.... >> you mean to sign again redirect to CAS or (re)supply username and password? >> >> GC >> >> ___________________________ >> >> http://www.japsportal.org/ >> >> 2009/7/11 Thierry Delaitre <[email protected]> >>> The 2 apache servers have https enabled and the tomcat server also. The >>> authentication works with each apache server. The problem is that I have to >>> sign in again when switching from one to the other. >>> >>> CASLoginURL https://xxx/cas-server-webapp-3.3.3/login >>> CASValidateURL https://xxx/cas-server-webapp-3.3.3/serviceValidate >>> >>> Cheers, >>> >>> Thierry. >>> >>> >>> >>> On 11/07/2009 15:56, "Scott Battaglia" <[email protected] >>> <http://[email protected]> > wrote: >>> >>>> The most common cause of this is that you're not running CAS over HTTPSÿ >>>> If CAS is not run over HTTPS, then it will not send the SSO session cookie >>>> to the browser. >>>> >>>> Cheers, >>>> Scott >>>> >>>> >>>> On Sat, Jul 11, 2009 at 10:48 AM, Thierry Delaitre >>>> <[email protected] <http://[email protected]> > >>>> wrote: >>>>> Hello, >>>>> >>>>> I¹ve just deployed Cas 3.3.3 on a debian box. >>>>> >>>>> I¹ve got 2 apache servers on 2 separate linux box using the above CAS >>>>> server. >>>>> >>>>> I can authenticate via cas on each apache server but I have to login to >>>>> each apache server. I don¹t seem to be able to login once and use any >>>>> server. >>>>> >>>>> It seems I have to login again when switching to the second apache >>>>> server. Isn¹t it meant to re-use the already logged in session/ticket ? >>>>> >>>>> This is what I see in the cas log when I¹m already logged in to one of >>>>> the 2 apache server and tries to use the second one: >>>>> >>>>> Can you help me ? >>>>> >>>>> Thanks >>>>> >>>>> Thierry. >>>>> >>>>> 2009-07-11 15:30:39,565 DEBUG >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action >>>>> 'InitialFlowSetupAction' beginning execution >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in >>>>> FlowScope: https://users.ecs.westminster.ac.uk/td/ >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action >>>>> 'InitialFlowSetupAction' completed execution; result is 'success' >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action >>>>> 'GenerateServiceTicketAction' beginning execution >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action >>>>> 'GenerateServiceTicketAction' completed execution; result is 'error' >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>>> object with name 'credentials' >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new >>>>> instance of form object class [class >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object >>>>> of type [class >>>>> org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in >>>>> scope Flow with name 'credentials' >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form >>>>> errors for object with name 'credentials' >>>>> 2009-07-11 15:30:39,566 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor >>>>> registrar set, no custom editors to register >>>>> 2009-07-11 15:30:39,567 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors >>>>> instance in scope Flash >>>>> 2009-07-11 15:30:39,567 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> 2009-07-11 15:30:39,567 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> 'AuthenticationViaFormAction' beginning execution >>>>> 2009-07-11 15:30:39,567 DEBUG >>>>> [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action >>>>> 'AuthenticationViaFormAction' completed execution; result is 'success' >>>>> >>>>> Tÿÿ Universitÿ oÿ Westminster iÿ a charity andÿÿ company >>>>> limited by guarantee. Registration numbeÿÿ 977818 England. >>>>> Registerÿÿ Officeÿ 3ÿÿ Regent Street, London W1ÿ 2UW. >>> >>> The Universiÿÿ ÿÿ Westminster ÿÿ ÿ charity anÿ a company >>> limiteÿ bÿ guarantee. Registratioÿ number: 97781ÿ England. >>> Registered Officÿÿ 309 Regenÿ Street, Londoÿ Wÿÿ 2UW. > > The University of Westminster is a charity and a company limited by > guarantee. Registration number: 977818 England. Registered Office: 309 Regent > Street, London W1B 2UW. -- The University of Westminster is a charity and a company limited by guarantee. Registration number: 977818 England. Registered Office: 309 Regent Street, London W1B 2UW, UK. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
