> If I have Apache routing all the requests to my CAS webapp > deployed on tomcat , is it ok to have Apache over SSL and tomcat over http.
This sounds like the typical Apache reverse proxy setup for Tomcat. In that case it's probably more common to use the AJP protocol instead of HTTP, but I can't think of any particular problem with your proposed setup provided you trust the network between the Apache and Tomcat hosts. As long as the client/browser thinks it is talking HTTPS to the CAS server, everything should work fine. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
