After further investigation, the problem is indeed not related to CAS, but to accessing session cookie from another domain in an iframe in Internet Explorer, which is not allowed by default, although it is supported in Firefox and Chrome.
The solution is to configure our server to deliver P3P headers with a policy which allows such feature. We are currently implementing this solution. Not easy since we are new to P3P, but we should get it done. If someone has samples of P3P configuration and policy files for this, these samples are welcome! Best regards. Eric _____ De : Scott Battaglia [mailto:[email protected]] Envoyé : dimanche 13 septembre 2009 19:55 À : [email protected] Objet : Re: [cas-user] how to configure CAS 3.3.3 for multidomains SSO It wouldn't be an issue on the CAS server side. Most likely you've misconfigured one of your clients or are using an HTTP port (or if you're Flex application is embedding the PHP forum somehow, that doesn't have access to the required cookies). However, CAS works out of the box with as many domains as you can think of ;-) Cheers, Scott On Sat, Sep 12, 2009 at 10:33 AM, Eric Malalel <[email protected]> wrote: We have implemented the following architecture: · a CAS authentification server running on www.domain1.com · an Adobe Flex application running on www.domain2.com · this Flex application uses authentification provided by the CAS server on www.domaine1.com (as there is no CAS client for Flex, we used a front end JSP for authenticating users) · this Flex application uses an HTML component which can display any URL embedded in the Flex application user interface · we want to use this feature to give access to the user, once authenticated to the Flex application, to a forum developed in PHP and hosted on www.domain3.com. we want the user to enter the forum with the identity already authenticated by CAS from Flex application · this PHP forum running on www.domain3.com has been configured to use the CAS server running on www.domain1.com · when we acess directly the forum from www.domain3.com, CAS authentification works well · when we access the forum through the Flex application, it does not work. We need to authenticate again to enter the forum. this may be caused but a bad configuration of the CAS server or the PHP forum or the Flex application, since we are in a multi domain environment. despite different reearches with Google, we have not found documentation about configuring CAS in a multi domain environment. So any help is welcome! Eric -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
