So it looks like I don't need proxy authentication. Thanks. But what's about my 302 error then ? I feel like most of people must have the same architecture : a web server (apache, IIS), a application server (tomcat, jboss,..), and the cas server. In this architecture, if the web server load pages from the application server, and these pages are protected by CAS, an error 302 Moved Temporary should occur when we try to access these pages. Right ? - that's what happens for me :( The only way I see to stop this problem, is to make the application server having a public access (whereas for now, it's not, we're using internal rewrite-rules to connect to the application server). But I don't like that.
Any help appreciated. Thanks! 2010/1/26 Scott Battaglia <[email protected]> > If you're trying to access a secured remote service on behalf of a user, > you should be passing a proxy ticket to that service. If the service can > then create a session, you only need to do it once. Otherwise you'd need a > proxy ticket per request. > > Cheers, > Scott > > > On Mon, Jan 25, 2010 at 10:48 AM, Bertrand Tignon <[email protected]>wrote: > >> Hi, >> >> I am trying to set up CAS within our architecture, and we are going >> through several issues. >> >> Here's what we are trying to set up : >> >> http://somwhere.com/ is our IIS where we have our html pages >> >> some of the html pages need some dynamic content, so they call the >> following application server : >> >> http://webappserver.com:8080/webapp/ >> >> this webapp is Casified. The web.xml has a gateway filter (/*), a >> authentication filter (/signin), a validation filter (/*), and a wrapper >> filter (/*). >> >> so this webapp talks to the CAS server which is : >> >> https://securecas:8443/cas >> >> >> First, does it make sense ? >> >> If no, please tell me. If yes : >> >> Our html pages load the dynamic content, with an ajax call (jquery load). >> The problem is that when we load the content, it gives back a 302 error. >> >> When I take off the gateway filter, it works fine, no 302 error. but then, >> my header (which says :register/signin or Welcome/signout) never knows when >> a user is connected, and always shows register/signin. >> >> When I keep the gateway only for the header, and user iframe instead of >> ajax to load the header. it works, but when the user refreshes the page the >> header keeps being different. It is really really wierd. It's almost every >> other time. >> >> >> I am thinking, am I in a case where I should use proxy settings to avoid >> 302 errors ? If yes, I have no idea how to configure proxy settings and I >> can't find good documentation and example online. Any help appreciated. >> >> >> Or if I don;t have to use proxy settings, what should I do to make my sso >> work ? >> >> >> Thank you very much for your help! >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
