If you've CASified something and you don't want a 302 redirect, you need to give it a ticket. It will validate the ticket instead of trying to redirect to the server.
On Wed, Jan 27, 2010 at 5:17 PM, Bertrand Tignon <[email protected]> wrote: > So it looks like I don't need proxy authentication. Thanks. > > But what's about my 302 error then ? > I feel like most of people must have the same architecture : a web server > (apache, IIS), a application server (tomcat, jboss,..), and the cas server. > In this architecture, if the web server load pages from the application > server, and these pages are protected by CAS, an error 302 Moved Temporary > should occur when we try to access these pages. Right ? - that's what > happens for me :( > The only way I see to stop this problem, is to make the application server > having a public access (whereas for now, it's not, we're using internal > rewrite-rules to connect to the application server). But I don't like that. > > Any help appreciated. > > Thanks! > > > 2010/1/26 Scott Battaglia <[email protected]> > >> If you're trying to access a secured remote service on behalf of a user, >> you should be passing a proxy ticket to that service. If the service can >> then create a session, you only need to do it once. Otherwise you'd need a >> proxy ticket per request. >> >> Cheers, >> Scott >> >> >> On Mon, Jan 25, 2010 at 10:48 AM, Bertrand Tignon <[email protected]>wrote: >> >>> Hi, >>> >>> I am trying to set up CAS within our architecture, and we are going >>> through several issues. >>> >>> Here's what we are trying to set up : >>> >>> http://somwhere.com/ is our IIS where we have our html pages >>> >>> some of the html pages need some dynamic content, so they call the >>> following application server : >>> >>> http://webappserver.com:8080/webapp/ >>> >>> this webapp is Casified. The web.xml has a gateway filter (/*), a >>> authentication filter (/signin), a validation filter (/*), and a wrapper >>> filter (/*). >>> >>> so this webapp talks to the CAS server which is : >>> >>> https://securecas:8443/cas >>> >>> >>> First, does it make sense ? >>> >>> If no, please tell me. If yes : >>> >>> Our html pages load the dynamic content, with an ajax call (jquery load). >>> The problem is that when we load the content, it gives back a 302 error. >>> >>> When I take off the gateway filter, it works fine, no 302 error. but >>> then, my header (which says :register/signin or Welcome/signout) never knows >>> when a user is connected, and always shows register/signin. >>> >>> When I keep the gateway only for the header, and user iframe instead of >>> ajax to load the header. it works, but when the user refreshes the page the >>> header keeps being different. It is really really wierd. It's almost every >>> other time. >>> >>> >>> I am thinking, am I in a case where I should use proxy settings to avoid >>> 302 errors ? If yes, I have no idea how to configure proxy settings and I >>> can't find good documentation and example online. Any help appreciated. >>> >>> >>> Or if I don;t have to use proxy settings, what should I do to make my sso >>> work ? >>> >>> >>> Thank you very much for your help! >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
