> what should be the values of the following configuration properties? > > cas.properties > > cas.securityContext.serviceProperties.service > cas.securityContext.casProcessingFilterEntryPoint.loginUrl > cas.securityContext.ticketValidator.casServerUrlPrefix
You probably want to point to the public alias, https://public-host/sso, for the URLs above. On a related note, it is far more important that you understand the consequences of communicating from the content switch to the real CAS host in the clear. The private network from the switch to CAS should be a trusted, secure network. Frankly, I believe there are few of those. But if you insist that it's trusted and secure, you will need to make the following change in ticketGrantingTicketCookieGenerator.xml (assumes latest CAS version 3.4.3.1): <bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" p:cookieSecure="false" p:cookieMaxAge="-1" p:cookieName="CASTGC" p:cookiePath="/cas" /> The purpose is to set cookieSecure="false" since from perspective of CAS the CASTGC SSO session cookie is delivered over plain HTTP. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
