Hi Marvin, thanks for bringing up this setting. I wanted to clarify something on your comment below:
> The purpose is to set cookieSecure="false" since from perspective of > CAS the CASTGC SSO session cookie is delivered over plain HTTP. You are referring here to the one-way HTTP-based delivery from the content-switch to the CAS server, or the return delivery of the TGC ? Thanks...! Corey S. > -----Original Message----- > From: Marvin Addison [mailto:[email protected]] > Sent: November 11, 2010 7:00 AM > To: [email protected] > Subject: Re: [cas-user] CAS behind a content switch (with NAT and SSL > termination) > > But if you insist that it's trusted and secure, you will need to make > the following change in ticketGrantingTicketCookieGenerator.xml > (assumes latest CAS version 3.4.3.1): > > <bean id="ticketGrantingTicketCookieGenerator" > class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator" > p:cookieSecure="false" > p:cookieMaxAge="-1" > p:cookieName="CASTGC" > p:cookiePath="/cas" /> > > The purpose is to set cookieSecure="false" since from perspective of > CAS the CASTGC SSO session cookie is delivered over plain HTTP. > > M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
