On Wed, Dec 8, 2010 at 10:21 PM, Vipin Jain <[email protected]> wrote:
> ok, but i am using the same CAS server for issuing the ticket at both the > clients. It doesn't matter. You can only validate a service ticket once. So if both clients get the same ticket, the second one will fail. > > also, is remoteUser a header which i can read > Its the HttpServletRequest#getRemoteUser(). > > > On Thu, Dec 9, 2010 at 8:47 AM, Scott Battaglia <[email protected] > > wrote: > >> Two of them can't read the same ticket. Tickets can only be used once. >> >> >> On Wed, Dec 8, 2010 at 10:14 PM, Vipin Jain <[email protected]> wrote: >> >>> Thanks >>> >>> but we need protection even if anybody accesses the direct websphere >>> application so have CAS clients at both levels. >>> >>> Can't we have two CAS clients working at a time? >>> >>> Thanks >>> Vipin >>> >>> On Thu, Dec 9, 2010 at 8:37 AM, Scott Battaglia < >>> [email protected]> wrote: >>> >>>> You only need one CAS client. You either need to use mod_auth_cas (and >>>> then read the remoteUser) or use the CAS Client. >>>> >>>> >>>> On Wed, Dec 8, 2010 at 10:05 PM, Vipin Jain <[email protected]> wrote: >>>> >>>>> Hello Scott, >>>>> >>>>> I have a peculiar problem >>>>> >>>>> We have configured the environment as below >>>>> >>>>> 1. Install CAS on Tomcat >>>>> 2. Configured mod_auth_cas on Apache with CAS Tomcat URL >>>>> 3. Configured CAS Client as TAI on Websphere with the same CAS Tomcat >>>>> URL >>>>> 4. Proxy all the access through Apache >>>>> >>>>> Here is the flow >>>>> >>>>> 1. User access websphere application thru Apache >>>>> 2. mod_auth_cas intercepts and sends to Tomcat CAS Login page >>>>> 3. User authenticates and it is redirected to the websphere application >>>>> 4. Websphere CAS agent is not able to read the ticket and gives the >>>>> below error >>>>> >>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O has ticket? =false >>>>> [12/9/10 8:24:48:829 IST] 000000ee SystemOut O request url= >>>>> https://in-ccuapp008:9443/TCLProcessUI/JSP/homepage/index.faces >>>>> >>>>> If we remove the mod_auth_cas from Apache and only Proxy the >>>>> application through apache. Everything works fine. >>>>> >>>>> So mod_auth_cas is creating issues. >>>>> >>>>> Can you please help me whats the problem. >>>>> >>>>> Thanks >>>>> Vipin >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> >>>> >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
