By default (and for security reasons) CAS will never send the TGT to the browser without SSL, effectively disabling Single sign on over HTTP. You'd have to set the secure flag to false for the cookie generator in the Spring config file (which we don't recommend you do).
Cheers, Scott On Fri, May 27, 2011 at 1:40 PM, Fernando Correa <[email protected]>wrote: > I've been doing some tests with http and https configured in CAS server. I > have two cassified webapps (let's call them webapp1 and webapp2), and both > are configured to create PTs. > > HTTP > I access webapp1. The filter redirects me to login page. I put a valid pair > of username and password, and the login page redirects with a valid ticket > to webapp1. In the same browser instance, I access webapp2. The filter > redirects me to login page (and after this, the flow is the same). > > With this mode, when I do a redirect to http://casserver/logout from > webapp2, it doesn't clean my ticket, and webapp1 stills available to create > PTs. > > HTTPs > I access webapp1. The filter redirects me to login page. I put a valid pair > of username and password, and the login page redirects with a valid ticket > to webapp1. In the same browser instance, I access webapp2, and the filter > let me enter the application. > > With this mode, when I do a redirect to https://casserver/logout from > webapp2, it seems that it cleans my ticket (I see "ACTION: > TICKET_GRANTING_TICKET_DESTROYED" in CAS Server log), and webapps doesn't > still available to create PTs. > > Is correct the behavior that I'm describing? > > Is there a way to configure CAS to work with HTTPs but having the behavior > that I described in HTTP? > > Thanks in advance! > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
