Hi Scott! I will use https, but I need the behavior described for http.
The behavior that I need is the following. The user will access the company portal. Right there I will generate PTs for accesing all the applications. If anybody tries to access directly to an application without entering the company portal, I want to redirect him to the login page. Do I have a way to get this behavior with https? What about "With this mode, when I do a redirect to https://casserver/logout from webapp2, it seems that it cleans my ticket (I see "ACTION: TICKET_GRANTING_TICKET_DESTROYED" in CAS Server log), and webapps doesn't still available to create PTs.". A logout in one application avoids me to generate new PTs in the portal. Thanks again! ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Friday, May 27, 2011 2:49 PM Subject: Re: [cas-user] SSO - Behavior in http / https By default (and for security reasons) CAS will never send the TGT to the browser without SSL, effectively disabling Single sign on over HTTP. You'd have to set the secure flag to false for the cookie generator in the Spring config file (which we don't recommend you do). Cheers, Scott On Fri, May 27, 2011 at 1:40 PM, Fernando Correa <[email protected]> wrote: I've been doing some tests with http and https configured in CAS server. I have two cassified webapps (let's call them webapp1 and webapp2), and both are configured to create PTs. > >HTTP >I access webapp1. The filter redirects me to login page. I put a valid pair of >username and password, and the login page redirects with a valid ticket to >webapp1. In the same browser instance, I access webapp2. The filter redirects >me to login page (and after this, the flow is the same). > >With this mode, when I do a redirect to http://casserver/logout from webapp2, >it doesn't clean my ticket, and webapp1 stills available to create PTs. > >HTTPs >I access webapp1. The filter redirects me to login page. I put a valid pair of username and password, and the login page redirects with a valid ticket to webapp1. In the same browser instance, I access webapp2, and the filter let me enter the application. > >With this mode, when I do a redirect to https://casserver/logout from webapp2, >it seems that it cleans my ticket (I see "ACTION: >TICKET_GRANTING_TICKET_DESTROYED" in CAS Server log), and webapps doesn't >still available to create PTs. > >Is correct the behavior that I'm describing? > >Is there a way to configure CAS to work with HTTPs but having the behavior >that I described in HTTP? > >Thanks in advance! >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
