Mmmmm... I tried this.
It works as I expected, except that PT generation don't work. I see the following log in my CAS server. 2011-05-31 16:14:14,634 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted proxy ticket [ST-11-oYXR1sQNjoesjFVrWkgm-cas] for service [https://server/webapp22/] for user [user]> 2011-05-31 16:14:14,634 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi tTrailManager] - <Audit trail record BEGIN ============================================================= WHO: http://server/webapp1/proxyCallback WHAT: ST-11-oYXR1sQNjoesjFVrWkgm-cas for https://server/webapp2/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue May 31 16:14:14 GMT-03:00 2011 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2011-05-31 16:14:14,665 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: Service Not Allowed to use SSO. Service [https://server/webapp2/]> 2011-05-31 16:14:14,665 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi tTrailManager] - <Audit trail record BEGIN ============================================================= WHO: https://server/webapp1/proxyCallback WHAT: https://server/webapp2/ ACTION: SERVICE_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Tue May 31 16:14:14 GMT-03:00 2011 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= ________________________________ From: Fernando Correa <[email protected]> To: [email protected] Sent: Tuesday, May 31, 2011 2:26 PM Subject: Re: [cas-user] SSO - Behavior in http / https Guys, you are geniuses! The differences between CAS 2.X and CAS 3.X are greats, and for better! ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Tuesday, May 31, 2011 2:17 PM Subject: Re: [cas-user] SSO - Behavior in http / https Just a note that the services management tool enforces that the renew=true parameter is provided, it does not set it if it isn't provided. On Tue, May 31, 2011 at 1:14 PM, Marvin Addison <[email protected]> wrote: > I think using a pattern like http*://*.mydomain.com/* could be my solution. > >Similar in concept, but you should review Ant pattern expressions to >make sure your expression does what you think it does. For what it's >worth, here's what we use to authorize all https services at our >university: > >https://*.vt.edu/** > >M > >-- > >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
