I give you more detail. Using renew = true in cliente configuration
I access webapp1, and it redirects to login page. I authenticate there, and I come back to webapp1 authenticated. Here I have two options: 1) I access webapp2, and it redirects to login page (I was looking for this behavior). After a valid authentication, I come back to webapp2 authenticated. 2) I generate a PT in webapp1 to access webapp2, I use this PT and I access to webapp2 already autheticated (I was looking for this behavior). Using SSO disabled in http*://** I access webapp1, and it redirects to login page. I authenticate there, and I come back to webapp1 authenticated. Here I have two options: 1) I access webapp2, and it redirects to login page (I was looking for this behavior) if I have renew = true. After a valid authentication, I come back to webapp2 authenticated. If I have renew = false, it redirects to a page that advice to re-authenticate. 2) I can't generate a PT in webapp1 to access webapp2 (I receive the error that I wrote earlier). I need to generate PTs, and using them, access authenticated to webapp2. Is there a way to support this behavioir? ________________________________ From: Fernando Correa <[email protected]> To: [email protected] Sent: Tuesday, May 31, 2011 4:18 PM Subject: Re: [cas-user] SSO - Behavior in http / https Mmmmm... I tried this. It works as I expected, except that PT generation don't work. I see the following log in my CAS server. 2011-05-31 16:14:14,634 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted proxy ticket [ST-11-oYXR1sQNjoesjFVrWkgm-cas] for service [https://server/webapp22/] for user [user]> 2011-05-31 16:14:14,634 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi tTrailManager] - <Audit trail record BEGIN ============================================================= WHO: http://server/webapp1/proxyCallback WHAT: ST-11-oYXR1sQNjoesjFVrWkgm-cas for https://server/webapp2/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue May 31 16:14:14 GMT-03:00 2011 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= > 2011-05-31 16:14:14,665 WARN [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceManagement: Service Not Allowed to use SSO. Service [https://server/webapp2/]> 2011-05-31 16:14:14,665 INFO [com.github.inspektr.audit.support.Slf4jLoggingAudi tTrailManager] - <Audit trail record BEGIN ============================================================= WHO: https://server/webapp1/proxyCallback WHAT: https://server/webapp2/ ACTION: SERVICE_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Tue May 31 16:14:14 GMT-03:00 2011 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= ________________________________ From: Fernando Correa <[email protected]> To: [email protected] Sent: Tuesday, May 31, 2011 2:26 PM Subject: Re: [cas-user] SSO - Behavior in http / https Guys, you are geniuses! The differences between CAS 2.X and CAS 3.X are greats, and for better! ________________________________ From: Scott Battaglia <[email protected]> To: [email protected] Sent: Tuesday, May 31, 2011 2:17 PM Subject: Re: [cas-user] SSO - Behavior in http / https Just a note that the services management tool enforces that the renew=true parameter is provided, it does not set it if it isn't provided. On Tue, May 31, 2011 at 1:14 PM, Marvin Addison <[email protected]> wrote: > I think using a pattern like http*://*.mydomain.com/* could be my solution. > >Similar in concept, but you should review Ant pattern expressions to >make sure your expression does what you think it does. For what it's >worth, here's what we use to authorize all https services at our >university: > >https://*.vt.edu/** > >M > >-- > >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
