Worked like a charm - I knew it had to be something simple.
Thank you very much!
On 07/27/2011 01:15 PM, Marvin Addison wrote:
The first tab shown is the output from /cas/services. In the 2nd tab, we
see successful authentication as one of the application users. In the
3rd tab, we visit the other CAS-protected application, and are sent to
the CAS login server. This is the problem - we're expecting the existing
cookie to be valid and authentication should not be required.
SSO doesn't work because you're accessing CAS over plain http. The
underlying cause for this is that CAS sets the secure flag on the
CASTGC cookie so it's not transmitted in the clear. Configure for SSL
and you should get the behavior you want.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
