SSO does not work over HTTP. You must run over HTTPS if you want single sign on.
Security and all that :-) On Wed, Jul 27, 2011 at 2:00 PM, Nicholas Blair <[email protected]>wrote: > I am new to deploying CAS 3.4.8 and I'm working on a proof of concept > deployment using localhost on my workstation. > > The product we're attempting to integrate with CAS is Bedework, which > includes support for CAS. > > The problem we have encountered is related to SSO between the 2 apps > configured to use the CAS server. > > I've attached the relevant sections of the web.xml files for the 2 > applications to his message. > > I've deployed CAS using the WAR overlay method and the attached > deployerConfigContext.xml in the same container (JBoss) as the other 2 > applications. > The applications each can access cas-client-core-3.1.12.jar via a shared > classloader. > > Here is a short video demonstrating the problem: > > https://mywebspace.wisc.edu/npblair/bedework/public/bedework-cas.m4v > > The first tab shown is the output from /cas/services. In the 2nd tab, we > see successful authentication as one of the application users. In the > 3rd tab, we visit the other CAS-protected application, and are sent to > the CAS login server. This is the problem - we're expecting the existing > cookie to be valid and authentication should not be required. > > Can anyone look at our CAS configuration and identify the issue? > > Thanks! > Nick > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
