> The first tab shown is the output from /cas/services. In the 2nd tab, we > see successful authentication as one of the application users. In the > 3rd tab, we visit the other CAS-protected application, and are sent to > the CAS login server. This is the problem - we're expecting the existing > cookie to be valid and authentication should not be required.
SSO doesn't work because you're accessing CAS over plain http. The underlying cause for this is that CAS sets the secure flag on the CASTGC cookie so it's not transmitted in the clear. Configure for SSL and you should get the behavior you want. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
