I need help with sharing TGT cookie for single sign on across multiple domains.
We would like to have CAS sit in the DMZ requiring users to authenticate prior to being reverse proxied to the application on the internal network. The internal application uses a CAS authentication filter. The plan is for CAS in the DMZ to write a ticket to a shared JDBC Ticket Registry. When the user is proxied to the internal application, the CASTGC cookie (TGT) ticket would be used for authentication. This should allow the user to access the internal application as the CASTGC cookie show the user has already authenticated. Currently we are running into problems with sharing the CASTGC cookie across multiple domains. The DMZ CASTGC cookie shows with domain of xyz.com. As this is a different domain to the internal CAS the CASTGC cookie is not used. We have tested using FireCookie to change the domain from the DMZ domain to the internal domain and this logs in successfully. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
