Re: [cas-user] SSL offload and HTTPS warning?

[Andrew Petro]

The warning is displayed because from CAS's perspective it is not being accessed over SSL, and so it's trying to warn new adopters that failing to use SSL will by default prevent single sign on from working (and not using SSL is more generally a really bad idea.) Whether SSO actually works and whether use of CAS is actually secure depends on whether access is really over SSL (and consequently whether from the browser's perspective access is over SSL).  CAS by default sets cookies as "secure"; browsers will only present such cookies back to the server if the browser believes access is over SSL. In short, you're getting a false warning here.  You can eliminate the warning by using custom JSPs as you have in the past and go on your merry way.  You might be able to configure your servers and servlet container and so forth to (rightly) believe that it is being securely accessed.  While doing so would be tidy, it doesn't actually add any value or change any functionality other than this trivial cosmetic warning. This has come up a few times on the list now.  I'll make a note to go add some information about this the CAS manual.  It might be that this feature adds more confusion that it solves, but it was added in response to newcomers standing up CAS without SSL and then being concerned that single sign-on doesn't work. Andrew On 09/30/2011 09:55 AM, Tillinghast, Andrew P. wrote: We've updated our CAS to 3.4.10, now in the default login view we get a warning "You are currently accessing CAS over a non-secure connection. Single Sign on WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS." But in fact from the client we are connecting via HTTPS, but we have the SSL offloaded by the load balancer so the connection from the load balancer to CAS isn't HTTPS.  Is this the cause of the error? We don't have that warning in the JSP of our custom views and we have no problems with them. Andrew Tillinghast Sr. Web Developer atill...@conncoll.edu 270 Mohegan Avenue New London, CT 06320-4196 Ph:860 439-5265 Fax: 860 439-2871 P Think before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. -- You are currently subscribed to cas-user@lists.jasig.org as: ape...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user