1. How does that matters in my web-app application runs on a HTTP
server and not HTTPS to CAS?
In the way I previously mentioned: a container won't send a session ID
cookie over an insecure channel.
2. I tried with changing the value of "redirectAfterValidation" to
"false" as suggested by you, but I am still facing the same problem.
I get the request.getSession().getAttribute("_const_cas_assertion_");
value as NULL.
I'd recommend putting everything over SSL and trying again. We strongly
recommend running all authentication traffic over SSL for reasons you
can investigate further by searching list archives and general Google
searches.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
