For SSO to work, the CAS server needs to be secure. The client application does not need to be (though we recommend that you do).
The example you link to shows the CAS servers as being secure, and the client application as not secure. Cheers, Scott On Fri, May 18, 2012 at 5:03 PM, James Lorenzen <[email protected]>wrote: > Looks like you can set cookieSecure to false in > ticketGrantingTicketCookieGenerator.xml and warnCookieGenerator.xml and > non-SSL works, but everything has to be non-SSL. > So it seems it's either all SSL or all non-SSL and CAS doesn't support > mixing the two. > > Is that correct? > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
