Hi,
We use a very similar setup to this.
We also have hardware load balancer doing SSL offloading.
However we use Tomcat to host the CAS instance without any apache and mod_jk.
Tomcat is listening on port 8080 with no SSL.
Then in our tomcat server.xml we set tomcat to tell CAS application that that
in-fact its accessed via 443 with SSL(https protocol).
No whenever Cas requests the URL or items from serverlt container Tomcat will
pass you set values instead.
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
proxyPort="443"
secure="true"
scheme="https"
SSLEnabled="false" />
This way Cas then doesn't need to be changed or configured.
James Parry
Senior Software Engineer
MegaNexus Limited
From: Myn Harry [mailto:[email protected]]
Sent: 31 May 2012 21:47
To: [email protected]
Subject: [cas-user] Load Balancer SSL Off-Loading
Hi:
We have an evaluation instance of CAS 3.4.11 up and running; the set-up is:
- SSL URL on load balancer
- Apache on VM, with mod_proxy connections to Tomcat (where CAS is installed)
At the moment, the CAS login page is showing message:"You are currently
accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In
order to have single sign on work, you MUST log in over HTTPS."
What is best approach for the message? The connections arriving on Tomcat will
always appear as HTTP as the HTTPS is off-loaded to the load-balancer.
Thanks.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
