Thanks for sharing that James. We have the same setup here and I need to bring up a CAS server soon with need to address that situation. The head start you've given me will help.
Ted F. Fisher Server Administrator 323 Hayes Hall Information Technology Services Email: [email protected]<mailto:[email protected]> Phone: 419.372.1626 [cid:[email protected]] From: James Parry [mailto:[email protected]] Sent: Friday, June 01, 2012 4:31 AM To: [email protected] Subject: RE: [cas-user] Load Balancer SSL Off-Loading Hi, We use a very similar setup to this. We also have hardware load balancer doing SSL offloading. However we use Tomcat to host the CAS instance without any apache and mod_jk. Tomcat is listening on port 8080 with no SSL. Then in our tomcat server.xml we set tomcat to tell CAS application that that in-fact its accessed via 443 with SSL(https protocol). No whenever Cas requests the URL or items from serverlt container Tomcat will pass you set values instead. <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" proxyPort="443" secure="true" scheme="https" SSLEnabled="false" /> This way Cas then doesn't need to be changed or configured. James Parry Senior Software Engineer MegaNexus Limited From: Myn Harry [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: 31 May 2012 21:47 To: [email protected]<mailto:[email protected]> Subject: [cas-user] Load Balancer SSL Off-Loading Hi: We have an evaluation instance of CAS 3.4.11 up and running; the set-up is: - SSL URL on load balancer - Apache on VM, with mod_proxy connections to Tomcat (where CAS is installed) At the moment, the CAS login page is showing message:"You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS." What is best approach for the message? The connections arriving on Tomcat will always appear as HTTP as the HTTPS is off-loaded to the load-balancer. Thanks. -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<inline: image001.gif>>
