Cookies should be based on the domain name, and not on the IP address. If you're having issues with the server name it grabs for the domain, you should be able to explicitly set it in the cookieGenerator Spring configuration.
http://static.springsource.org/spring/docs/1.1.x/api/org/springframework/web/util/CookieGenerator.html On Tue, Jul 17, 2012 at 6:46 AM, Ronen Itkin <[email protected]> wrote: > Hi all! > > What is the best way to make Cas grant a ticket and create a cookie based > on the original client ip listed in the 'X-Forwarding-For' field (or in > other ways if you have any ideas) and not based on the host that directly > communicates with him (might be a proxy server or a load balancer) ? > > I have two Cas servers, each installed on a separate apache tomcat server > with a load balancer in front (Amazon Elastic Load Balancer). > The load balancer supports 'X-Forwarding-For' out of the box, so all I > need is to make Cas use it. > By the way, I'm using mod_cas_auth as a Cas client and Mysql as a db for > the JPA ticket registration implementation. > > Another issue I might get into is driven from the fact that the Cas web > app terminates the ssl and not the load balancer, > in that case I doubt if the load balancer will actually update the > 'X-Forwarding-For' field (it might remain encapsulated and 'untouched' > within the encrypted header), what do you think? > > Thanks !! > > -- > * > Ronen Itkin* > Taykey | www.taykey.com > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
