A note - in addition to secure=true, for our Tomcat 6 connector since our load balancer VIP is on port 443 while the CAS server listens on 8080, we also added: redirectPort="443" proxyPort="443" scheme="https"
Ted F. Fisher Server Administrator 323 Hayes Hall Information Technology Services Email: [email protected]<mailto:[email protected]> Phone: 419.372.1626 [cid:[email protected]] From: McClenon, Brady [mailto:[email protected]] Sent: Monday, November 05, 2012 8:54 AM To: [email protected] Subject: RE: [cas-user] CAS behind a load balancer with SSL termination <Connector port="8080" protocol="org.apache.coyote.http11.Http11AprProtocol" secure="true" /> Add secure="true" to your Tomcat connector. That should be all you need to do. Brady McClenon Senior Server Administrator Applications Research & Development Information Technology Services SUNY College at Oneonta 607-436-3203 “Quotes found on the internet are not always accurate.” - Abraham Lincoln -----Original Message----- From: Michael Easthope [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Monday, November 05, 2012 1:18 AM To: [email protected]<mailto:[email protected]> Subject: [cas-user] CAS behind a load balancer with SSL termination We want to put our CAS server behind an enterprise load balancer with SSL termination. This means that we are going to take responsibility for ensuring network security between the CAS server and the enterprise load balancer. The problem is that the CAS server code throws warning messages when you connect without SSL - and these messages don't seem to be congigurable? I've seen the post by Andrew P Tillinghast where he indicates he is doing this. https://groups.google.com/forum/?fromgroups=#!topic/jasig-cas-user/V5OKrDSzk1E Can anyone tell me if there is an 'offical' process for doing this - or can someone send me more detailed descriptions of the changes required to the code? Thanks Michael Easthope -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
<<inline: image001.gif>>
