Ok so here is the setup, Load Balancer in front of 2 CAS Servers both running Apache2 using mod_jk accessing CAS on port 80 through Apache,
Load Balancer accepts SSL Connection and proxy's the client to the backend web server on port 80 We have been using HAPROXY and STUNNEL for almost all of our other apps and it works great, I haven't gotten CAS to work because Stunnel terminates the SSL and presents the certificate and connects the client to Apache Port 80 on the backend servers. Ill try adding the config below but our tomcat doesnt listen on 8080 or 8443, they are using the AJP Connector on 8009 and Apache picks up the request and serves up the content. Would I add that config in the tomcat xml under the AJP 8009 Connector section? On Mon, Nov 5, 2012 at 8:50 AM, Marvin Addison <[email protected]>wrote: > > What if we are using the same type of setup but using Tomcat with the >> Apache AJP Proxy and not using the standard 8080 and 8443 Toimcat ports? I >> have tried to do this and when I connect to SSL it connects fine but since >> we are connecting to port 80 on the backend server through the load >> balancer CAS keeps saying insecure even though the client's browser is >> https. >> > > I'm a bit confused by the mention of AJP and connecting to the back end on > port 80. In any case you need to set secure=true on the Tomcat connector > element of the container hosting CAS. The requirement for CAS is that > request.isSecure() returns true, which would be satisfied by secure=true. > See http://tomcat.apache.org/tomcat-7.0-doc/config/http.html and > http://tomcat.apache.org/tomcat-7.0-doc/config/ajp.html for more > information. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of the Baptist School of Health Professions. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
