Hi, I'm still surprised that I'm not seeing the attempt to access > https://TestServer/cas-web/**serviceValidate<https://TestServer/cas-web/serviceValidate>in > the IIS logs since I am seeing > https://TestServer/cas-web/**login <https://TestServer/cas-web/login>, > but I guess since the request is getting cut off during the handshake IIS > doesn't bother to log it >
The first call is the HttpModule acting as an HTTP client. Your web server is running code that is acting as a client essentially, asking the CAS server if the service ticket that just came in on this request URL is valid. You won't see it in the IIS logs. The second one is a redirect, so it's the server asking the browser to redirect. That would show up in IIS logs. > Getting .NET to accept the certificate as valid required opening MMC on > the server, adding the Certificates snapin selecting "Computer Account" and > "Local Computer", then importing the server public certificate into > "Trusted People" (I hope that's the correct spot, it worked, but I'm not an > expert on Windows security issues) as described in > http://stackoverflow.com/a/**5427149 <http://stackoverflow.com/a/5427149> > Generally for testing I recommend creating a CA certificate and using it to create both test certificates (.NET app and CAS server). Then you can configure Windows and Java to trust the CA certificate. In that case, i typically add the CA certificate into the Trusted Root Certificate Authorities store, but I think the third-party store would work fine as well. You'd need to use keytool to get java to trust the .NET app server in cases where you need proxy ticket or SSO support. -Scott -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
