My situation is the following: we are trying to load balance on two CAS
servers: cas1 and cas2. We have an ssl cert signed for the virtual host,
<whatever>.domain.edu <http://domain.com/>, which is placed on each of
our cas servers.
I'm a little unclear of your setup; presumably you're following
https://wiki.jasig.org/display/CASUM/Shibboleth-CAS+Integration. In that
case you should note that connections from your CAS client (Shib in this
case) are back channel calls. You MUST configure the CAS client such
that the virtual host is the target of ticket validation attempts.
You'll also need to ensure that you're using a suitable HA ticket
registry since these connections are sourced differently and may hit a
different host from what the user hit with browser.
If you continue to have trouble, perform an SSL trace [1] and note the
CN of the presented certificate. That should help indicate the source of
your configuration problem.
M
[1]
https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
