All,
We are using CAS on a website that can be browsed using both http and https (the CAS dialog is of course only available using https). For this reason, our casClientConfig setting for serverName is of the form www.company.com <http://www.company.com> , and we expect the .NET CAS client to correctly redirect the user using http or https, as appropriate. This expectation is confirmed by inspecting the following code from UrlUtil.ConstructServiceUrl if (!(CasAuthentication.ServerName.StartsWith("https://";) || CasAuthentication.ServerName.StartsWith("http://";))) { buffer.Append(request.IsSecureConnection ? "https://"; : "http://";); } However, it seems that our post-login redirect always uses http, even when the user was browsing using https. Judging by the code, this would happen if request.IsSecureConnection returns false. Before we dig much deeper I just wanted to ask if there are any known issues in this part of the .NET CAS client. Or are we mistaken and/or likely to have just mis-configured the CAS client. Kind regards, Richard -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
