If its the standard Java client, you should be able to specify the protocol as part of the service url prefix. I also know that Apache can set a flag to indicate that a request came in as HTTPS (so that Tomcat knows), not sure if Nginx can (I would assume it can)
On Wed, Feb 12, 2014 at 9:32 AM, Jérôme LELEU <[email protected]> wrote: > Hi, > > In your CAS client, the service used for the validation is a property you > can configure to a HTTPS url, isn't it? > Best regards, > Jérôme > > > > 2014-02-12 2:36 GMT+01:00 Joe Osowski <[email protected]>: > >> I'm not able to authenticate tickets as my service URL changes inside >> the servlet container. >> >> My web application sits behind Nginx and it handles the HTTPS. The >> connector to tomcat is wired for http. Like so: >> >> https->Nginx->http->tomcat->servlet >> >> So when cas authenticates my user: >> >> /cas/login?service=https%3A%2F%2Fserver.org%2F >> >> and redirects back my server like so: >> https://server.org/?ticket=ST-4-cohYFICwLFQ2WkKqFfeU-cas >> >> By the time tomcat gets the request, it sees: >> http://server.org/?ticket=ST-4-cohYFICwLFQ2WkKqFfeU-cas >> >> Now when I do the proxy validate, CAS won't confirm the ticket as the >> service has changed. >> >> >> /cas/proxyValidate?service=https%3A%2F%2Fserver.org%2F&ticket=ST-4-cohYFICwLFQ2WkKqFfeU-cas >> >> Is there a way to turn off checking the protocol? >> >> -Joe >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
