Jérôme, Thanks for the cookie recipe.
I had to try – was surprised that it worked at all and wanted to confirm my understanding. It doesn’t really work though if users can’t log out ☺ Waiting for the political wheels to turn before getting complicated. Curtis Long Unix Administrator Durham College T: 905-721-2000 x2714 From: Jérôme LELEU [mailto:[email protected]] Sent: February-06-15 2:21 AM To: [email protected] Subject: Re: [cas-user] CAS and multiple hostnames Hi, Identity sessions are stored in the CASTGC cookie which is saved for the host name and path of the CAS server. This is the core security configuration of CAS. I'm surprised that it would work great with multiple hostnames. You already have a UI customization mechanism by service if it's what you're looking for (http://jasig.github.io/cas/4.0.x/installation/User-Interface-Customization.html, Themes). Multi-tenancy is a lot more complicated. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2015-02-05 15:52 GMT+01:00 Curtis Long <[email protected]<mailto:[email protected]>>: We have a current CAS 3.4.12.1 installation with a local memcache ticket repository. For political reasons, we need to provide CAS authentication under a different theme/design, and under a different URI but sharing sessions. I understand that I could create another theme and map it to the services requiring that, but there seem to be some small glitches when I access the same CAS server under a different hostname. Specifically, single sign on works, but logging out does not seem to destroy the session if not done using the same hostname as the session was created with. Basically, is the above expected behaviour? Everything has been running well, but this was my first CAS install, and rushed - I want to be sure I haven't botched something before I consider a more complicated setup such as CAS delegation (http://jasig.github.io/cas/4.0.x/integration/Delegate-Authentication.html) with another system to achieve this. Other suggestions welcome. Thank you, Curtis Long Unix Administrator Durham College T: 905-721-2000 x2714 -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
