Hi, Regarding the single sign on to multiple applications it seems to work fine initially but then with time it starts to stop working. For example we have 2 CAS web servers using the same database for the tickets which are behind an F5 load balancer. At this moment only 1 is in the loop because were having issues with intermittent login issues but now all of a sudden when a user logs into a CAS application and then tries to go to another application they are forced to login again.
So we had our networking team route traffic to our second CAS server which did not seem to show any problems. Currently our first server still seems to show the problem even though the configuration between both should be the same. Should the hostname of the cas server matter when accessing the applications as long as both are using the same database for ticketing? If I try to access the web site that is pointing to the CAS Server directly bypassing the load balancer address and authenticate then try to go to a site which is still pointing to the load balancer address shouldn't single sign should work despite the hostname being different? The only change we did on the server is remove ldap pooling and enable debugging on the log4j configuration. Any help much appreciated. Thanks! ___________________ Juan Quintanilla UTS - Enterprise Group 305-348-6573 [email protected]<mailto:[email protected]> ________________________________ From: Christopher Myers <[email protected]> Sent: Monday, August 10, 2015 4:33 PM To: [email protected] Subject: Re: [cas-user] CAS SSO login issue Out of curiosity, is the application set to force a new login? Eg., we have a CRM application that appends "....&renew=true" to the end of the login URLs, which forces CAS to make the user log in, even if they just logged into CAS 10 seconds before. Chris >>> Juan Quintanilla <[email protected]> 08/10/15 3:29 PM >>> Hi, We recently encountered a new issue where user logs into application using CAS and authenticates then immediately goes to another site using CAS and they are presented with the login page instead of being signed in so they have to login again. We are running CAS 3.6.0 and Tomcat 8 with ldap backend, it seemed to be working before and the only changes that we have made was removing the ldap pooling from the deployer config and they modified the load balancer sticky sessions to longer time. We are wondering what might be causing the application not check if there is a Ticket already for the session. Thanks! ___________________ Juan Quintanilla UTS - Enterprise Group 305-348-6573 [email protected]<mailto:[email protected]> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
