-Scott
On 9/6/06, tom tom <[EMAIL PROTECTED]
> wrote:
Yes agreed,
We made the load balancer as the SSL end point and kept all the certificates
there, also configured the loadbalancer to work accordindly.
That works fine.
Different question.
We call the call logout from uPortal as follows
https://localhost:8443/cas/logout?destination=https://localhost:8443/cas/login%3Fdestination=http://localhost:8080/uPortal/Login
but it does not redirect to the uPortal home page,
Scott Battaglia-2 wrote:
>
> You only need to modify the
> HttpBasedServiceCredentialsAuthenticationHandler
> configuration if you are using Proxying and your client application is
> over
> HTTP (obviously, we don't recommend running them over HTTP). You would
> need
> to set the requireSecure property to false (but again we don't recommend
> it
> as there is nothing to confirm the validity of the server then).
>
> For the CAS cookies, you would need to look in the cas-servlet.xml for
> cookiegenerators and set their "secure" property to false.
>
> -Scott
>
> On 9/4/06, tom tom <[EMAIL PROTECTED]> wrote:
>>
>>
>> Can you let meknow which configuration are u talking about in item 1
>> which
>> you have stated.
>>
>> What is meant by item 2 , does it mean we need to change the
>> HttpBasedServiceCredentialsAuthenticationHandler in the core CAS, to
>> facilitate the
>> HTTP service validate URLs
>>
>> We allready changed the CAS client to get rid of the http check but need
>> clarifications on above items.
>>
>> Thanks
>>
>>
>>
>> Scott Battaglia-2 wrote:
>> >
>> > The CAS Server never enforces HTTPS except in two scenarios:
>> > 1. By default its cookiegenerators are designed to only send secure
>> > cookies
>> > (This can be changed in the configuration).
>> >
>> > 2. The Proxy callback authentication check is HTTPS (but that can be
>> > swapped out).
>> >
>> > On the other hand, the Yale CAS Client enforces HTTPS in its retrieval
>> of
>> > web pages, so you'd have to modify the client to not use HTTPS.
>> >
>> > -Scott
>> >
>> > On 9/3/06, tom tom <[EMAIL PROTECTED]> wrote:
>> >>
>> >>
>> >> We are using CAS 3.03,
>> >>
>> >> When CAS is on production with a loadbalancer (like BigIP), is there a
>> >> property setting in CAS, so that we can
>> >> enforce HTTP request from the CAS virtual node on load balander to
>> Actual
>> >> CAS server (service validate url).
>> >>
>> >> Reason for the above question is...........
>> >>
>> >> our uPortal web.xml got the following entry, works ok when requests
>> goes
>> >> from the actual uPortal instance to virtual uPortal node on F5, but
>> when
>> >> F5
>> >> rout to the Actual Cas server it is a HTTP hit (as our load balancer
>> is
>>
>> >> set
>> >> up as such),
>> >>
>> >> I know the service validate url should be HTTPs but when the CAS is
>> >> running
>> >> with loadbalancer with all of the hardware accelarators (also in a
>> secure
>> >> network) Cant we make the validate URL http.
>> >>
>> >>
>> >> Is com.discursive.cas.extend.client.filter.serviceScheme which is in
>> >> EXTENDED CAS CLIENT something to do with this?
>> >>
>> >> .......
>> >>
>> >> <param-name>
>> >>
>> >> edu.yale.its.tp.cas.client.filter.validateUrl
>> >> </param-name>
>> >> <param-value>
>> >> https://<virutal cas node on load
>> >> balancer>/cas/serviceValidate
>> >> </param-value>
>> >>
>> >> ..............
>> >>
>> >>
>> >>
>> >> Is this something possible? Should this be done other way?
>> >>
>> >> Thanks
>> >> --
>> >> View this message in context:
>> >> http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6129270
>> >> Sent from the CAS Users forum at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> [email protected]
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >>
>> >
>> > _______________________________________________
>> > Yale CAS mailing list
>> > [email protected]
>> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6144550
>>
>> Sent from the CAS Users forum at Nabble.com.
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
View this message in context: http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6165509
Sent from the CAS Users forum at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
