CAS 3.0.6 should be able to run perfectly fine without any modifications in a non-secure environment (though we don't recommend transmitting passwords over non-SSL connections since they are passed in plaintext).
hi, Scott Battaglia Above: if not using ssl, can web sso session ok? as far as i know, the TGC(CASTGC Cookie) will not transfer to cas server. if i still want using web sso, and not using ssl,the following CookieGenerators's cookieSecure should be false? <bean id="warnCookieGenerator" class="org.springframework.web.util.CookieGenerator"> <property name="cookieSecure" value="true" /> <property name="cookieMaxAge" value="-1" /> <property name="cookieName" value="CASPRIVACY" /> <property name="cookiePath" value="/cas" /> </bean> <bean id="ticketGrantingTicketCookieGenerator" class="org.springframework.web.util.CookieGenerator"> <property name="cookieSecure" value="true" /> <property name="cookieMaxAge" value="-1" /> <property name="cookieName" value="CASTGC" /> <property name="cookiePath" value="/cas" /> </bean> Thanks a lot. ??? ??Java EE?? http://www.open-v.com ???Java EE????????Open Source???? ????,???? Open View, Victory Open E_mail: [EMAIL PROTECTED] ? [EMAIL PROTECTED] ????:(0)13710186446 ----- Original Message ----- From: Scott Battaglia To: Yale CAS mailing list Sent: Friday, January 05, 2007 8:42 PM Subject: Re: CAS, acegi security and SSL issues CAS 3.0.6 should be able to run perfectly fine without any modifications in a non-secure environment (though we don't recommend transmitting passwords over non-SSL connections since they are passed in plaintext). However, the most recent versions of Acegi use the Yale Java Client (not the newer JA-SIG Client) which hardcodes a requirement for SSL within the SecureURL.java file. This would need to be modified and then re-compiled. -Scott On 1/5/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote: Hello all, I just deal with the integration of an actually acegi secured web application and CAS 3.06. No Proxyvalidation is needed. No SSL should be used in any traffic between web application and CAS server, because both servers are located in a dmz and are not visible ouside. Network admins don't allow ssl there. Has anybody ideas ore configurations out of the box or at least some hints or documentation? Many thanks Volker ---------------------------------------------------------------------------- Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen. Wenn Sie nicht der beabsichtigte Empfaenger sind, informieren Sie bitte sofort den Absender und loeschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ------------------------------------------------------------------------------ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
