Yes, sorry. I forgot that the cookieSecure would need to be set to false.
-Scott On 1/5/07, ??? <[EMAIL PROTECTED]> wrote:
CAS 3.0.6 should be able to run perfectly fine without any modifications in a non-secure environment (though we don't recommend transmitting passwords over non-SSL connections since they are passed in plaintext). hi, Scott Battaglia <[EMAIL PROTECTED]> Above: if not using ssl, can web sso session ok? as far as i know, the TGC(CASTGC Cookie) will not transfer to cas server. if i still want using web sso, and not using ssl,the following CookieGenerators's cookieSecure should be false? <bean id="warnCookieGenerator" class=" org.springframework.web.util.CookieGenerator"> <property name="cookieSecure" value="true" /> <property name="cookieMaxAge" value="-1" /> <property name="cookieName" value="CASPRIVACY" /> <property name="cookiePath" value="/cas" /> </bean> <bean id="ticketGrantingTicketCookieGenerator" class="org.springframework.web.util.CookieGenerator"> <property name="cookieSecure" value="true" /> <property name="cookieMaxAge" value="-1" /> <property name="cookieName" value="CASTGC" /> <property name="cookiePath" value="/cas" /> </bean> Thanks a lot. 罗时飞 独立Java EE顾问 http://www.open-v.com 专注于Java EE平台、敏捷方法及Open Source技术咨询 拓宽视野,奔向成功 Open View, Victory Open E_mail: [EMAIL PROTECTED] 或 [EMAIL PROTECTED] 联系电话:(0)13710186446 ----- Original Message ----- *From:* Scott Battaglia <[EMAIL PROTECTED]> *To:* Yale CAS mailing list <[email protected]> *Sent:* Friday, January 05, 2007 8:42 PM *Subject:* Re: CAS, acegi security and SSL issues CAS 3.0.6 should be able to run perfectly fine without any modifications in a non-secure environment (though we don't recommend transmitting passwords over non-SSL connections since they are passed in plaintext). However, the most recent versions of Acegi use the Yale Java Client (not the newer JA-SIG Client) which hardcodes a requirement for SSL within the SecureURL.java file. This would need to be modified and then re-compiled. -Scott On 1/5/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > Hello all, > > I just deal with the integration of an actually acegi secured web > application and CAS 3.06. > > No Proxyvalidation is needed. > > No SSL should be used in any traffic between web application and CAS > server, because both servers are located in a dmz and are not visible > ouside. Network admins don't allow ssl there. > > Has anybody ideas ore configurations out of the box or at least some > hints or documentation? > > Many thanks > > Volker > > ------------------------------ > > > * > Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte > Informationen. > Wenn Sie nicht der beabsichtigte Empfaenger sind, informieren Sie > bitte > sofort den Absender und loeschen Sie diese E-Mail. Das unbefugte > Kopieren > dieser E-Mail oder die unbefugte Weitergabe der enthaltenen > Informationen > ist nicht gestattet. > > The information contained in this message is confidential or > protected by > law. If you are not the intended recipient, please contact the > sender and > delete this message. Any unauthorised copying of this message or > unauthorised distribution of the information contained herein is > prohibited. > * > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
