CAS does not require SSL and will deploy and accept authentication requests (though I did forget to mention a configuration change to enable it to send non-secure cookies to enable SSO... in the cas-servlet.xml change the cookie generator properties that say secure to false from true). Which server classes did you have to over-ride to enable it to work without SSL? I deploy it locally without SSL without issue.
As for the CAS client, the JA-SIG CAS Client for Java does not require SSL, though the Yale Java Client does (which I mentioned before). If you are not seeing SSO enabled its because you are running over non-SSL ports without telling CAS that you are running over non-SSL ports (it by default will only send cookies securely...see above). I should state again that it is highly recommended to run CAS over SSL. Otherwise you are transmitting passwords, cookies, etc. in plaintext for anyone to see. The services.xml will not help with your SSO issue (its a matter of configuring CAS to transmit insecure cookies which we disable by default for security reasons). The services portion of CAS is an example of how to enable service restrictions on the CAS server (i.e. only service X, Y, and Z can use CAS but not service A). There is no need to bridge from a service name to a service url as part of the configuration requires is the service url (its the service id). Its easy to turn on (just uncomment the file name in the web.xml). Hope that helps. -Scott On 1/9/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote:
Hello all, Hello Scott, thanks for your fast answer... I git it working without https, but be aware, even if HttpClient does both, CAS Server and Clients require SSL to work with. So I had to override some classes, or make new one with changed code. CAS requires SSL ! ! ! ! ! ! , not HttpCLient...thats right. In the moment, two Web apps shall do a SSO, I have to log on on both applications. After that, it seems to me, that there are all needed tickets, but they are available twice, for both services. It looks more as 'NOT single sign on'... You told me, that I have not to use services.xml. Fine. I would like to know, for what the hell the file is good anyway, how it works, and how to make the bridge from the service name (contactcas) to the url of the service url and so on. Documentation says nothing about it. Perhaps it would solve my problem with the second login page... thank you for your help regards Volker ------------------------------ * Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte Informationen. Wenn Sie nicht der beabsichtigte Empfaenger sind, informieren Sie bitte sofort den Absender und loeschen Sie diese E-Mail. Das unbefugte Kopieren dieser E-Mail oder die unbefugte Weitergabe der enthaltenen Informationen ist nicht gestattet. The information contained in this message is confidential or protected by law. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorised copying of this message or unauthorised distribution of the information contained herein is prohibited. * _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
