Hi, In response to your questions:
1. We recommnd you use SSL on the CAS server (and CAS clients). You can either purchase a commercial certificate (i.e. from VeriSign) or create a self-signed certificates. Self-signed certificates (where the cn equals the host name) are not implicitly trusted by the JVM and thus must be added to the cacerts file. This page details how to do that: http://www.ja-sig.org/products/cas/server/ssl/index.html 2. Are you authenticating over SSL? If not, the cookie to enable single sign on is not sent back to the browser, forcing re-authentication each time. -Scott On 1/15/07, deepthi <[EMAIL PROTECTED]> wrote:
Hi All I have a requirement of enabling SSO on my product wherein if I use an SSO server for authentication, my product should not see its login page, rather go to some SSO server for authentication. And for this I use CAS as my SSO Server. I use some databas details for performing the authenication. Everything is set-up and its working perfectly. I have 2 queries here. 1) For the CAS server to work remotely i.e., if I want the SSO server running one one machine and I want other machines to access it and use it for validating, I need to create the certificate with the name of the machine where my SSO Server is running and I need to put the cacerts in the jre\lib\security . Is this the actual procedure to be followed? If so, may I know the reason behind it? I am not sure why we are doing this. 2) After getting authenticated, I see the success.jsp. I put 2 links(two different applications) on this page. The user who just logged-in have an access to use both of them. But if I try to open the applications in 2 different browsers, CAS sends me the login page again. This means that the session is not carried to the new window. But I dont want to see this. Is there any point wherein I can enable on the CAS end so that the session can be carried forward to another browser. Heard that CAS 3.0 handles this. I am not sure of that too. My current version of CAS is 2.0.12 Thanks a lot! Deepthi K _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
