Thank you, Volker and Andrew. I am planning to (on 1 client) modify the CASFilter class to find out the dns name of the server and use it in the filter.
Thanks. ----- Original Message ---- From: "Obel, Volker" <[EMAIL PROTECTED]> To: Yale CAS mailing list <[email protected]> Sent: Monday, March 26, 2007 1:28:39 AM Subject: AW: Can you confirm these certificate and parameter values? Hello all, yes I can confirm your statements. However, I'm still looking for a way to setup a test server scenario with certificates created with Java's keytool utility. You must know the dns of tomcat running cas server. May be, you can set the cas urls at runtime. This should work. I put these values in a properties file which is read at startup time of the client app. If somebody has scripts for setting up SSL certificates and public keys for both client and cas server tomcats, please send them to CAS mailing list. Hope, I could help you. Regards Volker Obel -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von webzo Gesendet: Samstag, 24. März 2007 08:10 An: Yale CAS mailing list Betreff: Can you confirm these certificate and parameter values? In moving from a development to production test environment, I found the following to be true to make things works- 1. The common name (CN) used to generate the certificate MUST be a DNS name of the server hosting the CAS service. It CANNOT be localhost or IP address of the server. 2. The init-params passed to the CAS filter (serverName, loginUrl, validateUrl) via the web.xml should also contain the DNS name of the server as in https://my-server:8443/cas/login or my-server:8080 (for the serverName). It CANNOT contain localhost, as in https://localhost:8443/cas/login or localhost:8080 (for serverName). Could anyone confirm these statements? I am in a situation where CAS, Tomcat, Webapp will be deployed within a closed system of sorts with no access to anything inside the box (web.xml etc). So, I need to be set everything up beforehand (not possible since DNS name etc is unknown) or set things up programatically. At present I am considering either going through the trouble of modifying web.xml programatically or modifying the CASFilter code as was suggested previously on this forum. Your thoughts are much appreciated! ____________________________________________________________________________ ________ Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=list&sid=396546091 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ____________________________________________________________________________________ Need Mail bonding? Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users. http://answers.yahoo.com/dir/?link=list&sid=396546091 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
