On 4/24/07, Obel, Volker <[EMAIL PROTECTED]> wrote:
You have impact on CAS behaviour in this area by changing the CAS cookies' path and / or domain. I have changed the cookie path already for special requirements of one of my customers, but I don't now in the moment, if there is a way in the large and sometimes magic spring configuration of CAS to change / configure the domain also. In fact, I found, that you can configure the cookie path, but this configuration is overridden hard coded in a Java class. So I had to replace the class by a new, own class extending the original one :-o).
The class that automatically sets the path can be removed from the web flow. It does not need to be over-ridden. Its a convenience for those who don't wish to set it manually. Cookie path's are actually set in the Spring configuration file and are completely change-able. Regardless, CAS does not need cookie modification to work with multiple domains. Out of the box, CAS will work with multiple domains without any modifications. For those curious as to how this works, the CAS protocol documents describe the interaction between the browser, the CAS server, and the application requesting authentication. Thanks -Scott If necessary, I can look in my source code, where to do this.
Please think about the requirement of really independent domain(names). If there is on application provider (your customer), it should be possible, to organize the application - servers in sub domains. Then you should be able to configure or set cookie path and domain for CAS cookies to be visible in all (sub)domains. Hopefully, you have only to handle various sub domains. Wish, that this info gives a little help for you. Regards Volker Obel ------------------------------ *Von:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *Im Auftrag von *Jason Shao *Gesendet:* Dienstag, 24. April 2007 16:50 *An:* Yale CAS mailing list *Betreff:* Re: SSO with Multiple DNS Domains On Apr 24, 2007, at 8:00 AM, Scott Battaglia wrote: Jean, As stated before, CAS works out of the box across all domains. You don't need to do anything to make the CAS work across domains. -Scott This question seems to have come up several times. I wonder if CAS needs an addition to the documentation labeled "features", or expansion of the overview section to include an explicit mention that CAS supports cross-domain SSO. Perhaps also an explicit list of the backing authentication providers supported out of the box, and things like SPNEGO, SAML, other support. Thoughts? Jason -- Jason Shao Application Developer, Architecture & Engineering Team Rutgers University - Enterprise Systems & Services v. 732-445-2869 | f. 732-445-5493 | [EMAIL PROTECTED] _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
-- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
