Got it! :) Thank you. I am hoping that someday I can put together a detailed (and complete) list of things I had to do to get CAS work in my environment and post it as a blog or email it to this forum. The sooner the better because I might forget all the little details that I remember now. This might help others newbies like me to get CAS working for them lot faster than I did (especially if their environment resembles mine).
Have a great day guys. Regards, Kristin On Nov 15, 2007 12:37 PM, Scott Battaglia <[EMAIL PROTECTED]> wrote: > When you go to the CAS login page, it only checks the TGT for validity if > you also actually request authentication to something (which is why if you > specify a service url you'll be prompted for credentials). There is no way > to check the validity of a TGT without requesting a service ticket. > > Otherwise, if you don't request access to a service it just checks if you > have a single sign on session already initiated by looking for the cookie > (this method is secure as the first time you attempt to gain access to > anything it will detect that the session is no longer valid). > > Hope that helps. Glad to hear you've got CAS working! > -Scott > > -- > > -Scott Battaglia > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > On Nov 15, 2007 2:07 PM, Kristin Coles <[EMAIL PROTECTED]> wrote: > > Thank you for a quick reply Scott.You are right, when I give a > > different service parameter to the login URL, I'm getting the login > > prompt. > > > > I understand that the cookie still exists (because a. it did not > > expire; b. browser wasn't closed; c. the user did not delete the > > cookies from the browser). But since the corresponding TGT does not > > exist anymore, should I not be prompted for the login credentials? How > > does the service parameter impact this behavior? Can you please > > elaborate. > > > > Feels like a huge load has been lifted off my chest. I'm really > > thankful to this forum for their continued help. I have a working CAS > > server :) > > > > Regards, > > Kristin. > > > > > > > > > > > > On Nov 15, 2007 11:11 AM, Scott Battaglia <[EMAIL PROTECTED]> > wrote: > > > You're seeing expected behavior. Your cookie exists in between Tomcat > > > shutdowns. If you try to access another service however, you will be > > > prompted for credentials because even though the cookie still exists > client > > > side (the browser) there is no corresponding TicketGrantingTicket on the > CAS > > > Server. > > > > > > -Scott > > > > > > > > > > > > On Nov 15, 2007 12:46 PM, Kristin Coles <[EMAIL PROTECTED]> wrote: > > > > Thanks for your suggestion Nicolas. It DID DISABLE session > > > > persistence. Proof is the following message in Tomcat logs during > > > > startup. > > > > > > > > [org.apache.catalina.session.PersistentManagerBase] : No Store > > > > configured, persistence disabled > > > > > > > > However, when I restart Tomcat and go to https://kristin/login, I > > > > still get the message "You have successfully logged into the Central > > > > Authentication Service."! > > > > > > > > #Tomcat\conf\server.xml > > > > <Host name="kristin" appBase="webapps" > > > > > > > > unpackWARs="true" autoDeploy="true" > > > > xmlValidation="false" xmlNamespaceAware="false" > > > expireSessionsOnShutdown="true"> > > > > <Context path="" docBase="cas"> > > > > > > > > <Manager > className="org.apache.catalina.session.PersistentManager" > > > > debug="0" saveOnRestart="false"></Manager> > > > > </Context> > > > > </Host> > > > > > > > > I am completely stumped! CAS and Tomcat guru's please advise! > > > > > > > > Regards, > > > > Kristin > > > > > > > > > > > > > > > > > > > > On Nov 14, 2007 11:03 PM, Nicolas Clemeur < [EMAIL PROTECTED]> > wrote: > > > > > > > > > > > Thank you very much Scott! I got the browser REFRESH issue > resolved by > > > > > > redirecting to the same URL without the ticket. If not for your > reply, > > > > > > it would have taken me a long time to figure it out! :) > > > > > > > > > > > > The TGTs are persisting between Tomcat restarts though. I am still > > > > > > unable to disable session persistence in Tomcat. > > > > > > > > > > > > I have tried the following to disable session persistence in > Tomcat. > > > > > [...] > > > > > > Can anyone please help me. > > > > > > > > > > > > > > > > I think if you add the following in your context.xml , it should > disable > > > session > > > > > persistence: > > > > > > > > > > <!-- This prevent tomcat to serialize session object on shutdown > --> > > > > > <Manager className="org.apache.catalina.session.PersistentManager " > > > > > saveOnRestart="false"/> > > > > > > > > > > > > > > > _______________________________________________ > > > > > Yale CAS mailing list > > > > > [email protected] > > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > -- > > > > > > > > > -Scott Battaglia > > > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
