You're always welcome to add any additional insights to our Wiki: http://www.ja-sig.org/wiki/display/CASUM/Home
Thanks! -Scott On Nov 15, 2007 4:22 PM, Kristin Coles <[EMAIL PROTECTED]> wrote: > Got it! :) Thank you. > > I am hoping that someday I can put together a detailed (and complete) > list of things I had to do to get CAS work in my environment and post > it as a blog or email it to this forum. The sooner the better because > I might forget all the little details that I remember now. This might > help others newbies like me to get CAS working for them lot faster > than I did (especially if their environment resembles mine). > > Have a great day guys. > > Regards, > Kristin > > > > > On Nov 15, 2007 12:37 PM, Scott Battaglia <[EMAIL PROTECTED]> > wrote: > > When you go to the CAS login page, it only checks the TGT for validity > if > > you also actually request authentication to something (which is why if > you > > specify a service url you'll be prompted for credentials). There is no > way > > to check the validity of a TGT without requesting a service ticket. > > > > Otherwise, if you don't request access to a service it just checks if > you > > have a single sign on session already initiated by looking for the > cookie > > (this method is secure as the first time you attempt to gain access to > > anything it will detect that the session is no longer valid). > > > > Hope that helps. Glad to hear you've got CAS working! > > -Scott > > > > -- > > > > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > > > On Nov 15, 2007 2:07 PM, Kristin Coles <[EMAIL PROTECTED]> wrote: > > > Thank you for a quick reply Scott.You are right, when I give a > > > different service parameter to the login URL, I'm getting the login > > > prompt. > > > > > > I understand that the cookie still exists (because a. it did not > > > expire; b. browser wasn't closed; c. the user did not delete the > > > cookies from the browser). But since the corresponding TGT does not > > > exist anymore, should I not be prompted for the login credentials? How > > > does the service parameter impact this behavior? Can you please > > > elaborate. > > > > > > Feels like a huge load has been lifted off my chest. I'm really > > > thankful to this forum for their continued help. I have a working CAS > > > server :) > > > > > > Regards, > > > Kristin. > > > > > > > > > > > > > > > > > > On Nov 15, 2007 11:11 AM, Scott Battaglia <[EMAIL PROTECTED]> > > wrote: > > > > You're seeing expected behavior. Your cookie exists in between > Tomcat > > > > shutdowns. If you try to access another service however, you will > be > > > > prompted for credentials because even though the cookie still exists > > client > > > > side (the browser) there is no corresponding TicketGrantingTicket on > the > > CAS > > > > Server. > > > > > > > > -Scott > > > > > > > > > > > > > > > > On Nov 15, 2007 12:46 PM, Kristin Coles <[EMAIL PROTECTED]> > wrote: > > > > > Thanks for your suggestion Nicolas. It DID DISABLE session > > > > > persistence. Proof is the following message in Tomcat logs during > > > > > startup. > > > > > > > > > > [org.apache.catalina.session.PersistentManagerBase] : No Store > > > > > configured, persistence disabled > > > > > > > > > > However, when I restart Tomcat and go to https://kristin/login, I > > > > > still get the message "You have successfully logged into the > Central > > > > > Authentication Service."! > > > > > > > > > > #Tomcat\conf\server.xml > > > > > <Host name="kristin" appBase="webapps" > > > > > > > > > > unpackWARs="true" autoDeploy="true" > > > > > xmlValidation="false" xmlNamespaceAware="false" > > > > expireSessionsOnShutdown="true"> > > > > > <Context path="" docBase="cas"> > > > > > > > > > > <Manager > > className="org.apache.catalina.session.PersistentManager" > > > > > debug="0" saveOnRestart="false"></Manager> > > > > > </Context> > > > > > </Host> > > > > > > > > > > I am completely stumped! CAS and Tomcat guru's please advise! > > > > > > > > > > Regards, > > > > > Kristin > > > > > > > > > > > > > > > > > > > > > > > > > On Nov 14, 2007 11:03 PM, Nicolas Clemeur < [EMAIL PROTECTED]> > > wrote: > > > > > > > > > > > > > Thank you very much Scott! I got the browser REFRESH issue > > resolved by > > > > > > > redirecting to the same URL without the ticket. If not for > your > > reply, > > > > > > > it would have taken me a long time to figure it out! :) > > > > > > > > > > > > > > The TGTs are persisting between Tomcat restarts though. I am > still > > > > > > > unable to disable session persistence in Tomcat. > > > > > > > > > > > > > > I have tried the following to disable session persistence in > > Tomcat. > > > > > > [...] > > > > > > > Can anyone please help me. > > > > > > > > > > > > > > > > > > > I think if you add the following in your context.xml , it should > > disable > > > > session > > > > > > persistence: > > > > > > > > > > > > <!-- This prevent tomcat to serialize session object on > shutdown > > --> > > > > > > <Manager className=" > org.apache.catalina.session.PersistentManager " > > > > > > saveOnRestart="false"/> > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > Yale CAS mailing list > > > > > > [email protected] > > > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > _______________________________________________ > > > > > Yale CAS mailing list > > > > > [email protected] > > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > -Scott Battaglia > > > > > > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
