Interesting... First, enabling https fixed the problem. It works now. (Thanks Scott!) As for the cookies, I went back to https disabled and logged into my service through CAS. Then I checked the cookies for the CAS server and found the following 2 cookies: Name CASTGC Value TGT-1-4hAPEhBJRD0MKWgGjAdGqLVjJEjKWnh9qa6b4MclwbXCkPNfwZ-cas Host localhost Path /cas Secure Yes Expires At End Of Session <http://example.com/> Name JSESSIONID Value abcinMKRSN3vzaZV80g0r Host localhost Path / Secure No Expires At End Of Session The second, JSESSIONID cookie is from resin (app server). The first, CASTGC is from CAS. Note though, that the CASTGC cookie is marked secure even though I have disabled https in the app server and the request that the cookie was set on was not a secure connection. I would have thought that you could only set a cookie as secure if you were setting it in the reply of a secure request. Then again, I'm not an HTTP protocol expert. As for CAS requiring https... obviously ssl is required to prevent clear text transmission of credentials and ensure client identity... but... requiring https means that those of us that want an SSO solution only (less concerned with security behind the firewall) are forced to deploy SSL certs and enable https. Is there no way to use CAS as a SSO server without https? [That being said, I do want to say: Great app. It works, it's free, and it seems to be well designed. I read the protocol and it is simple and effective. That's nice to see these days. My hat is off to the developers.] -Russell
________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Ralph Feller, afelle1 Sent: Thursday, October 16, 2008 12:06 PM To: Yale CAS mailing list Subject: Re: Login works but no Single Sign On - Help? Can you confirm that your web browser has accepted the CASTGC cookie? If you use Firefox, you can find this out by going to Privacy tab under Firefox preferences and viewing cookies. On 10/16/08 10:40 AM, "Scott Battaglia" <[EMAIL PROTECTED]> wrote: Are you running CAS over HTTP or HTTPS? The secure ticketid/cookie is only sent back over HTTPS. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Thu, Oct 16, 2008 at 11:34 AM, Russell M. Allen <[EMAIL PROTECTED]> wrote: I have CAS installed in a Resin (Caucho) app server, and it appears to be working just fine. I have not modified any of the default configuration. It is as configured out of the box. I have my service configured with a CAS client, and it is appropriately redirecting requests to the CAS server for login. Once credentials are provided (username=password) the CAS server is redirecting to the service. The service validates the ticket and I get the content that was originally requested from the service. All of this works as expected. The problem occurs when I run a second service (a copy of the first, but on another port), and I try to hit it, I am forced to login again. The renew parameter to false, it's not that. It is as if the CAS server is not seeing the cookie with the ticket. In fact, I put the CAS server in debug mode and sure enough the webflow logs, if I understand them correctly, indicate that there is no ticket: 2008-10-16 11:05:10,260 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'ticketGrantingTicketExistsCheck' of flow 'login-webflow'> 2008-10-16 11:05:10,276 DEBUG [org.springframework.webflow.engine.Transition] - <Executing [EMAIL PROTECTED] on = *, to = gatewayRequestCheck] out of state 'ticketGrantingTicketExistsCheck'> 2008-10-16 11:05:10,276 DEBUG [org.springframework.webflow.engine.DecisionState] - <Entering state 'gatewayRequestCheck' of flow 'login-webflow'> This is almost certainly a simple newbie mistake... I am very grateful for any help I can get on this! :) Thanks for your time, Russell Allen Data Tech Ventures, Inc. Development Group 800.628.0241 x156 [EMAIL PROTECTED] _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ________________________________ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- Andrew R. Feller, Analyst Information Technology Services 200 Fred Frey Building Louisiana State University Baton Rouge, LA 70803 (225) 578-3737 (Office) (225) 578-6400 (Fax)
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
