I started a CAS implementation for various Java apps and the Java side was directed to move to a split (presentation/business/data layer) application architecture. CAS was hosted on the same JBoss as the presentation server at first. Next, Apache was added and mod_proxy_ajp with JBoss. Some time later it was determined that CAS should be isolated from the application (presentation and business) servers altogether. The CAS machine registers services that appear to be on the same server because Apache reverse proxy is used to hide the true application URLs.
Certificates are used 1) for Apache to host HTTPS and 2) for JBoss and CAS to talk to an Active Directory (LDAPS) server. I was not given the requirement to host HTTPS with the applications themselves, but it's unnatural to just hide users and passwords within CAS and then answer a popup that you are being redirected to an unsecure site. Even though I have no present requirement, I've added a certificate to a Tomcat keystore for the application JBoss (no Apache there) and things didn't work. I expect that I can resolve the problem but I wanted to ask if anyone has encountered these problems? And, would you recommend that reverse proxy not be used? David _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
