I am unable to get CAS to work in a particular situation and I would like to try to explain the issue to see if anyone has any ideas. When my installation began Apache was not being used and HTTP was employed only to use CAS on JBoss as an authentication mechanism and SSO was not a concern. The application architecture consisted of presentation application services on presentation servers and business application services on business servers. CAS was originally installed on the presentation servers. Once that was working, Apache was added to provide reverse proxy and hide the service hosts whether they were business server only or if two-part architecture the presentation server. In either case, the service host was hidden using reverse proxy on the Apache and CAS server at that time.
Next, CAS was extracted from the presentation server and placed on an Apache/CAS/JBoss server so that CAS was fully isolated from any application server need. Then HTTPS was employed. First, Apache would have a certificate after openSSL created a key and a signing request. Then, the application (presentation) server would use a signing request created using Java keytool for Tomcat in JBoss. Reverse proxy does not work. We get internal server error. If we remove the reverse proxy and use a URL from the application host with the 8443 port, things work fine. So I'll try to pseudo-diagram the failure configuration and then the successful. We want to use reverse proxy so that all traffic goes through Apache. Fails: https://www.apachehost.com/cas/login?service=https:/ /www.apachehost.com/application/ https://www.apachehost.com Apache->8009 (AJP) ->JBoss (CAS) .... Apache certificate config in httpd.conf Service URL https://www.apachehost.com/application/ ProxyPass and Reverse /application https://www.applicationhost.com/application:8443 ... Certificate Tomcat configured Successful: https://www.apachehost.com/cas/login?service=https://www.applicationhost.com:8443/application/ https://www.apachehost.com Apache->8009 (AJP) ->JBoss (CAS) ... Apache certificate config in httpd.conf Service URL https://www.applicationhost.com:8443/application ... Certificate Tomcat configured No reverse proxy We want to be able to use https without port number and also hide the URL for the service host. Any suggestions or comments? Thanks, David
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
