Andrew: My situation got complex real quick using mod_proxy and it looks like will not be using reverse proxy with HTTPS. It may still change but for now but with reverse proxy the encryption path terminates before the application content is delivered to the user.
I'm looking for answers and I keep finding my name :-) Anyhow, the other Andrew had a good suggestion. And, that's to use APR with Tomcat. Our issue here is that I haven't tried AJP outside of localhost, but that's only because I need an Apache gateway and our applications are SOA (on two boxes instead of just one application). And, I'm using butchered Tomcats inside of JBoss. I personally believe that APR and Tomcat is probably the most solid solution for you if you don't require all the J2EE nonsense like I do. You may have to try things step by step. I did, but it's time consuming and others will begin to direct your architecture that way. Also, there's no complex model to follow so you have to build with steps. HTH David On 12/16/08, Andrew Stutzman <[email protected]> wrote: > > We're having issues using CAS with Apache mod_proxy. The service > isn't being forwarded to the correct URL. Can anyone point me to > documentation or offer any advice on configuring CAS with mod_proxy? > We've just started using CAS. > > Thanks, > > Andy > > ---------------------------------- > Andrew Stutzman > Associate Director of User Support Services > The College of New Jersey > e: [email protected] > p: 609-771-3130 > > On Dec 16, 2008, at 1:54 PM, Yitzchak Schaffer wrote: > > > David Whitehurst wrote: > >> I normally see this error because the client filter is making it's > >> separate request (within the CAS client application JVM) inside of > >> the > >> CAS client java code and it's getting sent the Apache certificate > >> because it's HTTPS as well. When the server (Apache) sends the > >> certificate, it must be in the CAS client machine's trusted certs. > >> This > >> would in the JVM at jre/lib/security/cacerts. > >> > >> Import your certificate in cacerts on the CAS client machine and this > >> should go away. > > > > Yes, that was the missing link. Thank you! > > > > -- > > Yitzchak Schaffer > > Systems Librarian > > Touro College Libraries > > 33 West 23rd Street > > New York, NY 10010 > > Tel (212) 463-0400 x5230 > > Fax (212) 627-3197 > > [email protected] > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
