Thanks for the https tip! I changed my setup a bit, but only encountered new problems. I now have Apache frontend with mod_ssl proxying requests from https://example.com/ to ajp://localhost:8009/, which is where tomcat is answering.
Now https://example.com/jira/ is redirected to the cas login screen, where user enters correct username&password and here it gets interesting: instead of logging in, the request goes into an endless loop. Apache access_log alternates between "GET /jira/?ticket=ST-100-e4BkkUXTd7Dh9VzG1J4j-cas HTTP/1.1" 302 - "... "GET /cas-server-webapp-3.3.1/login?service=https%3A%2F%2Fexample.com%2Fjira%2F HTTP/1.1" 302 - "... and tomcat's catalina.out says INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-22-XKtdk5ZJcraeW1WykFb6-cas] for service [https://example.com/jira/] for user [me]> about a ten times - which is when firefox stops the redirection cycle. Retrying https://example.com/jira/ enters the redirection cycle immediately. Is it possible to get CAS working with this setup? Have I made somekind of obvious&common setup error, that somebody might have fixed for themselves? Any ideas? Iikku Scott Battaglia wrote: > Are you running CAS over HTTPS or HTTP? If you're running over HTTP, > then you won't get SSO. > > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > On Tue, Dec 16, 2008 at 9:18 AM, Iikku Mattila <[email protected] > <mailto:[email protected]>> wrote: > > Hi, > I have a (seemingly) working CAS installation with > BindLdapAuthenticationHandler, setup like > http://www.ja-sig.org/wiki/display/CASUM/LDAP . I CASified Confluence > and Jira with Soulwing as per instructions on > http://soulwing.org/confluence-cas.jsp and > http://soulwing.org/jira-cas.jsp . When user logs on to either of > those > apps, he's redirected to CAS login screen, he logs on successfully and > is redirected to the app. So all is okay with both individual > applications. However, after the user has logged on to one of the apps > and tries to use the other, he is not logged in automatically via CAS, > but instead redirected to the CAS login screen, where he can login > normally with username/password. > > So there is no single sign on, but instead two individuals logins both > handled through CAS. I'd rather have the sso. Is there perhaps > some kind > of a switch that I've missed? > > Thanks, > Iikku Mattila > _______________________________________________ > Yale CAS mailing list > [email protected] <mailto:[email protected]> > http://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- ************************************************************************ Joulukorttien lähettämisen sijaan olemme tänä vuonna lahjoittaneet TAYSin EVA-yksikköön (Erityisen vaikeahoitoisten alaikäisten psykiatrinen tutkimus- ja hoitoyksikkö) Wii-pelikonsolin heidän toiveidensa mukaisesti. Toivotamme teille rauhallista joulunaikaa sekä menestystä alkavalle vuodelle 2009! ************************************************************************ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
