In develop environment, you can config CAS not using SSL, then you don't have to change the code.
在 2010-04-09五的 07:34 -0800,robbyx写道: > > robbyx wrote: > > > > Hi all, > > > > I’ve got last version of OFbiz retrieved on trunk > > http://svn.apache.org/repos/asf/ofbiz/trunk > > I’ve activated specialpurpose ldap and correctly configured file ldap.xml > > I’ve defined entries <!-- Security Mappings --> in file <ofbizroot>\ > > framework\common\webcommon\WEB-INF\common-controller.xml to use class > > LdapLoginWorker. > > > > Problem is that each time i move in application /webtools, i’m redirected > > to CAS login page!!! > > It seems that login information is lost after each http request. > > > > Thanks for your help. > > > > > > Problem is identified : > We used CAS with http and not https because /validate didn't work with a not > valid SSL certificate (out of date) > But CAS requires https with /login to read-write Ticket-Granting Cookie. > To solve problem, we've modified parameter CasValidateUri to CasValidateUrl > : > <CasUrl>https://<server>:20043/cas</CasUrl> > <CasValidateUrl>http://<server>:20000/cas/validate</CasValidateUrl> > and class OFBizCasAuthenticationHandler.java > > > >
