Its not possible CA's won't work in SSO if it's over http
El jueves, 8 de febrero de 2018, Ramakrishna G <[email protected]> escribió: > Hello Man H, > > I am planning to use NGINX Load balancer over https. The load balancer > takes care of redirecting to CAS Server and CAS client in *http*. Do you > recommend this approach? If yes then how do I enable SSO over http? > > For outside world it would be https but internally I am planning to > communicate in http. > > Thanks > Ramakrishna G > > On Thu, Feb 8, 2018 at 4:35 PM, Man H <[email protected]> wrote: > >> You will have to install it in both but this is not a CA's issue you will >> find more information in stack overflow etc about SSL tomcat apache >> configuration. >> >> If you install self signed certificate browser will challenge user to >> accept that as insecure. >> >> >> El jueves, 8 de febrero de 2018, Ramakrishna G <[email protected]> escribió: >> >>> Hello, >>> >>> I am using CAS on development server and soon I'll be shifting to >>> production. I am using mod_auth_cas as client and I am running CAS server >>> and CAS Client in same machine. Should I create certificates for both >>> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine? >>> >>> In mod_auth_cas which certificates does this *CASCertificatePath* refer >>> to? >>> >>> How do I create self signed certificates for both CAS Server and CAS >>> Client? >>> >>> It would be helpful if someone clarify me on this. >>> >>> >>> >>> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G <[email protected]> wrote: >>> >>>> Yes. I am just using at my development server. When releasing to >>>> production I'll get a valid SSL Certificate. >>>> >>>> Thanks >>>> Ramakrishna G >>>> >>>> On Tue, Feb 6, 2018 at 6:36 PM, Man H <[email protected]> wrote: >>>> >>>>> There is a potential security risk in doing this . >>>>> CA's needs SSL in order to function safely with SSO. >>>>> >>>>> >>>>> El martes, 6 de febrero de 2018, Ramakrishna G <[email protected]> escribió: >>>>> >>>>>> Hi Mukunthini Jeyakumar, >>>>>> >>>>>> To resolve this error you need have a valid SSL certificate signed by >>>>>> CA. If you don't have you can just disable SSL in cas.properties file. >>>>>> >>>>>> server.ssl.enabled= false >>>>>> cas.serviceRegistry.initFromJson=true >>>>>> cas.serviceRegistry.config.location: file:/etc/cas/services >>>>>> >>>>>> in somename.json inside /etc/cas/services folder >>>>>> >>>>>> { >>>>>> "@class": "org.apereo.cas.services.RegexRegisteredService", >>>>>> "serviceId": "^(*http|*https|imaps)://.*", >>>>>> "name": "HTTPS/IMAPS wildcard", >>>>>> "id": 20170905111650, >>>>>> "evaluationOrder": 99999 >>>>>> } >>>>>> and enable http in services. Also comment all CASValidateSAML in >>>>>> client side. Now you are good to access over http which will solve the >>>>>> problem. >>>>>> >>>>>> Thanks >>>>>> Ramakrishna >>>>>> >>>>>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Ramakrishna, >>>>>>> >>>>>>> have you find the way to resolve the issue? I'm having the same >>>>>>> >>>>>>> Thanks >>>>>>> Thini >>>>>>> Other recipients: >>>>>>> Ramakrishna, Perhaps there is something not right with your client >>>>>>> application config? Is it running on https://192.168.111.118:8443 >>>>>>> or is that CAS? Multiple service tickets in the URL suggests that the >>>>>>> request is being redirected to CAS multiple >>>>>>> >>>>>>> -- >>>>>>> - Website: https://apereo.github.io/cas >>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>> --- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "CAS Community" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to [email protected]. >>>>>>> To view this discussion on the web visit >>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f >>>>>>> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org >>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3fd%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> >>>>>> -- >>>>>> - Website: https://apereo.github.io/cas >>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "CAS Community" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGS >>>>>> T5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com >>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> - Website: https://apereo.github.io/cas >>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>> - Contributions: https://goo.gl/mh7qDG >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY >>>>> 5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com >>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> >>>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/a/ap >>> ereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnM >>> QuHGWxH%3DF4wrm4TYw%40mail.gmail.com >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9D_p5PrA7NhcKctm59tDdf0adnMQuHGWxH%3DF4wrm4TYw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> - Website: https://apereo.github.io/cas >> - Gitter Chatroom: https://gitter.im/apereo/cas >> - List Guidelines: https://goo.gl/1VRrw7 >> - Contributions: https://goo.gl/mh7qDG >> --- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/a/ap >> ereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3% >> 2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid6U_Q0q%3DWjWbEeUMnhg1w8m3%2BaxEBiHZWsZVJfVLuOsA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7% > 2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P929UB15Y28aM7s09yM7%2BYCm64%2BZStrBSuWEo2R1uvuQA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mif2xR_%3DB51iopH8ENp4GBN6KHxw%2BRqc%3DqttMmugwmWqaw%40mail.gmail.com.
