All, I am trying to implement our first CAS proxy.
I have read https://apereo.github.io/cas/5.0.x/installation/Configuring-Proxy-Authentication.html This is our exact use case. But I am having trouble truly understanding. Currently our JSON service registry has this entry for the desired server: "@class": "org.apereo.cas.services.RegexRegisteredService", "serviceId": "^https://gatetest.acs.utah.edu/.*";, "name": "testCis", "id": 4, "description": "Test Portal", "evaluationOrder": 4, "proxyPolicy": { "@class": "org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy", "pattern": "^https?://.*" }, "accessStrategy": { "@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy", "enabled": true, "ssoEnabled": true } } Our CAS server is behind a Citrix Load Balancer that does SSL termination. So I am not sure if I need SSL on the CAS server itself for this. Also my JSON service registry file does not seem to match this (from above link): { "@class" : "org.apereo.cas.services.RegexRegisteredService", "serviceId" : "^https://.+";, "name" : "test", "id" : 1, "evaluationOrder" : 0, "attributeReleasePolicy" : { "@class" : "org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy", "principalAttributesRepository" : { "@class" : "org.apereo.cas.authentication.principal.DefaultPrincipalAttributesRepository" }, "authorizedToReleaseCredentialPassword" : false, "authorizedToReleaseProxyGrantingTicket" : true }, "publicKey" : { "@class" : "org.apereo.cas.services.RegisteredServicePublicKeyImpl", "location" : "classpath:RSA1024Public.key", "algorithm" : "RSA" } } All endpoints are Java. I would love examples of client side Java filter configuration and CAS server side JSON service registry configuration. Do I really need SSL and associated keys if the Load Balancer is doing SSL offloading? Thanks for any and all help, Bryan University of Utah -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GUzXxsnRdGebkP5bvGr4ckLeGQ45YmrGsKB_-5zQ9_YEA%40mail.gmail.com.
