Hi all, I'm currently building a cas-overlay instance (based on CAS 5.3.3) that will be deployed to a standalone Tomcat 9 server. Our production environment will have a load balancer that will offload the SSL certificates. Between the load balancer and the Tomcat server communication will be using HTTP only.
So, we want to have CAS running on http ONLY. On my development machine, I have it running on http. If I navigate to the login page "http://localhost:8080/cas-overlay/login?service=https://www.example.org"; everything seems to be working fine. Typing the correct credentials, gets me redirected to the example.org domain with a ticket as a GET parameter "https://www.example.org/?ticket=ST-1-kP1yT6Q8VVBPlpi0NEBWi7mV0gUL-BR-PEDROR01"; But... if I navigate to the standard login page "http://localhost:8080/cas-overlay/login"; the page includes the "Non-Secure Connection" warning - "*You are currently accessing CAS over a non-secure connection. Single Sign On WILL NOT WORK. In order to have single sign on work, you MUST log in over HTTPS.*" What does it mean that single sign on WILL NOT WORK? Am I missing something, or is my setup running fine? Can I simply safely ignore the warning? Thanks. Best Regards, Pedro Rosas On Tuesday, December 19, 2017 at 4:46:07 PM UTC, Jozef Kotlar - EEA.sk wrote: > > And? That doesn't work? > It was just my guess. I am actually using another configuration to proxy > standalone CAS behind Apache HTTP Server . Following configuration allows > me to define both AJP (for proxying) and HTTP (for local monitoring) ports. > > $ cat /etc/cas/config/application.yml > info: > description: CAS Configuration > > # Embedded tomcat > cas.server: > http: > enabled: true > port: 8480 > ajp: > secure: true > enabled: true > proxyPort: 443 > scheme: https > port: 8409 > > > On Tuesday, December 19, 2017 at 3:46:37 AM UTC+1, casuser wrote: >> >> >> Hello Jozef that's my current configuration: >> >> cas.server.httpProxy.enabled=true >> cas.server.httpProxy.secure=true >> cas.server.httpProxy.protocol=AJP/1.3 >> cas.server.httpProxy.scheme=http >> cas.server.httpProxy.redirectPort=8080 >> cas.server.httpProxy.proxyPort=8080 >> cas.server.httpProxy.attributes.attributeName=attributeValue >> >> >> >> >> >> On Friday, December 15, 2017 at 10:20:48 PM UTC+8, Jozef Kotlar - EEA.sk >> wrote: >>> >>> I think you should leave cas.server.httpProxy.secure=true, this is >>> actually setting on container connector the CAS is checking. >>> >>> >>> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b225a201-5aad-41db-b65c-5783ea4838eb%40apereo.org.
