CAS with Load balancer

Scott Battaglia scott.battaglia at gmail.com
Wed Sep 6 08:01:11 EDT 2006 

That's because the parameter is service not destination :-)

-Scott

On 9/6/06, tom tom <j_lalith at yahoo.com> wrote:
>
>
> Yes agreed,
>
> We made the load balancer as the SSL end point and kept all the
> certificates
> there, also configured the loadbalancer to work accordindly.
> That works fine.
>
> Different question.
>
> We call the call logout from uPortal as follows
>
>
> https://localhost:8443/cas/logout?destination=https://localhost:8443/cas/login%3Fdestination=http://localhost:8080/uPortal/Login
>
> but it does not redirect to the uPortal home page,
>
>
>
>
>
> Scott Battaglia-2 wrote:
> >
> > You only need to modify the
> > HttpBasedServiceCredentialsAuthenticationHandler
> > configuration if you are using Proxying and your client application is
> > over
> > HTTP (obviously, we don't recommend running them over HTTP).  You would
> > need
> > to set the requireSecure property to false (but again we don't recommend
> > it
> > as there is nothing to confirm the validity of the server then).
> >
> > For the CAS cookies, you would need to look in the cas-servlet.xml for
> > cookiegenerators and set their "secure" property to false.
> >
> > -Scott
> >
> > On 9/4/06, tom tom <j_lalith at yahoo.com> wrote:
> >>
> >>
> >> Can you let meknow which configuration are u talking about in item 1
> >> which
> >> you have stated.
> >>
> >> What is meant by item 2 , does it mean we need to change the
> >> HttpBasedServiceCredentialsAuthenticationHandler in the core  CAS, to
> >> facilitate the
> >> HTTP service validate URLs
> >>
> >> We allready changed the CAS client to get rid of the http check but
> need
> >> clarifications on above items.
> >>
> >> Thanks
> >>
> >>
> >>
> >> Scott Battaglia-2 wrote:
> >> >
> >> > The CAS Server never enforces HTTPS except in two scenarios:
> >> > 1. By default its cookiegenerators are designed to only send secure
> >> > cookies
> >> > (This can be changed in the configuration).
> >> >
> >> > 2.  The Proxy callback authentication check is HTTPS (but that can be
> >> > swapped out).
> >> >
> >> > On the other hand, the Yale CAS Client enforces HTTPS in its
> retrieval
> >> of
> >> > web pages, so you'd have to modify the client to not use HTTPS.
> >> >
> >> > -Scott
> >> >
> >> > On 9/3/06, tom tom <j_lalith at yahoo.com> wrote:
> >> >>
> >> >>
> >> >> We are using CAS 3.03,
> >> >>
> >> >> When CAS is on production with a loadbalancer (like BigIP), is there
> a
> >> >> property setting in CAS, so that we can
> >> >> enforce HTTP request from the CAS virtual node on load balander to
> >> Actual
> >> >> CAS server (service validate url).
> >> >>
> >> >> Reason for the above question is...........
> >> >>
> >> >> our uPortal web.xml got the following entry, works ok when requests
> >> goes
> >> >> from the actual uPortal instance to virtual uPortal node on F5, but
> >> when
> >> >> F5
> >> >> rout to the Actual Cas server it is a HTTP hit (as our load balancer
> >> is
> >>
> >> >> set
> >> >> up as such),
> >> >>
> >> >> I know the service validate url should be HTTPs but when the CAS is
> >> >> running
> >> >> with loadbalancer with all of the hardware accelarators (also in a
> >> secure
> >> >> network) Cant we  make the validate URL http.
> >> >>
> >> >>
> >> >> Is com.discursive.cas.extend.client.filter.serviceScheme which is in
> >> >> EXTENDED CAS CLIENT something to do with this?
> >> >>
> >> >> .......
> >> >>
> >> >> <param-name>
> >> >>
> >> >> edu.yale.its.tp.cas.client.filter.validateUrl
> >> >>                         </param-name>
> >> >>                         <param-value>
> >> >>                                 https://<virutal cas node on load
> >> >> balancer>/cas/serviceValidate
> >> >>                         </param-value>
> >> >>
> >> >> ..............
> >> >>
> >> >>
> >> >>
> >> >> Is this something possible? Should this be done other way?
> >> >>
> >> >> Thanks
> >> >> --
> >> >> View this message in context:
> >> >> http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6129270
> >> >> Sent from the CAS Users forum at Nabble.com.
> >> >>
> >> >> _______________________________________________
> >> >> Yale CAS mailing list
> >> >> cas at tp.its.yale.edu
> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >> >>
> >> >
> >> > _______________________________________________
> >> > Yale CAS mailing list
> >> > cas at tp.its.yale.edu
> >> > http://tp.its.yale.edu/mailman/listinfo/cas
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >> http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6144550
> >>
> >> Sent from the CAS Users forum at Nabble.com.
> >>
> >> _______________________________________________
> >> Yale CAS mailing list
> >> cas at tp.its.yale.edu
> >> http://tp.its.yale.edu/mailman/listinfo/cas
> >>
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/CAS-with-Load-balancer-tf2213048.html#a6165509
> Sent from the CAS Users forum at Nabble.com.
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060906/4ddafe6e/attachment.html

More information about the cas mailing list