CAS, acegi security and SSL issues

Fri Jan 5 08:27:22 EST 2007

Yes, sorry.  I forgot that the cookieSecure would need to  be set to false.

-Scott

On 1/5/07, ??? <javaee at open-v.com> wrote:
>
>  CAS 3.0.6 should be able to run perfectly fine without any modifications
> in a non-secure environment (though we don't recommend transmitting
> passwords over non-SSL connections since they are passed in plaintext).
>
> hi, Scott Battaglia <scott.battaglia at gmail.com>
>
> Above: if not using ssl, can web sso session ok? as far as i know, the
> TGC(CASTGC Cookie) will not transfer to cas server. if i still want using
> web sso, and not using ssl,the following CookieGenerators's cookieSecure
> should be false?
>
>  <bean id="warnCookieGenerator" class="
> org.springframework.web.util.CookieGenerator">
>   <property name="cookieSecure" value="true" />
>   <property name="cookieMaxAge" value="-1" />
>   <property name="cookieName" value="CASPRIVACY" />
>   <property name="cookiePath" value="/cas" />
>  </bean>
>
>  <bean id="ticketGrantingTicketCookieGenerator"
>
>   class="org.springframework.web.util.CookieGenerator">
>   <property name="cookieSecure" value="true" />
>   <property name="cookieMaxAge" value="-1" />
>   <property name="cookieName" value="CASTGC" />
>   <property name="cookiePath" value="/cas" />
>  </bean>
>
> Thanks a lot.
>
>
> ÂÞÊ±·É
>
> ¶ÀÁ¢Java EE¹ËÎÊ
>
> http://www.open-v.com
>
> ×¨×¢ÓÚJava EEÆ½Ì¨¡¢Ãô½Ý·½·¨¼°Open Source¼¼Êõ×ÉÑ¯
>
> ÍØ¿íÊÓÒ°£¬±¼Ïò³É¹¦
> Open View, Victory Open
>
> E_mail: j2eebeans at yahoo.com.cn »ò javaee at open-v.com
>
> ÁªÏµµç»°£º(0)13710186446
>
> ----- Original Message -----
> *From:* Scott Battaglia <scott.battaglia at gmail.com>
> *To:* Yale CAS mailing list <cas at tp.its.yale.edu>
> *Sent:* Friday, January 05, 2007 8:42 PM
> *Subject:* Re: CAS, acegi security and SSL issues
>
> CAS 3.0.6 should be able to run perfectly fine without any modifications
> in a non-secure environment (though we don't recommend transmitting
> passwords over non-SSL connections since they are passed in plaintext).
>
> However, the most recent versions of Acegi use the Yale Java Client (not
> the newer JA-SIG Client) which hardcodes a requirement for SSL within the
> SecureURL.java file.  This would need to be modified and then re-compiled.
>
>
> -Scott
>
> On 1/5/07, Obel.Volker.ext at deutsche-boerse.com <Obel.Volker.ext at deutsche-boerse.com>
> wrote:
> >
> >
> > Hello all,
> >
> > I just deal with the integration of an actually acegi secured web
> > application and CAS 3.06.
> >
> > No Proxyvalidation is needed.
> >
> > No SSL should be used in any traffic between web application and CAS
> > server, because both servers are located in a dmz and are not visible
> > ouside. Network admins don't allow ssl there.
> >
> > Has anybody ideas ore configurations out of the box or at least some
> > hints or documentation?
> >
> > Many thanks
> >
> > Volker
> >
> > ------------------------------
> >
> >
> > *
> > Diese E-Mail enthaelt vertrauliche oder rechtlich geschuetzte
> > Informationen.
> > Wenn Sie nicht der beabsichtigte Empfaenger sind, informieren Sie
> > bitte
> > sofort den Absender und loeschen Sie diese E-Mail. Das unbefugte
> > Kopieren
> > dieser E-Mail oder die unbefugte Weitergabe der enthaltenen
> > Informationen
> > ist nicht gestattet.
> >
> > The information contained in this message is confidential or
> > protected by
> > law. If you are not the intended recipient, please contact the
> > sender and
> > delete this message. Any unauthorised copying of this message or
> > unauthorised distribution of the information contained herein is
> > prohibited.
> > *
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>  ------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070105/1e3f1741/attachment.html