Urgent : Remote SSO Server and Session forwarding in the new Browser

Scott Battaglia scott.battaglia at gmail.com
Tue Jan 16 23:13:12 EST 2007 

Hi,

In response to your questions:

1.  We recommnd you use SSL on the CAS  server (and CAS clients).  You can
either purchase a commercial certificate (i.e. from VeriSign) or create a
self-signed certificates.  Self-signed certificates (where the cn equals the
host name) are not implicitly trusted by the JVM and thus must be added to
the cacerts file.  This page details how to do that:

http://www.ja-sig.org/products/cas/server/ssl/index.html

2.  Are you authenticating over SSL?  If not, the cookie to enable single
sign on is not sent back to the browser, forcing re-authentication each
time.

-Scott


On 1/15/07, deepthi <deepthi at pramati.com> wrote:
>
> Hi All
>
> I have a requirement of enabling SSO on my product wherein if I use an
> SSO server for authentication, my product should not see its login page,
> rather go to some SSO server for authentication. And for this I use CAS
> as my SSO Server. I use some databas details for performing the
> authenication. Everything is set-up and its working perfectly.
>
> I have 2 queries here.
>
> 1) For the CAS server to work remotely i.e., if I want the SSO server
> running one one machine and I want other machines to access it and use
> it for validating, I need to create the certificate with the name of the
> machine where my SSO Server is running and I need to put the cacerts in
> the jre\lib\security . Is this the actual procedure to be followed? If
> so, may I know the reason behind it? I am not sure why we are doing this.
>
> 2) After getting authenticated, I see the success.jsp. I put 2 links(two
> different applications) on this page. The user who just logged-in have
> an access to use both of them. But if I try to open the applications in
> 2 different browsers, CAS sends me the login page again. This means that
> the session is not carried to the new window. But I dont want to see
> this. Is there any point wherein I can enable on the CAS end so that the
> session can be carried forward to another browser. Heard that CAS 3.0
> handles this. I am not sure of that too. My current version of CAS is
> 2.0.12
>
> Thanks a lot!
> Deepthi K
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070116/c3cc4fb6/attachment.html

More information about the cas mailing list