Multiple Web Applications, One CAS
Scott Battaglia
scott.battaglia at gmail.com
Thu Nov 20 13:13:09 EST 2008
I'm only referring to the fact that there is a configuration option on
mod_jk and I'm guessing mod_proxy_ajp to let Tomcat know that the original
request came over HTTPS (such that request.isSecure() returns true).
-Scott
-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
On Thu, Nov 20, 2008 at 12:49 PM, David Whitehurst
<dlwhitehurst at gmail.com>wrote:
> Scott:
>
> This pertains to an issue I might have to resolve. If SSL via Apache, then
> you only need to identify a 8443 connector and no keystore database, right?
> I'm used to fronting all JBoss servers with Apache and now my implementation
> is quite complicated. With AJP I can say 8009 directs to 8443. With HTTPS
> on an Apache machine (with AJP to CAS e.g.) and then communicating with a
> 8443 (HTTPS) connector directly, I'm having issue.
>
> Can you tell us exactly what it means to "make use Tomcat knows that SSL
> was enabled". I may be doing something wrong that's why I'm asking. I
> don't think so, but it doesn't hurt to ask. Also, I've seen some different
> connector configurations with all the versions of Tomcat.
>
>
> David
>
>
> On 11/20/08, Scott Battaglia <scott.battaglia at gmail.com> wrote:
>>
>> SSL via Apache is fine (just make sure Tomcat knows that SSL was enabled).
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>>
>> On Thu, Nov 20, 2008 at 12:05 PM, Timothy Tagge <tplimited at gmail.com>wrote:
>>
>>> That did the trick. Thanks.
>>>
>>> As a follow up question, is this requirement strictly for Tomcat SSL,
>>> or can it be SSL via Apache instead?
>>>
>>> On Wed, Nov 19, 2008 at 1:52 PM, Scott Battaglia
>>> <scott.battaglia at gmail.com> wrote:
>>> > Are you running over HTTP or HTTPS? We only send the session cookie
>>> > back over HTTPS.
>>> >
>>> > -Scott
>>> >
>>> > -Scott Battaglia
>>> > PGP Public Key Id: 0x383733AA
>>> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>> >
>>> >
>>> >
>>> > On Wed, Nov 19, 2008 at 2:45 PM, Timothy Tagge <tplimited at gmail.com>
>>> wrote:
>>> >> Hi,
>>> >> I've configured CAS 3.3.1 and CAS client 2.0.11 to authenticate for
>>> >> two different webapps running on the same instance of Tomcat 5.5.27.
>>> >> For now, I've set the Filter for both to /* so that all requests to
>>> >> those apps need to be authenticated. When going to any URL on App A,
>>> >> CAS is prompting for a Login. This is expected. After successful
>>> >> login, the requested page from App A is shown. The problem I'm having
>>> >> is that linking from App A to App B is causing the CAS login screen to
>>> >> come up once again. Instead of this behavior, I was expecting that
>>> >> the user would already be logged in to both App A and App B. Am I
>>> >> missing something in the documentation, or does CAS not support this
>>> >> type of configuration? Thanks.
>>> >>
>>> >> Tim Tagge
>>> >> _______________________________________________
>>> >> Yale CAS mailing list
>>> >> cas at tp.its.yale.edu
>>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>>> >>
>>> > _______________________________________________
>>> > Yale CAS mailing list
>>> > cas at tp.its.yale.edu
>>> > http://tp.its.yale.edu/mailman/listinfo/cas
>>> >
>>> _______________________________________________
>>> Yale CAS mailing list
>>> cas at tp.its.yale.edu
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>>
>> _______________________________________________
>> Yale CAS mailing list
>> cas at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20081120/07162b2e/attachment.html
More information about the cas
mailing list