Joe
You mention that it's not easy to force a redirect to the SSL port with
most web servers.
There's a way you can achieve this in a Java web application (ie Mid
Tier). Find the web.xml and add the following to the end of the file,
immediately prior to </web-app>:
<security-constraint>
<web-resource-collection>
<web-resource-name>Mid Tier</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
When a browser accesses http://host/arsys/jss-sso/index.jsp or
http://host:8080/arsys/jss-sso/index.jsp etc, Tomcat sends an HTTP 302
redirect, ie the HTTP header:
Location: https://host:8443/arsys/jss-sso/index.jsp
This is much neater than a Javascript/client-side redirect.
John
--
JSS SSO Plugin for BMC ITSM, AR System, and more
http://www.javasystemsolutions.com/jss/ssoplugin
_______________________________________________________________________________
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
"Where the Answers Are, and have been for 20 years"