*Our current Production Setup*
For CAS3.x.x having SSL was not required to support Single Sign On. This was perfect as we have Reverse Proxy Servers fronting our Application Server farm and it took care of providing all TLS for our user facing interface. All handshake between the reverse-proxy server and JBOSS/ IBM WAS server farm was “as if” no SSL was in place. This also helped us immensely in terms of performance, as all SSL encryption/decryption was handled on our Reverse Proxy Servers. And helped cut cost for our clients in terms of maintaining and purchasing certificates to bare essential. *Now, we are trying to work with CAS4 * We found out that it requires HTTPS or else Single Sign On just won’t work. Can you help us understand as to how do we make this new solution work within our production sites? 1. Will this not force us to have certificates deployed on each and every Application Server? How do we make our clients understand the cost benefit of doing so when having Reverse Proxy Fronting was already taking care of this? 2. What happens where the server farms are running behind 3-Zone architecture? 3. What would be performance hit on Application Server when during peak load the server would also have to deal with TLS over and above the work that it is currently supposed to be handling? Can we turn off this HTTPS requirement to support SSO with CAS4? If so can you help us as to where to begin. Our situation has become very urgent, so we don't mind if we have to write Java code and change XML configuration. Thanks for your help. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
