Dmitry, I believe that we are operating in a similar environment as you regarding SSL offloading. We use Tomcat here, and I am willing to help you figure out how to get this working if you are interested.
Jeff On Wed, Aug 24, 2011 at 11:39 AM, Dmitry Kudrenko <dmi...@ardas.dp.ua> wrote: > Thank you very much for quick and very helpful answers. I will check. > -- > Regards, Dmitry > > > 2011/8/24 Marvin Addison <marvin.addi...@gmail.com> >> >> > Does it mean that if all my applications accessible over HTTPS even on >> > different >> > domains SSO will work? >> >> The CAS clients can be on any number of domains; but there's no way to >> scope the CAS SSO cookie to anything other than the domain where the >> CAS server lives. >> >> > I have network configuration, where I have firewall and balancer which >> > receives https:// but in internal network redirect via http. Do you >> > think it >> > can be a problem or not? >> >> The only requirement is that the hosts _think_ they are over a secure >> channel. The definitive test is that >> >> http://download.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html#isSecure%28%29 >> returns true for a Java application. I don't operate in this kind of >> environment, but I believe there are configuration knobs you can turn >> to make the host to believe it's secure even if the server connection >> handler isn't terminating SSL. >> >> > Is it possible in test mode switch off "secure" flag? >> >> Yes, see the SSL section of >> https://wiki.jasig.org/display/CASUM/Securing+Your+New+CAS+Server. >> >> M >> >> -- >> You are currently subscribed to cas-user@lists.jasig.org as: >> dmi...@ardas.dp.ua >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > jeff.cha...@uni.edu > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- Jeff Chapin, Assistant Systems/Applications Administrator ITS-IS, University of Northern Iowa Phone: 319-273-3162 Email: jeff.cha...@uni.edu -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
