Hi Andrew, I think it will be why you are seeing that error. There is a check in the default JSP which displays that message if the connection isn't secure:
<c:if test="${not pageContext.request.secure}">
<div class="errors">
<p>You are currently accessing CAS over a non-secure connection. Single Sign
on WILL NOT WORK. In order to have single sign on work, you MUST log in over
HTTPS.</p>
</div>
</c:if>
I have a question for you re the SSL offload though. We're deploying the same
architecture you describe and I'm having problems today where-by CAS (for some
reason I've yet to get to the bottom of) is performing a redirect back to the
login page. The redirect is over HTTP which our load balancers are not
configured to support and we get and error. So I wanted to ask how your
architecture would manage a 302 redirect response from CAS back to itself which
would have a Location header URL starting http://<http:///> and not
https://.<https://./>
Thanks,
Matt
________________________________
From: Tillinghast, Andrew P. [atill...@conncoll.edu]
Sent: 30 September 2011 17:55
To: cas-user@lists.jasig.org
Subject: [cas-user] SSL offload and HTTPS warning?
We've updated our CAS to 3.4.10, now in the default login view we get a warning
"You are currently accessing CAS over a non-secure connection. Single Sign on
WILL NOT WORK. In order to have single sign on work, you MUST log in over
HTTPS." But in fact from the client we are connecting via HTTPS, but we have
the SSL offloaded by the load balancer so the connection from the load balancer
to CAS isn't HTTPS.
Is this the cause of the error? We don't have that warning in the JSP of our
custom views and we have no problems with them.
[cid:F8B24B6E-EF79-46ED-A7B3-74A246C38A3F@conncoll.edu]
Andrew Tillinghast
Sr. Web Developer
atill...@conncoll.edu<mailto:atill...@conncoll.edu>
270 Mohegan Avenue
New London, CT 06320-4196
Ph:860 439-5265 Fax: 860 439-2871
P Think before you print
CONFIDENTIALITY: This email (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this email in error, please
notify the sender and delete this email from your system.
--
You are currently subscribed to cas-user@lists.jasig.org as: matt.k...@bskyb.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Information in this email including any attachments may be privileged,
confidential and is intended exclusively for the addressee. The views expressed
may not be official policy, but the personal views of the originator. If you
have received it in error, please notify the sender by return e-mail and delete
it from your system. You should not reproduce, distribute, store, retransmit,
use or disclose its contents to anyone. Please note we reserve the right to
monitor all e-mail communication through our internal and external networks.
SKY and the SKY marks are trade marks of British Sky Broadcasting Group plc and
are used under licence. British Sky Broadcasting Limited (Registration No.
2906991), Sky Interactive Limited (Registration No. 3554332), Sky-In-Home
Service Limited (Registration No. 2067075) and Sky Subscribers Services Limited
(Registration No. 2340150) are direct or indirect subsidiaries of British Sky
Broadcasting Group plc (Registration No. 2247735). All of the companies
mentioned in this paragraph are incorporated in England and Wales and share the
same registered office at Grant Way, Isleworth, Middlesex TW7 5QD.
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user<<inline: image.png>>
