I also met the installation problem using CAS with LDAP
Can you explain more briefly about how to disable using SSL for authenication?
1. I set the "secure " property to false.
2. Do I also need to comment out "
HttpBasedServiceCredentialsAuthenticationHandler " and
baseEnvironmentProperties? As follow,
<!-- <bean
class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
/>
+-->
<bean id="contextSource"
class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
<property name="authenticatedReadOnly" value="true" />
<property name="password" value="secret" />
<property name="pooled" value="true" />
<property name="urls" value="ldap://plk.org:389";</value>
<property name="userName" value="cn=Manager" />
</bean>
Thanks,
Albert
"Scott Battaglia" <[EMAIL PROTECTED]> ???????:[EMAIL PROTECTED]
You can deploy the CAS Server without SSL and it will function fine. The only
change would be:
1. In the cas-servlet.xml, the two cookie generators need the "secure"
property set to false.
2. If you plan on doing proxy callback to clients without SSL, the
HttpBasedServiceCredentialsAuthenticationHandler needs to be configured to
allow non-https urls. Its a property on the handler.
I believe that is everything for the server. On the clients, it depends on
the client. For the Yale CAS Client, there is a hardcoded check for https that
would need to be removed.
-Scott
On 5/1/07, webzo <[EMAIL PROTECTED]> wrote:
I have some questions about CAS and SSL.
What parts of CAS actually require SSL? The client (CASFilter) seems to
require that the validateUrl callback be "https" rather than "http". How about
the server side? What parts there require SSL be used? The reason for these
questions are that I am trying to find out if there is a way to use CAS without
installing certificates. I know, Scott, Andrew and others on this forum have
stated many times that CAS should be used with SSL. Still, I am in a situation
where I need to use CAS with out any certificates being installed (because it
is going to be hard to install it on the system in question).
I saw a message (
http://tp.its.yale.edu/pipermail/cas/2006-April/002652.html) where the
implication seemed to be that SSL can be disabled with code changes. Can
someone (Scott?) please provide more information on how to do this?
Thanks
----------------------------------------------------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check out new cars at Yahoo! Autos.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
------------------------------------------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
