Timothy: I've had nothing but troubles of a similar sort. Consider this;
1. HTTPS to initial URL with service sends cert from Apache server or Tomcat CAS server to user browser. 2. The CAS client code creates a brand new HTTPS request back to the CAS server or Apache (if used) the same cert is coming in the direction of the CAS client. So, Java has to 'trust' that certificate. And, if the connector at the service application server is HTTP, the initial request won't just remain HTTPS. 3. After CAS authenticates the user, and acknowledges the CAS client that things are okay, the service application content (HTTPS) will come if that server is hosting an HTTPS connector. If it is, Tomcat will send his certificate to the user browser. HTH David On Thu, Jan 22, 2009 at 6:02 PM, Timothy Tagge <tplimi...@gmail.com> wrote: > > https://securetools.homefinder.com/SSO/login?service=https%3A%2F%2Fsecuretools.homefinder.com%2FAAT%2FeditAgent.do > > This service URL points to a controller, which then does a redirect to > a jsp page after processing, doing lookups etc. > > I'm starting to think that since it the browser shows the correct jsp > page, just minus the https, that CAS is not the issue. Perhaps it > could be Apache or Tomcat assuming http somehow. > > On Thu, Jan 22, 2009 at 4:07 PM, Scott Battaglia > <scott.battag...@gmail.com> wrote: > > What is the actual service url on the CAS server? i.e. > > http://my.server.com/login?service=FOO > > > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Thu, Jan 22, 2009 at 4:40 PM, Timothy Tagge <tplimi...@gmail.com> > wrote: > >> > >> I added some log statements to the constructServiceUrl method of > >> CommonUtils which show the correct service. This filter is on the > >> application that attempts to load on http instead of the requested > >> https. > >> > >> public static final String constructServiceUrl(final HttpServletRequest > >> request, > >> final > >> HttpServletResponse response, final String service, final String > >> serverName, final String artifactParameterName, final boolean encode) > >> { > >> System.out.println("service:" + service); > >> System.out.println("serverName:" + serverName); > >> System.out.println("artifactParameterName:" + > >> artifactParameterName); > >> System.out.println("encode:" + encode); > >> > >> > >> The results of these statements..... > >> service:null > >> serverName:https://securetools.server.com > >> artifactParameterName:ticket > >> encode:true > >> > >> > >> One more thing I would add is that I'm using a host file on these > >> servers so that certificates can be shared over several servers (dev, > >> int, qa, etc) > >> > >> On Tue, Jan 20, 2009 at 9:21 PM, Scott Battaglia > >> <scott.battag...@gmail.com> wrote: > >> > What's the service url being passed to CAS? > >> > i.e. /login?service=FOO > >> > > >> > -Scott > >> > > >> > -Scott Battaglia > >> > PGP Public Key Id: 0x383733AA > >> > LinkedIn: http://www.linkedin.com/in/scottbattaglia > >> > > >> > > >> > On Mon, Jan 19, 2009 at 5:07 PM, Timothy Tagge <tplimi...@gmail.com> > >> > wrote: > >> >> > >> >> CAS Server 3.3 > >> >> CAS Client 3.1.3 > >> >> Tomcat 5.1.15 > >> >> > >> >> Sending a redirect to > >> >> https://servername/AAT/doSomething.do > >> >> is ending up on > >> >> http://servername/AAT/doSomething.do > >> >> > >> >> > >> >> > >> >> Contents of web.xml CAS setup for AAT ... > >> >> > >> >> <!-- Filter Definitions > >> >> ***************************************************--> > >> >> <filter> > >> >> <filter-name>CAS Single Sign Out Filter</filter-name> > >> >> > >> >> > >> >> > <filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class> > >> >> </filter> > >> >> <filter> > >> >> <filter-name>CAS Authentication Filter</filter-name> > >> >> > >> >> > >> >> > > <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> > >> >> <init-param> > >> >> <param-name>casServerLoginUrl</param-name> > >> >> > >> >> <param-value>https://servername/SSO/login</param-value> > >> >> </init-param> > >> >> <init-param> > >> >> <param-name>serverName</param-name> > >> >> <param-value>https://servername > </param-value> > >> >> </init-param> > >> >> </filter> > >> >> <filter> > >> >> <filter-name>CAS Validation Filter</filter-name> > >> >> > >> >> > >> >> > > <filter-class>org.jasig.cas.client.validation.Cas10TicketValidationFilter</filter-class> > >> >> <init-param> > >> >> <param-name>casServerUrlPrefix</param-name> > >> >> > >> >> <param-value>https://servername/SSO</param-value> > >> >> </init-param> > >> >> <init-param> > >> >> <param-name>serverName</param-name> > >> >> <param-value>https://servername > >> >> </param-value> > >> >> </init-param> > >> >> <init-param> > >> >> <param-name>useSession</param-name> > >> >> <param-value>true</param-value> > >> >> </init-param> > >> >> </filter> > >> >> <filter> > >> >> <filter-name>CAS HttpServletRequest Wrapper > >> >> Filter</filter-name> > >> >> > >> >> > >> >> > > <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class> > >> >> </filter> > >> >> > >> >> <!-- Filter mappings > >> >> *************************************************--> > >> >> <filter-mapping> > >> >> <filter-name>CAS Single Sign Out Filter</filter-name> > >> >> <url-pattern>*.do</url-pattern> > >> >> </filter-mapping> > >> >> <filter-mapping> > >> >> <filter-name>CAS Authentication Filter</filter-name> > >> >> <url-pattern>*.do</url-pattern> > >> >> </filter-mapping> > >> >> > >> >> <filter-mapping> > >> >> <filter-name>CAS Validation Filter</filter-name> > >> >> <url-pattern>*.do</url-pattern> > >> >> </filter-mapping> > >> >> > >> >> <filter-mapping> > >> >> <filter-name>CAS HttpServletRequest Wrapper > >> >> Filter</filter-name> > >> >> <url-pattern>*.do</url-pattern> > >> >> </filter-mapping> > >> >> > >> >> <!-- Listeners > >> >> *************************************************************--> > >> >> <listener> > >> >> > >> >> > >> >> > > <listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class> > >> >> </listener> > >> >> _______________________________________________ > >> >> Yale CAS mailing list > >> >> cas@tp.its.yale.edu > >> >> http://tp.its.yale.edu/mailman/listinfo/cas > >> > > >> > > >> > _______________________________________________ > >> > Yale CAS mailing list > >> > cas@tp.its.yale.edu > >> > http://tp.its.yale.edu/mailman/listinfo/cas > >> > > >> > > >> _______________________________________________ > >> Yale CAS mailing list > >> cas@tp.its.yale.edu > >> http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > _______________________________________________ > > Yale CAS mailing list > > cas@tp.its.yale.edu > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > _______________________________________________ > Yale CAS mailing list > cas@tp.its.yale.edu > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
