Does anyone know how to do this on WildFly 9.0.2?
On Tuesday, February 9, 2016 at 10:33:57 AM UTC-5, tfpoage wrote:
>
> Another option with the httpd/Tomcat configuration is to use AJP.
>
> server.xml:
>
> protocol="AJP/1.3"
>address="127.0.0.1"
>
Another option with the httpd/Tomcat configuration is to use AJP.
server.xml:
httpd config (TLS-protected virtual host):
ProxyPass /cas/ ajp://localhost:8009/cas/
Depending on the amount of traffic, some tuning may be necessary wrt number of
httpd servers/threads and Tomcat connector thr
No problem, hope that it helps out!
OH - proxyport=443 is important too, forgot to list that one earlier.
Overall, this has worked beautifully for us :) And it makes it MUCH
simpler too because we now have one SSL cert to change in one place,
instead of having to redo java keystores on all of t
Thanks, this appears to be a neat solution :-)
Cheers,
Stephan
On Tue, Feb 9, 2016 at 2:59 PM, Christopher Myers
wrote:
> What we do is:
>
> internet(https) -> (https)load balancer(http) -> tomcat (http)
>
> Basically, the load balancer talks https to the internet and http to
> tomcat, doing t
What we do is:
internet(https) -> (https)load balancer(http) -> tomcat (http)
Basically, the load balancer talks https to the internet and http to
tomcat, doing the SSL offloading.
This is what the connector in our server.xml file looks like:
the important parts are the secure=true and sc
The ssl warning is actually good test to demonstrate that something is broken
and dysfunctional in your deployment. As Scott said, you will need to find a
way to relay the SSL context back to the application server. The warning shows
up only if that chain is broken. You’ll need to consult apach
My workaround was indeed to do this:
internet -[HTTPS]> load-balancer -[HTTP]> apache -[HTTPS]> tomcat...
I don't like it either, since it requires me fiddling around with the java
keystore and self-signed certificates, which is an administrative overhead
with no added value when it comes to secu
If something is fronting CAS that is terminating SSL, you should be able to
indicate to the servlet container hosting CAS that it really is a secure
connection. Does that not work? (sorry I can't remember the specifics of
it)
On Mon, Feb 8, 2016 at 12:52 PM, Robert wrote:
> Hi Misagh,
>
> Thank
Hi Misagh,
Thanks for your reply.
How can we enable SSO without HTTPS?
On Monday, February 8, 2016 at 12:20:57 PM UTC-5, Misagh Moayyed wrote:
>
>
> On Feb 8, 2016, at 8:14 PM, Robert >
> wrote:
>
> *Our current Production Setup*
>
> For CAS3.x.x having SSL was not required to support Single S
> On Feb 8, 2016, at 8:14 PM, Robert wrote:
>
> Our current Production Setup
>
> For CAS3.x.x having SSL was not required to support Single Sign On. This was
> perfect as we have Reverse Proxy Servers fronting our Application Server farm
> and it took care of providing all TLS for our user fa
*Our current Production Setup*
For CAS3.x.x having SSL was not required to support Single Sign On. This
was perfect as we have Reverse Proxy Servers fronting our Application
Server farm and it took care of providing all TLS for our user facing
interface. All handshake between the reverse-prox
11 matches
Mail list logo
