Re: [cas-user] Database setup for Service Management

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think confirmation that CAS can, and will create the tables needed might be enough. If not, I will get back to you. Thank you very much. Jeff Marvin Addison wrote: The problem is that my DBA wants me to tell him the requirements for the

Re: [cas-user] algorithm used for ticket encryption.

CAS tickets are an opaque identifier generated by using a combination of prefix, random string (using SecureRandom) and (optional) suffix. You can find more about the protocol here: http://www.jasig.org/cas/protocol Cheers, Scott On Thu, Feb 4, 2010 at 6:53 AM, Prerana Chauhan

[cas-user] Where to place change password?

Is CAS the appropriate place to allow users to change their password? If so, where would that code belong? Thanks, Marianne Marianne Tromp Software Developer, part-time IT - applications 805.654-7781 City of Ventura -- You are currently subscribed to cas-user@lists.jasig.org as:

[cas-user] Where to host the SSL Certificate in clustered CAS?

Hello, We are in the process of implementing CAS in a four-node cluster behind a Netscaler VIP. What is the best practice for hosting the SSL certificate? Do we host it on VIP or the servers? If the VIP is accepting request on port 443, do we forward that request to CAS server port 8443 (SSL) or

Re: [cas-user] Where to host the SSL Certificate in clustered CAS?

What is the best practice for hosting the SSL certificate? There's no best practice here. If you want to leverage the SSL offloading capabilities of your load balancing hardware, host the certificate on the LB and forward the request to a non-SSL port on the application server. If you feel the

Re: [cas-user] Where to host the SSL Certificate in clustered CAS?

It's really your call. If Netscaler can handle SSL in hardware, it would be able to offload the CAS servers from encryption processing. The beauty of this approach is that you only have one certificate and one host that has to match the name in the certificate. Since CAS cluster commonly

Re: [cas-user] Where to place change password?

In general I would say that CAS is not the appropriate place if you already have a system in place to change passwords. We've modified the login page to include a link to our local password change application. Pat On Thu, Feb 4, 2010 at 9:37 AM, Tromp,Marianne mtr...@ci.ventura.ca.uswrote: Is

Re: [cas-user] ClearPass Exception java.lang.String cannot be cast to [Ljava.lang.String;

Which CAS server version are you using? I think this was fixed in 3.1.7 http://www.ja-sig.org/issues/browse/CASC-88 Bill On Thu, Feb 4, 2010 at 7:05 PM, Alex Barker abar...@callutheran.edu wrote: I keep getting the attached stack trace when I try to forward the ticket returned by

Re: [cas-user] Where to host the SSL Certificate in clustered CAS?

Dear all, If I am not mistaken CAS is using a secure cookie called CASTGC to enable Single Sign On by tracing CAS login. If you tried to load SSL to LB and redirect http to the application server, I am afraid the Single Sign On might be affected. A cheaper way is to buy one SSL certificate which

Re: [cas-user] Where to host the SSL Certificate in clustered CAS?

We terminate SSL at our Cisco ACE and we have no issues with TGTs. Cheers, Scott On Thu, Feb 4, 2010 at 10:53 PM, Azhar K Mustapha azhark.musta...@gmail.com wrote: Dear all, If I am not mistaken CAS is using a secure cookie called CASTGC to enable Single Sign On by tracing CAS login. If

Re: [cas-user] Where to host the SSL Certificate in clustered CAS?

Dear Scott, Thanx for the info. Azhar On Fri, Feb 5, 2010 at 12:06 PM, Scott Battaglia scott.battag...@gmail.comwrote: We terminate SSL at our Cisco ACE and we have no issues with TGTs. Cheers, Scott On Thu, Feb 4, 2010 at 10:53 PM, Azhar K Mustapha azhark.musta...@gmail.com wrote: