CAS 5 behind haproxy shows "Non-secure Connection"

284 views
Skip to first unread message

Tim McLaughlin

unread,
Feb 13, 2017, 5:15:41 PM2/13/17
to cas-...@apereo.org

Hello,

 

I have set up CAS 5.0.2 in Tomcat behind haproxy, with haproxy handling the SSL termination.  The connections to the user are https, but between haproxy and the CAS service it is just http.

 

Is there a way to tell CAS that this is OK?  I would like to avoid managing certificates in the container.

 

Thanks,

Tim McLaughlin

RJ SSO

unread,
Feb 13, 2017, 11:52:10 PM2/13/17
to cas-...@apereo.org
Tim,

Tomcat should be listening on HTTPS, though HAProxy listens on HTTPS for the front end URL.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/78FD080A-73FA-4F36-AADF-1CFADBF367DB%40wwu.edu.

Jozef Kotlar - EEA.sk

unread,
Feb 15, 2017, 9:39:15 AM2/15/17
to CAS Community
You can persuade Tomcat that connector is secure defining <Connector ... secure="true" />.

Jozef

Tim McLaughlin

unread,
Feb 15, 2017, 11:38:33 AM2/15/17
to cas-...@apereo.org

This is great -- thank you!

--

- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f0cefa91-1158-4899-9db8-bf4f173c2e1f%40apereo.org.

yv Mu

unread,
Mar 1, 2017, 1:57:54 AM3/1/17
to CAS Community
I' m facing the same problem, unfortunately, I'm using embeded tomcat.
Do you know how to configure the attribute for http connector in embeded tomcat?
I'm using v5.0.2, and I didn't found such property in official doc, also it doesn't seems possible to configure it (through the source code I can see).

dkopy...@unicon.net

unread,
Mar 1, 2017, 3:48:30 AM3/1/17
to cas-...@apereo.org
--

- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.

yv Mu

unread,
Mar 5, 2017, 7:16:27 AM3/5/17
to cas-...@apereo.org
Thx!
I don't wanna recompile, but seems no magic way to do.

To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b8ec26d8-35f3-4c16-a0b1-9a88dd592e97%40Spark.

Reply all
Reply to author
Forward
0 new messages