How to enable CAS without SSL

This is a tiny tutorial on steps required to enable CAS (Jasig, v3.4x ) single-sign-out without SSL. These are the steps involved to remove dependency on SSL –

  1. Use HTTP urls (instead of HTTPS ones) in all client configurations.
  2. Edit [CAS-server-deployment-root]/ WEB-INF/ spring-configuration/ ticketGrantingTicketCookieGenerator.xml
    1. Change the value of attribute “p:cookieSecure” to false.
  3. Edit [CAS-server-deployment-root]/ WEB-INF /spring-configuration/ warnCookieGenerator.xml
    1. Change the value of attribute “p:cookieSecure” to false.

The CAS authentication and SSO should work without problems on plain HTTP now.

Leave a Reply

Your email address will not be published. Required fields are marked *


* Copy This Password *

* Type Or Paste Password Here *

68,488 Spam Comments Blocked so far by Spam Free Wordpress

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>