How to enable CAS without SSL

This is a tiny tutorial on steps required to enable CAS (Jasig, v3.4x ) single-sign-out without SSL. These are the steps involved to remove dependency on SSL –

  1. Use HTTP urls (instead of HTTPS ones) in all client configurations.
  2. Edit [CAS-server-deployment-root]/ WEB-INF/ spring-configuration/ ticketGrantingTicketCookieGenerator.xml
    1. Change the value of attribute “p:cookieSecure” to false.
  3. Edit [CAS-server-deployment-root]/ WEB-INF /spring-configuration/ warnCookieGenerator.xml
    1. Change the value of attribute “p:cookieSecure” to false.

The CAS authentication and SSO should work without problems on plain HTTP now.

Kj [/.] Sreekumar programs computers as a hobby and profession. Into programming from his school days, Sree uses Codemarvels to key in facts and fixes he finds interesting while working on different projects. Some of the articles here give away a few shades of his philosophical leanings too.

Leave a Comment

Your email address will not be published. Required fields are marked *