[07:31:33 CDT(-0500)] <ries> Good morning, I have a other related question to CAS. Is it up to CAS to allow/dely access to specific applications, even though the user is logged in. or is ut up to the application to say 'I know Scott, but you cannot access me'.
[07:31:48 CDT(-0500)] <ries> I am trying the understand the wiki here : https://wiki.jasig.org/display/CAS/Home
[07:31:59 CDT(-0500)] <ries> but it doesn't mention that
[07:32:47 CDT(-0500)] <wgthom> authZ is up to the app
[07:34:47 CDT(-0500)] <ries> wgthom: ok thanks...
[09:02:11 CDT(-0500)] <kickehy> I'm having trouble getting ssl to work with tomcat (using guide http://tinyurl.com/3v94ayy ) The only thing that i'm confused about in the server.xml file is the keystoreFile part...i imported my cert into cacerts and copied that file over to the conf tomcat folder (as the example did), but when I stop/start tomcat, I absolutely can't get to https://server:8443 Now, if I go to http://server:8080 it works, I must be missing something
[09:02:44 CDT(-0500)] <kickehy> I don't even get a response back from my cas server
[09:03:35 CDT(-0500)] <wgthom> make sure you have the ssl connecter in server.xml uncommented
[09:03:38 CDT(-0500)] <kickehy> and i changed the keystore to "conf/cacerts"
[09:03:51 CDT(-0500)] <kickehy> i'll double check here...
[09:04:27 CDT(-0500)] <kickehy> all good
[09:04:35 CDT(-0500)] <serac> The output of $TOMCAT_HOME/logs/localhost.log will have details.
[09:05:42 CDT(-0500)] <serac> I need to add a note to that page that discusses filesystem permissions for the keystore file.
[09:05:52 CDT(-0500)] <serac> It contains a private key, so security matters.
[09:06:10 CDT(-0500)] <serac> That's fundamentally different from the system key/truststore that contains exclusively certs by default.
[09:09:21 CDT(-0500)] <kickehy> localhost logs are empty :/
[09:09:49 CDT(-0500)] <serac> catalina.out?
[09:10:27 CDT(-0500)] <kickehy> hey there we go
[09:11:06 CDT(-0500)] <serac> 
[09:11:17 CDT(-0500)] <kickehy> w00t must of made my cert wrong then
[09:11:42 CDT(-0500)] <serac> What OS are you running?
[09:11:55 CDT(-0500)] <kickehy> Windows server 2008 r2
[09:12:20 CDT(-0500)] <serac> Wanna be a guinea pig?
[09:12:25 CDT(-0500)] <kickehy> haha sure
[09:12:50 CDT(-0500)] <serac> Generate a pfx file containing your cert/key pair.
[09:13:44 CDT(-0500)] <serac> PFX is mostly the same as a PKCS#12 container.
[09:14:01 CDT(-0500)] <kickehy> from the ca or local computer?
[09:14:23 CDT(-0500)] <serac> I assumed you used the certificate console to generate the cert. Is that correct?
Page Comparison
General
Content
Integrations