Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Corrected links that should have been relative instead of absolute.

[08:20:33 CDT(-0500)] <jsumners> i have a CAS server setup where i am running Tomcat on ports 8080 and 8443. all requests come in on ports 80 and 443 and are redirected to the appropriate ports. when i try to login to /services i am able to authenticate, but then the "j_acegi_cas_security_check?ticket=" fails with "Connection reset" (http://pastebin.com/5BSWY2N6). is this because of the port redirects?
[08:46:47 CDT(-0500)] <yann__> check what domains the cookies are set for
[08:48:18 CDT(-0500)] <yann__> I remember setting this on my server, not sure if you have a similar setup though (smile) ProxyPassReverseCookiePath /cas-server-webapp-3.4.5 /
[09:15:40 CDT(-0500)] <jsumners> where do i set that?
[09:16:07 CDT(-0500)] <jsumners> 2011-05-18 10:06:14,581 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - <Setting path for cookies to: />
[09:17:27 CDT(-0500)] <jsumners> also, i have determined it isn't because of the port redirects. i now have CAS fowarding on to 8443 in its configuration
[09:17:38 CDT(-0500)] <jsumners> still have the problem
[09:18:54 CDT(-0500)] <jsumners> oh, that's an Apache httpd directive. i'm not using that
[09:19:01 CDT(-0500)] <jsumners> i have the redirects done via iptables
[10:05:18 CDT(-0500)] <jsumners> does anyone have any ideas on this – http://pastebin.com/qvBqzvKD ? the debug info is not really helping me
[10:06:17 CDT(-0500)] <jsumners> specifically, line 69
[10:12:15 CDT(-0500)] <jsumners> hmm. the login works when i validate over HTTP instead of HTTPS
[13:31:52 CDT(-0500)] <apetro> jsumners , yes, offhand, looks like an SSL issue
[13:32:09 CDT(-0500)] <jsumners> great
[13:32:18 CDT(-0500)] <jsumners> tease me and then leave
[14:03:33 CDT(-0500)] <jsumners> for the record, my Tomcat instance is configured using APR and the SSLProtocol option on the connector was set to "TLSv1". after changing the protocol option to "all", it works correctly