I can't find any documentation on how to run CAS SSO client application on HTTP. I've installed CAS server, it is running on HTTPS, that is OK. But I don't want my client applications to be running on HTTPS. The reason is because they are internal application, there is no need for them to run on HTTPS.
When I am trying to run my client applications on HTTP I am getting the exceptions of SSL handshake, because CAS expecting my application to be running over HTTPS.
Is this even possible to run client application integrated with CAS over HTTP? And if it is how to make this happen?
Specifications:
Tomcat 6.0.35
JDK 1.6
CAS 3.5.1
The CAS server knows the CAS client applications by the urls patterns defined in its back office and these urls patterns can be HTTP based.
Related
We are trying to validate what TLS version our web client application is using. We can run nmap --script ssl-enum-ciphers -p 443 www.example.com as we see TLS version 1.2 (That's the version we want.) However we are wanting to validate what version of TLS is being used from web application client directly? Not the server. This is a 1.6 java application that is deployed on Weblogic. Is this request possible to validate on the application directly? I see a lot of threads validating at the server level or the or validating what the server end, not the client application level.
Situation:
My client has a Java web application deployed on a JBoss server, it is accessed both via HTTPS and HTTP
The JBoss server is sitting behind a load-balancer that handles the SSL, in other words this load-balancer terminates SSL and sends requests to JBoss as plain HTTP
Problem I need to solve:
The web application deployed on JBoss needs to know what port the load-balancer is using for HTTPS, so that it can direct users to certain HTTPS urls correctly. This cannot be hard-coded because the application will be deployed on multiple clients, each of them have different configurations for the load-balancer.
My approach (which didn't work):
I am defining the port from a jspx page, via ${pageContext.request.serverPort}, but this always returns the port for HTTP because JBoss always gets the request via HTTP.
Thanks in advance. I've looked at this question but was not helpful.
There isn't really a way to determine the port if tomcat is sitting behind a load balancer. As suggested in the comments, exposing the port configuration to your clients would be the best for now.
I have a Java application running on Tomcat and the application needs to consume a WCF service that requires client certificate authentication . I have the keystores and truststores configured on the client side and I have confirmed that the request is getting sent to IIS, however I'm getting an "unauthorized" error message from IIS logs. I'm wondering if there is any specific Tomcat configuration required in order to allow sending a client certificate from the client?
Thanks in advance.
It's the application code that is calling the WCF service, right? In that case, I don't think Tomcat configuration is what you need - Tomcat's SSL configuration is about what SSL authentication happens when browsers and other web clients connect to the Tomcat server and its applications, not about what happens when the applications are themselves clients to other network services. Rather, the application code calling the service needs to use an SSLContext created with the proper keystore, which will need to hold both the private key and certificate presented to the server for client authentication, and the certificates needed to authenticate the certificate presented by the WCF service.
We have a legacy client-server application with the client written in C++ and server in Java (both running on Windows) using CORBA for communication.
Note that the Java application on the server doesn't use TomCat or other application servers.
To enable Active Directory authentication of the client I'm using the Waffle library on the server and Windows APIs on the client to perform a Negotiate SSPI exchange loop as mentioned in this post: Authenticating users using Active Directory in Client-Server Application
The MSDN sample for the SSPI Exchange loop has multiple send-receive calls between client and server (probably to account for NTLM auth too) but I've been able to successfully authenticate the client by sending the auth token just once to the server.
If our server runs on Windows Server 2003 and greater, and our client runs on Windows XP and greater, is it safe for me to assume that Kerberos will be used and multiple send-receive calls are not required?
If I were to authenticate using Java+waffle on Tomcat, I notice that the auth token is sent just once.
We are calling a web service (jaxws) running on JBoss 4 from one of our .NET, C#, web services clients. It is working just fine on our local network, but as soon as we connect to our VPN to test on the production environment it throws a 505 error (HTTP version not supported). On both our local and production machines, we have tested the services from a Java client while still connecting to VPN and it's working fine for the java client
Any hint regarding this issue?
I would guess that your production web server is not configured the same as your test web server; it is more restrictive and not allowing the HTTP version that you want. Ask the server admin for your production server what versions of HTTP are supported.
Another possibility is that on the VPN you have an intermediate proxy that is converting your request from one version of HTTP to another. Ask a network admin for help.