Sorceror
Sorceror

Reputation: 4843

CAS Jboss AS7 HTTPS redirect

How is it possible to configure Jasig's CAS to listen only on HTTPS port (8443)?

We have application divided into two parts, portal and SSO authority (JASIG CAS). Both are running on JBoss AS7 and different machines. Portal and SSO authority are configured to redirect from HTTP (8080) port to HTTPS (8443) port by

<subsystem xmlns="urn:jboss:domain:web:1.0" default-virtual-server="default-host">
    <connector name="http" protocol="HTTP/1.1" socket-binding="http" scheme="http" redirect-port="8443"/>
    <connector name="https" protocol="HTTP/1.1" socket-binding="https" scheme="https" secure="true">
        <ssl name="https" password="pass" certificate-key-file="/path_to_keystore.jks"/>
    </connector>
    <virtual-server name="default-host">
        <alias name="myapp.domain.com"/>
    </virtual-server>
</subsystem>
...
<socket-binding name="http" port="8080" fixed-port="true" interface="public"/>
<socket-binding name="https" port="8443" fixed-port="true" interface="public"/>

Port redirection works well on portal part, but CAS ignores the redirection and works at http (8080) as well (shows information about non-secured access).

Upvotes: 2

Views: 2415

Answers (1)

Sorceror
Sorceror

Reputation: 4843

For correct java web app SSL configuration is necessary to make some part of application secured in web.xml file. Then redirect works flawless.

<security-constraint>
     <web-resource-collection>
         <web-resource-name>sso secured pages</web-resource-name>
         <url-pattern>/*</url-pattern>
     </web-resource-collection>
     <user-data-constraint>
         <transport-guarantee>CONFIDENTIAL</transport-guarantee>
     </user-data-constraint>
</security-constraint>

Upvotes: 2

Related Questions