Foren
Single Sign On (SSO) beetwen tow machine
Mr Tan, geändert vor 7 Jahren.
Single Sign On (SSO) beetwen tow machine
New Member Beiträge: 3 Beitrittsdatum: 02.11.16 Neueste Beiträge
Hi!!!
I configure liferay + cas
After logging into the server liferay 1 success
New tab -> call link liferay server 2 (http://server2:8080): can’t auto login
But call (http://server2:8080/group/control_panel): auto login success
How to call (http://server2:8080) auto login
Please support me, thanks.
I configure liferay + cas
After logging into the server liferay 1 success
New tab -> call link liferay server 2 (http://server2:8080): can’t auto login
But call (http://server2:8080/group/control_panel): auto login success
How to call (http://server2:8080) auto login
Please support me, thanks.
David H Nebinger, geändert vor 7 Jahren.
RE: Single Sign On (SSO) beetwen tow machine
Liferay Legend Beiträge: 14916 Beitrittsdatum: 02.09.06 Neueste Beiträge
Well your configuration is all wrong.
First, your two Liferay nodes should form a proper cluster and be fronted by a load balancer.
From the browser's perspective, the CAS tokens are tied to the main site URL, not "node 1" or "node 2".
On the back end, the node will redirect to CAS for authentication and the incoming CAS token cookies are tied to the main site URL so they are visible in both nodes.
In your current configuration, CAS has approved the token based on the URL for node 1, but this is not going to be the same URL on node 2 so the CAS token cookie will not be handed to node 2.
Now if these are not Liferay nodes in a cluster, then I think your configuration is still off. The CAS token cookie must be bound to a less specific URL such as http://example.com so it would be visible to all subdomains; if you've bound the CAS token cookie to http://node1.example.com then the cookie cannot be passed to http://node2.example.com because of the different domain.
First, your two Liferay nodes should form a proper cluster and be fronted by a load balancer.
From the browser's perspective, the CAS tokens are tied to the main site URL, not "node 1" or "node 2".
On the back end, the node will redirect to CAS for authentication and the incoming CAS token cookies are tied to the main site URL so they are visible in both nodes.
In your current configuration, CAS has approved the token based on the URL for node 1, but this is not going to be the same URL on node 2 so the CAS token cookie will not be handed to node 2.
Now if these are not Liferay nodes in a cluster, then I think your configuration is still off. The CAS token cookie must be bound to a less specific URL such as http://example.com so it would be visible to all subdomains; if you've bound the CAS token cookie to http://node1.example.com then the cookie cannot be passed to http://node2.example.com because of the different domain.
Mr Tan, geändert vor 7 Jahren.
RE: Single Sign On (SSO) beetwen tow machine
New Member Beiträge: 3 Beitrittsdatum: 02.11.16 Neueste BeiträgeDavid H Nebinger:
Now if these are not Liferay nodes in a cluster, then I think your configuration is still off. The CAS token cookie must be bound to a less specific URL such as http://example.com so it would be visible to all subdomains; if you've bound the CAS token cookie to http://node1.example.com then the cookie cannot be passed to http://node2.example.com because of the different domain.
Yes, i don't config Liferay cluster.
But call liferay page private auto login success, i think page private request authen -> liferay auto call cas authen.
How to config CAS when i don't config Liferay cluster.
Thanks!
Jack Bakker, geändert vor 7 Jahren.
RE: Single Sign On (SSO) beetwen tow machine
Liferay Master Beiträge: 978 Beitrittsdatum: 03.01.10 Neueste Beiträge
Liferay won't require authentication for a page that doesn't require authentication.
Mr Tan, geändert vor 7 Jahren.
RE: Single Sign On (SSO) beetwen tow machine
New Member Beiträge: 3 Beitrittsdatum: 02.11.16 Neueste Beiträge
Thanks all...