mod_auth_cas + apache 2.2 + reverse proxy

Chris c.naslain at lectra.com
Mon Jun 9 09:50:29 EDT 2008 

Hi,
Mis-typing :) The mod_auth_cas is on http://rwiki.company.com and the 
reverse-proxy is set for http://pwiki. The CAS URL 
https://cas-rd.company.com/cas/login;jsessionid=4FC9DA45BB577437028F17?service=http%3a%2f%2frwiki.company.com%2f

I've tried 'UseCanonicalName On' on the vhost; but it didn't changed the 
behavior.

I've also moved the mod_cas.so include before the mod_proxy.so. This 
hasn't fix the problem too. I'm still redirected to the real websire 
rdwiki.company.com and not the proxy URL http://pwiki

Hope this helps.

Chris


Matt Smith a écrit :
> Hi Chris-
>   Is mod_auth_cas configured on "pwiki", or on "rwiki.company.com"? Your
> example service parameter looks funny, showing "http://r.company.com" --
> does this refer to   "rwiki.company.com"?
>  
>   Guessing that m-a-c is configured on pwiki, can you try adding
> "|UseCanonicalName On" to your vhost?  That will cause Apache to
> identify itself internally using the name supplied in "ServerName",
> overriding the default which obtains the server name from the
> client-supplied headers.
> 
>   One other thing to try -- can you reverse the order that mod_auth_cas
> and mod_proxy are loaded?  It's possible that mod_proxy is rewriting the
> Location header to the destination before CAS can retrieve the server
> name.  Alternatively, perhaps ProxyPreserveHost could work, but I'm not
> sure of the implications to your destination server.
> 
> Please let us know if any of that helps,
> -Matt
> 
> |Chris wrote:
>> Hi all,
>>
>> I'm trying to configure an apache 2.2 reverse proxy with mod_auth_cas.
>>
>> My website config (virtual host) is:
>>
>> <VirtualHost *:80>
>> ServerName pwiki
>> DocumentRoot /home/httpd/pwiki
>> CustomLog plmwiki/logs/access_log common
>> ErrorLog plmwiki/logs/error_log
>>
>> ProxyRequests Off
>> ProxyPass / http://rwiki.company.com/
>> ProxyPassReverse / http://rwiki.company.com/
>> </VirtualHost>
>>
>> <Directory /home/httpd/pwiki>
>> Options FollowSymLinks ExecCGI
>> AllowOverride All
>> order allow,deny
>> allow from all
>> </Directory>
>>
>> and mod_auth_cas was configured like this:
>>
>> # JASIG MOD_AUTH_CAS MODULE
>> LoadModule auth_cas_module modules/mod_auth_cas.so
>>
>> <IfModule mod_auth_cas.c>
>>            CASDebug On
>>            CASCookiePath /tmp/
>>            CASLoginURL https://cas-rd.company.com/cas/
>>            CASValidateURL https://cas-rd.company.com/cas/serviceValidate
>>            CASCertificatePath /etc/pki/tls/certs/casserver.crt
>>            CASValidateServer on
>> </IfModule>
>>
>> When I try to login into http://pwiki, I am redirected to 
>> https://cas-rd.company.com/cas/ with 
>> service=service=http%3a%2f%2fr.company.com%2f and not http://pwiki
>>
>> Anything wrong with the config? I didn't found any configuration por CAS 
>> caching/proxy in http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas.
>>
>> Maybe mod_auth_cas does not supports proxy CAS ? If so, any news when 
>> this would be available? Any workaround if so?
>>
>> Best,
>>
>> Chris

More information about the cas mailing list