Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirection by the CAS Headers #81

Open
talbenbasat opened this issue Nov 2, 2014 · 7 comments
Open

Redirection by the CAS Headers #81

talbenbasat opened this issue Nov 2, 2014 · 7 comments

Comments

@talbenbasat
Copy link

Hi,

I've been using the mod_auth_cas, and tried to execute a redirect by user.
In order to do so, I'm trying to use the Apache RewriteRule with the cas headers.

I've been trying unsuccessfully to locate the exact headers name.

I would really appreciate if you could help me with,

Thanks in advance,
Tal
@dotmjs
Copy link

dotmjs commented Nov 2, 2014

The standard "REMOTE_USER" will be set by mod_auth_cas after successful
validation.
On Nov 2, 2014 12:33 PM, "Tal" [email protected] wrote:

Hi,

I've been using the mod_auth_cas, and tried to execute a redirect by user.
In order to do so, I'm trying to use the Apache RewriteRule with the cas
headers.

I've been trying unsuccessfully to locate the exact headers name.

I would really appreciate if you could help me with,

Thanks in advance,
Tal


Reply to this email directly or view it on GitHub
#81.

@talbenbasat
Copy link
Author

Hi,

I've tried this rule
RewriteRule ^/$ http://webtest.domain.com/%{REMOTE_USER}

and it ended up with a redirection loop.

@dotmjs
Copy link

dotmjs commented Nov 2, 2014

What is the URL that is first accessed? Is it webtest.domain.com/, or a
deeper path?

Is http always used, or is first access via https?

Can you post your CAS config?

Have you confirmed this works without the redirect, either by using
"require user foo" within your httpd.conf block, or with a CGI that prints
REMOTE_USER?

Note - you should probably take this to the cas-user mailing list for a
wider audience to help troubleshoot.
On Nov 2, 2014 12:41 PM, "Tal" [email protected] wrote:

Hi,

I've tried this rule
RewriteRule ^/$ http://webtest.domain.com/%{REMOTE_USER}

and it ended up with a redirection loop.


Reply to this email directly or view it on GitHub
#81 (comment).

@talbenbasat
Copy link
Author

Hi @forsetti,

First of all, thanks for your quick responses.

  1. The first URL i'm accessing is logintest.domain.com, and then it's redirects me to my apache.
    The physical architecture is Apache and haproxy for all subdomains on one server, and CAS with tomcat on another.
  2. The URL - logintest.domain.com is accessed via https and all other URLs are access via http.
  3. cas config
    #mod_cas_auth configuration
    CASCookiePath /cas/cookies/
    CASLoginURL https://logintest.domain.com:8443/cas/login
    CASValidateURL https://logintest.domain.com:8443/cas/samlValidate
    CASDebug On
    CASValidateServer Off
    CASAllowWildCardCert On
    CASTimeout 86400
    CasIdleTimeout 86400
    CASSSOEnabled On
    CASValidateSAML On
    CASCacheCleanInterval 1800
    CASAuthoritative On
    CASCookieDomain .domain.com
  1. apache location directive
  <Location />
     AuthType CAS

     require valid-user

     CASAuthNHeader Cas-User

     CASScrubRequestHeaders On

     CASScope /

     CASCookie domain
  </Location>

@dotmjs
Copy link

dotmjs commented Nov 8, 2014

Sorry for delay (I travel much for work lately). When accessing
webtest.domain.com, is https ever used? Or just http?

Have you verified that this will work without the redirect, by just
protecting a directory and making sure you can gain access?

I'd suggest [osting

On Tue, Nov 4, 2014 at 7:22 AM, Tal [email protected] wrote:

Hi @forsetti https://github.com/forsetti,

First of all, thanks for your quick responses.

The first URL i'm accessing is logintest.domain.com, and then it's
redirects me to my apache.
The physical architecture is Apache and haproxy for all subdomains on
one server, and CAS with tomcat on another.
2.

The URL - logintest.domain.com is accessed via https and all other
URLs are access via http.
3.

cas config

#mod_cas_auth configuration
CASCookiePath /cas/cookies/
CASLoginURL https://logintest.domain.com:8443/cas/login
CASValidateURL https://logintest.domain.com:8443/cas/samlValidate
CASDebug On
CASValidateServer Off
CASAllowWildCardCert On
CASTimeout 86400
CasIdleTimeout 86400
CASSSOEnabled On
CASValidateSAML On
CASCacheCleanInterval 1800
CASAuthoritative On
CASCookieDomain .domain.com

  1. apache location directive

    AuthType CAS

    require valid-user

    CASAuthNHeader Cas-User

    CASScrubRequestHeaders On

    CASScope /

    CASCookie domain


Reply to this email directly or view it on GitHub
#81 (comment).

[email protected]
PGP: E2144AD8

@dotmjs
Copy link

dotmjs commented Nov 8, 2014

Sorry for delay (I travel much for work lately). When accessing
webtest.domain.com, is https ever used? Or just http?

Have you verified that this will work without the redirect, by just
protecting a directory and making sure you can gain access?

As this is likely not a mod_auth_cas bug, I'd suggest posting this to the
cas-user mailing list for a broader community discussion.

On Fri, Nov 7, 2014 at 10:42 PM, Matt Smith [email protected] wrote:

Sorry for delay (I travel much for work lately). When accessing
webtest.domain.com, is https ever used? Or just http?

Have you verified that this will work without the redirect, by just
protecting a directory and making sure you can gain access?

I'd suggest [osting

On Tue, Nov 4, 2014 at 7:22 AM, Tal [email protected] wrote:

Hi @forsetti https://github.com/forsetti,

First of all, thanks for your quick responses.

The first URL i'm accessing is logintest.domain.com, and then it's
redirects me to my apache.
The physical architecture is Apache and haproxy for all subdomains on
one server, and CAS with tomcat on another.
2.

The URL - logintest.domain.com is accessed via https and all other
URLs are access via http.
3.

cas config

#mod_cas_auth configuration
CASCookiePath /cas/cookies/
CASLoginURL https://logintest.domain.com:8443/cas/login
CASValidateURL https://logintest.domain.com:8443/cas/samlValidate
CASDebug On
CASValidateServer Off
CASAllowWildCardCert On
CASTimeout 86400
CasIdleTimeout 86400
CASSSOEnabled On
CASValidateSAML On
CASCacheCleanInterval 1800
CASAuthoritative On
CASCookieDomain .domain.com

  1. apache location directive

    AuthType CAS

    require valid-user

    CASAuthNHeader Cas-User

    CASScrubRequestHeaders On

    CASScope /

    CASCookie domain


Reply to this email directly or view it on GitHub
#81 (comment).

[email protected]
PGP: E2144AD8

[email protected]
PGP: E2144AD8

@talbenbasat
Copy link
Author

Hi @forsetti,

Yes https is being used when entering logintest.domain.com.

I'll post the question in the cas-user mailing.

Thanks,
Tal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dotmjs @talbenbasat