On 12 July 2016 at 11:32, Travis Schmidt <[email protected]> wrote:
> I have been trying to come up with a way to configure a landing page for an
> app that uses gateway to determine if the user is logged in or not with
> Apache 2.4 and mod_auth_cas. I thought at first just doing something like
>
> Require valid-user
> Require all granted
>
> would do the trick, but the RequireAny is evaluated before authentication is
> called which means mod_auth_cas is never executed in that case. The best I
> could come up with is something like this:
>
> <Location /GatewayApp/>
> AuthType CAS
> AuthName "Authentication via CAS"
> CASScope /GatewayApp/
> CASSecureCookie CAS_GATEWAY_S
> CASGateway /GatewayApp/
> Require valid-user
> <If "%{QUERY_STRING} =~ /.*ticket.*/">
> require valid-user
> </If>
> <ElseIf "%{HTTP_COOKIE} == 'MOD_CAS_G=TRUE'">
> Require all granted
> </ElseIf>
> </Location>
>
> Anyone else have or know of a better way to do this?
I can't think of a better way to do this, but I admittedly haven't
played around with the gateway stuff too much.
I'll have to think if there's a way to make this work a little more
seamlessly in Apache 2.4, which seems to be a little more strict about
setting a user during auth (which is something mod_auth_cas explicitly
does not do).
Here's the comment in the 2.4 code:
if (r->user == NULL) {
/* don't let buggy authn module crash us in authz */
:)
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wCO7YfeRTUuJ3Q-om1pOQqyKk3V5gSLVnGv32gOgB-L%2Bw%40mail.gmail.com.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
