OK, I think we're getting somewhere. When I try the test you described below, in the <Directory "/"> block, I get basic authentication challenge if I go to the bare "/" url (http://mydomain/); but no challenge if I go to the subfolder that is being proxied and which I'm trying to protect (/arcgis/services and similar).
So, maybe the Proxy settings are preventing the Auth settings from taking effect? If I then go back to using the AuthType CAS and related settings, without the AuthType basic settings, and go to http://mydomain/, then I don't get the CAS authentication because I only applied that to my /arcgis/ folder. But if I change the mod_auth_cas settings to apply to "/", then I get something different: I get "There is a problem with this website's security certificate." So maybe that's progress. However, I do want CAS to apply only to the URLs that I'm reverse-proxying. Again, the Proxy-related settings in httpd.conf are: <IfModule mod_proxy.c> ProxyRequests Off <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /gaz http://middleware.alexandria.ucsb.edu/gaz ProxyPassReverse /gaz http://middleware.alexandria.ucsb.edu/gaz # Rules for reverse proxy for ArcGIS Server # ProxyRequests Off ProxyPass /arcgis/services http://rome2:8399/arcgis/services ProxyPassReverse /arcgis/services http://rome2:8399/arcgis/services ProxyPass /arcgis/rest http://rome2:8399/arcgis/rest ProxyPassReverse /arcgis/rest http://rome2:8399/arcgis/rest ProxyPass /arcgis/sdk/rest http://rome2:8399/arcgis/sdk/rest ProxyPassReverse /arcgis/sdk/rest http://rome2:8399/arcgis/sdk/rest ProxyPass /arcgis/tokens http://rome2/arcgis/tokens ProxyPassReverse /arcgis/tokens http://rome2/arcgis/tokens ProxyPass /arcgis/server/proxyoutput/ http://rome2:8399/arcgis/server/proxyoutput/ ProxyPassReverse /arcgis/server/proxyoutput/ http://rome2:8399/arcgis/server/proxyoutput/ ProxyPass /arcgis/server/proxyjobs/ http://rome2:8399/arcgis/server/proxyjobs/ ProxyPassReverse /arcgis/server/proxyjobs/ http://rome2:8399/arcgis/server/proxyjobs/ ProxyPass /arcgis/server/proxycache/ http://rome2:8399/arcgis/server/proxycache/ ProxyPassReverse /arcgis/server/proxycache/ http://rome2:8399/arcgis/server/proxycache/ On 6/19/2009 3:40 PM, Phil Ames wrote: > Hi Lars, > Some instructions are here: > > http://httpd.apache.org/docs/2.2/howto/auth.html > > A simple example might look something like this in your > Location/Directory block: > > AuthType Basic > AuthName "Test" > AuthBasicProvider file > AuthUserFile /usr/local/apache/passwd/passwords > Require valid-user > > Then, from the command line run: > > htpasswd -c /usr/local/apache/passwd/passwords test > > where 'test' is the username you will be creating (you will be prompted > for a password). Then, restart Apache and try to hit that protected > resource and use the username/password you created. If you are not > prompted for authentication, then I think there might be some directive > in an Apache scope overriding the directives that you have set. It does > sound like your configuration is being processed though, as you said you > received startup errors when Apache could not start properly due to > invalid settings, which is why this is a bit of a mystery to me. > > -Phil > > On Fri, Jun 19, 2009 at 3:59 PM, Lars Huttar <[email protected] > <mailto:[email protected]>> wrote: > > Hi Phil, > I have not tried any other AuthType directives. I'm pretty new to httpd > authentication. > > I could try "AuthType Basic", but I wouldn't quickly know how to set up > the other required details so that a test should work. E.g. an > authentication-provider module and an authorization module, a user file > and group file... > Is there a quick & well-packaged test I could run? > > Lars > > > On 6/19/2009 2:34 PM, Phil Ames wrote: > > Hi Lars, > > Are you able to get any other AuthType directives to work on that > > location (e.g. AuthType Basic)? Is it just AuthType CAS that is > > failing? > > > > Thanks, > > > > -Phil > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
