In the first request, there is no MOD_AUTH_CAS_S cookie. This is what results in the user being redirected to the CAS server. The CAS server redirects it back to the supplied service URL (this is a GET request), which is why the POST data is lost. This is essentially the same as supplying an invalid (read: expired) MOD_AUTH_CAS_S cookie.
For this to work as you expect, your users will need to log in via CAS before submitting POST requests to the application. Alternatively, since all the parameters are being passed in the query string anyway, you could modify the application to run the appropriate search (I'm guessing that's what it's doing) in the GET handler instead of POST. -Phil On Tue, Mar 8, 2011 at 3:10 PM, Duane Winner <[email protected]> wrote: > Got it. > > Anything in particular I should be looking for in the logs specific to > CAS? I'm not sure what I'm looking for at this point, but I have > captured the submit transactions that generates the application error > in the apache logs. I've also captured the http headers in the > browser. I can attach them if it something that would help. > > Thanks, > DW > > > On Tue, Mar 8, 2011 at 2:25 PM, Phil Ames <[email protected]> wrote: > > Please make sure the VirtualHost has LogLevel debug. > > > > On Tue, Mar 8, 2011 at 2:24 PM, Duane Winner <[email protected]> > wrote: > >> > >> I just added the CASDebug On directive a few minutes ago > >> > >> -- where should I see debugging output? I'm looking in the apache logs > >> and not seeing anything additional > >> > >> On Tue, Mar 8, 2011 at 2:20 PM, Phil Ames <[email protected]> wrote: > >> > No, those are the timeouts I'm referring to. Do you have HTTP traces > of > >> > when this problem occurs, as well as CASDebug On/LogLevel debug logs? > >> > -Phil > >> > > >> > On Tue, Mar 8, 2011 at 1:56 PM, Duane Winner <[email protected]> > >> > wrote: > >> >> > >> >> Thanks for the reply. > >> >> > >> >> I'm not specifying either of these as an apache directive, but > >> >> according to the README, the defaults are way beyond the window in > >> >> which I've tested this and replicated the error (under 5 minutes). > >> >> > >> >> Directive: CASTimeout > >> >> Default: 7200 (2 hours) > >> >> Directive: CASIdleTimeout > >> >> Default: 3600 (1 hour) > >> >> > >> >> Or are you referring to something else I should be looking at? > >> >> > >> >> Thanks again, > >> >> -DW > >> >> > >> >> > >> >> > >> >> > >> >> On Tue, Mar 8, 2011 at 1:49 PM, Phil Ames <[email protected]> > wrote: > >> >> > It's possible that the user's mod_auth_cas session has expired, and > >> >> > they > >> >> > were redirected to the CAS server to obtain a new ticket. This > >> >> > redirect > >> >> > causes the loss of the POST data, and results in an HTTP GET when > the > >> >> > CAS > >> >> > server redirects the user to the service URL. > >> >> > -Phil > >> >> > > >> >> > On Tue, Mar 8, 2011 at 12:58 PM, DW <[email protected]> wrote: > >> >> >> > >> >> >> Hello, we host a web-based application, and a client of ours has a > >> >> >> CAS > >> >> >> server so we installed mod_auth_cas when the asked for > >> >> >> Single-Sign-On. > >> >> >> > >> >> >> I compiled and installed mod_auth_cas-1.0.8.1 on apache 2.2, and > it > >> >> >> works > >> >> >> for the most part, but we are running into issues where we have a > >> >> >> submission > >> >> >> form and when submitted our application generates an error. A > trace > >> >> >> shows > >> >> >> that what should have been a POST was converted to a GET. If we > turn > >> >> >> off > >> >> >> CAS/SSO, then everything works fine. > >> >> >> > >> >> >> Can any provide any insight? > >> >> >> > >> >> >> global: > >> >> >> LoadModule auth_cas_module > /usr/local/apache/modules/mod_auth_cas.so > >> >> >> CASCookiePath /tmp/cas/ > >> >> >> > >> >> >> In virtualhost section: > >> >> >> CASLoginURL https://foo.com/cas/login?view=showx > >> >> >> CASValidateURL https://foo.com/cas/serviceValidate > >> >> >> CASCertificatePath > >> >> >> /home/vhosts/bar/profile/ssl/gd_bundle.certificate > >> >> >> CASValidateServer Off > >> >> >> > >> >> >> > >> >> >> Thanks, > >> >> >> DW > >> >> >> -- > >> >> >> You are currently subscribed to [email protected] as: > >> >> >> [email protected] > >> >> >> To unsubscribe, change settings or access archives, see > >> >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >> > > >> >> > > >> > > >> > > > > > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
