Great. Big big thanks!
But... I think I have encountered a secound issue: I am logged in into the CAS and open the (same) website https://secretsite.de/index.php Everything is perfect, the website gets displayed. Now I open https://cas.secretsite.de/cas/logout and logout. As I said before, the mod_auth_cas at secretsite.de is configured with "CASIdleTimeout 60". Now my experiment: I was waiting five minutes and opened the site https://secretsite.de/index.php for a second time. Now I am getting an error "Bad Gateway" from the reverse proxy. The log files in the reverse proxy contain: [Tue May 31 13:29:31 2011] [error] [client 147.172.x.y] (70014)End of file found: proxy: error reading status line from remote server typo3-int [Tue May 31 13:29:31 2011] [error] [client 147.172.x.y] proxy: Error reading from remote server returned by /index.php The only traffic from this second buggy website call is this: https://secretsite.de/index.php GET /index.php HTTP/1.1 Host: secretsite.de User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 DNT: 1 Pragma: no-cache, no-cache Cookie: MOD_AUTH_CAS_S=46e572e344e95ae42537e7ed5a24d86b Connection: keep-alive Cache-Control: no-cache HTTP/1.1 200 OK Date: Tue, 31 May 2011 11:29:30 GMT Server: Apache Vary: accept-language,accept-charset Accept-Ranges: bytes Content-Type: text/html; charset=iso-8859-1 Content-Language: de Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked I dont see a line in the respone beginning with "Content-Length: ...". Why does there no data, no redirect have been sent? The log files of mod_auth_cas contain: [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1745): [client 147.172.x.y] Entering cas_authenticate() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1473): [client 147.172.x.y] entering isValidCASCookie() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1264): [client 147.172.x.y] entering deleteCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1501): [client 147.172.x.y] Cookie '46e572e344e95ae42537e7ed5a24d86b' is expired, deleting [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(946): [client 147.172.x.y] entering CASCleanCache() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(988): [client 147.172.x.y] Beginning cache clean [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1006): [client 147.172.x.y] Processing cache file 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2' [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(796): [client 147.172.x.y] Invalid cache cookie length for 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2', (expecting 32, got 31) [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1022): [client 147.172.x.y] Removing corrupt cache entry 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2' [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(1264): [client 147.172.x.y] entering deleteCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(791): [client 147.172.x.y] entering readCASCacheFile() [Tue May 31 13:29:30 2011] [debug] mod_auth_cas.c(796): [client 147.172.x.y] Invalid cache cookie length for 'sess_bnofgn4qa9jhfrs7dvhgb4n6n2', (expecting 32, got 31) Is this cookies issue the problem? Normally I would expect, that the second call of https://secretsite.de/index.php redirects me to the CAS login site, because of the logout five minutes before. But I get this "Bad Gateway" issue. If I reload the site (=a third time, after the bad gateway error), I am getting redirected to the login, indeed! And everything works... Do you have any ideas? cu Kevin Am 31.05.2011 14:11, schrieb Smith, Matthew J.: > Got it. There is an extra URL encode in the CASRootProxiedAs codepath. > We'll whip up a patch against trunk. > > -Matt > > Matthew J. Smith > University of Connecticut UITS > [email protected] -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
