There's no bug with the CAS server with respect for subdomains. All CAS clients are required to read their host names from configuration and not from Host headers, as using host headers introduces a security risk since its controlled by users.
I know that info doesn't actually help you :-) Can you describe your use case a bit more on why you're using a CAS client to work with both a domain and subdomain? I admit its probably a use case we haven't encountered before. Cheers, Scott On Mon, Jun 13, 2011 at 11:11 AM, stan santiago <[email protected]> wrote: > Greetings Folks, > > I'm unable to get CAS working with subdomains. I see there is a bug > filed for this issue: > https://issues.jasig.org/browse/CAS-980 > > Anyone else run into this and find any workarounds for this issue? > > My environment: > ----------------------- > - OS: CenOS 5.5 64 bit > - Apache Module: Mod_auth_cas 1.0.9.1 setup on Apache 2 > - CAS Server 3.4.7 > > TEST URLs: > ------------------ > 1. Accessing http://test.com redirects to > > https://my.casserver.com:8443/cas-server-webapp-3.4.7/login?service=http://platformsystems.com/ > 2. Accessing http://host1.test.com redirects to exactly the same URL > above. The "host1" subdomain is stripped off during redirection to CAS > server. > > Apache httpd.conf > -------------------------- > > # Use name-based virtual hosting. > NameVirtualHost *:80 > > <VirtualHost *:80> > > DocumentRoot /var/www/html > ServerName test.com > ServerAlias *.test.com > > LoadModule auth_cas_module modules/mod_auth_cas.so > > # Cookie path must be given as an absolute path with a trailing slash > CASCookiePath /var/run/mod_auth_cas/ > > # Certificate path may be a file or a directory of certificates symlinked > by > # their hashed names > CASCertificatePath /etc/ssl/certs > CASValidateServer Off > CASDebug On > > # The URL to the CAS server > CASLoginURL https://my.casserver.com:8443/cas-server-webapp-3.4.7/login > CASValidateURL > https://my.casserver.com:8443/cas-server-webapp-3.4.7/serviceValidate > CASProxyValidateURL > https://my.casserver.com:8443/cas-server-webapp-3.4.7/proxyValidate > > </VirtualHost> > > ... > > <Directory "/var/www/html"> > > Options Indexes FollowSymLinks > > AuthType CAS > AuthName "MY CAS" > require valid-user > > Order allow,deny > Allow from all > > </Directory> > > ... > > Thanks, > Stan > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
