Hello,In our organization, we use mod_auth_cas to protect only un-cassified applications, or applications where authentication can rely upon some HTTP Headers.
In front of cassified applications (eg PHP app with phpCAS), we do not put mod_auth_cas on our reverse proxies. Why would you put another authentication layer in front of your cassified applications ? Do you use the same configuration between mod_auth_cas and your application ? (same CAS server, authentication scheme, ...)
Rgds. Le 11/07/2011 17:10, le signor a écrit :
Hi, I have an application that uses CAS for authentication. For access from Internet and for security reason, I add a reverse proxy Apache with mod_auth_cas before this application, and I check if the user can be authentified. After the successfull authentication by mod_auth_cas, the casified application asks for a ticket, and when this ticket is sent back by CAS to the application, the mod_auth_cas on the reverse proxy uses this answer to validate the ticket instead of giving this answer to the application. Then, the process starts again, the application asks for a ticket, and it loops ! I checked the code of mod_auth_cas, and saw that when a request arrives with a CAS ticket, the mod_auth_cas tries to validate it, before checking if there is already a mod_auth_cas cookie set. Can someone help me to find a solution to add secure reverse proxy with CAS in front of casified application ? Thanks Thierry Le Signor
-- Philippe MARASSE Service Informatique - Centre Hospitalier Henri Laborit BP 587 - 370 avenue Jacques Coeur 86021 Poitiers Cedex Tel : 05.49.44.57.19
smime.p7s
Description: S/MIME Cryptographic Signature
