You can not do that, every ticket will be used only once - and mod_auth_cas with parse the ticket and consume it. If you already have cassified application then you should not protect that application behind mod_auth_cas again.
You can surely add reverse proxy infront of CAS application - but that can not use mod_auth_cas, So I use single apache httpd with multiple virtual hosts - and application which need two levels fo protection I just put them basic authentication. Ajey On Mon, Jul 11, 2011 at 8:40 PM, le signor <[email protected]>wrote: > Hi, > > I have an application that uses CAS for authentication. > > For access from Internet and for security reason, I add a reverse proxy > Apache with mod_auth_cas before this application, and I check if the user > can be authentified. > > After the successfull authentication by mod_auth_cas, the casified > application asks for a ticket, and when this ticket is sent back by CAS to > the application, the mod_auth_cas on the reverse proxy uses this answer to > validate the ticket instead of giving this answer to the application. Then, > the process starts again, the application asks for a ticket, and it loops ! > > I checked the code of mod_auth_cas, and saw that when a request arrives > with a CAS ticket, the mod_auth_cas tries to validate it, before checking if > there is already a mod_auth_cas cookie set. > > Can someone help me to find a solution to add secure reverse proxy with CAS > in front of casified application ? > > Thanks > Thierry Le Signor > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
