Hello, We have a reverse-proxy server (under our control) running Apache mod-auth-cas as a CAS client. This reverse-proxy is used successfully by browser-based clients to connect to our corporate intranet (including some map services) over https/SSL. The CAS server that our CAS client connects to is not under our control (or at least it would take a good deal of negotiation and persuasion to have it changed).
Now we have a third-party, non-browser client (ArcGIS Explorer Desktop) that we would like to use to connect to the same services via the same reverse-proxy. The problem is that this client initiates its connection to the server using a POST, containing necessary data (a SOAP envelope) in the body. mod-auth-cas returns a redirect response (302) to the client, sending it to the CAS server. The client obliges with a GET to the CAS server, but since this is a GET, the POST data is lost. Ultimately, authentication succeeds (we see a cookie being added to the desktop client, and the client is finally redirected to send the initial request again, which it does as a GET). But since the POST data was lost in the redirect, the client fails to connect to the service. I have read the thread at http://jasig.275507.n4.nabble.com/CAS-and-post-variables-td256281.html regarding "CAS and POST variables", with the suggested patch for the CAS server, to enable it to handle POST data. My question is, if this patch were applied on the CAS server, would that solve our problem? I expect not, because before connecting to the CAS server, mod-auth-cas is sending a 302 redirect and the client to switches over to GET. So do I need to patch both mod-auth-cas *and* the CAS server? Is such a patch available for mod-auth-cas? Is my situation the same as the issue reported for PeopleSoft software at https://issues.jasig.org/browse/CAS-355? Looking at http://www.alanflavell.org.uk/www/post-redirect.html the whole situation with redirection of POST requests seems pretty messy... Thanks for any help. Lars -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
