On 8/25/2011 4:00 PM, Lars Huttar wrote: ...
mod-auth-cas returns a redirect response (302) to the client, sending it to the CAS server. The client obliges with a GET to the CAS server, but since this is a GET, the POST data is lost. Ultimately, authentication succeeds (we see a cookie being added to the desktop client, and the client is finally redirected to send the initial request again, which it does as a GET). But since the POST data was lost in the redirect, the client fails to connect to the service.
I have not received any replies about this question on this list, but I talked with a colleague who gave me some further ideas on how to solve this.
His recommendation was to handle this entirely on the client (mod_auth_cas), not on the CAS server. (The patch I referenced for the CAS server is apparently intended to solve a different problem.)
My colleague's idea, paraphrased, is to modify mod_auth_cas to do the following:
1) When the first unauthenticated request comes in: - give the user a cookie with a unique id (I think this would have to be separate from the CASTGC, but I'm not sure) - store the content of their POST data somewhere, tied to that id. 2) The user goes off to the CAS server, gets authenticated, and comes back with a ticket. 3) When the user returns, modify the incoming request to look like a POST, instead of a GET, before it gets to your actual site code. Retrieve the POST data from where it was stored, based on the unique ID from the cookie mentioned above. Populate the request body with the retrieved POST data. My questions: A) Does this seem like a reasonable approach? B) Is this a feature that might be useful to other users of mod_auth_cas? C) Would someone be willing to help? The C source code is at https://source.jasig.org/cas-clients/mod_auth_cas/trunk/src/mod_auth_cas.c For example, where would mod_auth_cas store POST data tied to a unique ID, to retrieve on a later request? Thanks for any help... Lars -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
