Jérôme, Could you verify your CASLoginURL and CASValidateURL? If your CAS server is listening on :8443, then your CASLoginURL and your CASValidateURL also need to reference :8443. But, if these are really wrong in your Apache config, then I'm not sure how you are getting the initial redirect to the login screen. So, could you confirm that the following two lines: CASLoginURL https://auth.domain.tld/cas/login CASValidateURL https://auth.domain.tld/cas/serviceValidate
Really should look like this: CASLoginURL https://auth.domain.tld:8443/cas/login CASValidateURL https://auth.domain.tld:8433/cas/serviceValidate Note that CASProxyValidateURL is unnecessary and should just be removed. Hope that helps, -Matt Matthew J. Smith University of Connecticut UITS [email protected] ________________________________________ From: Jérôme Benoit [[email protected]] Sent: Monday, April 23, 2012 7:44 PM To: [email protected] Subject: [cas-user] CAS Server, Apache CAS and Reverse proxy Hello, My CAS server is listenning on port 8443 on a tomcat6 SSLed configuration. I've setup a virtual host that act as a reverse proxy under auth.domain.tld to access the CAS server. So far, so good. I've tried to use CAS authentification type for an URI reverse proxied too : <IfModule mod_auth_cas.c> CASDebug On CASCertificatePath /etc/ssl/cacert.pem CASValidateServer Off CASLoginURL https://auth.domain.tld/cas/login CASValidateURL https://auth.domain.tld/cas/serviceValidate CASProxyValidateURL https://auth.domain.tld/cas/proxyValidate CASCookieDomain .domain.tld CASCookiePath /opt/tmp/cas/ <Location /ftpprivate> AuthType CAS AuthName "Service Central d'authentification" Require valid-user Order deny,allow Allow from all ProxyPass http://c1.domain.tld/ftpprivate ProxyPassReverse http://c1.domain.tld/ftpprivate </Location> The pb is after the login screen, the browser complain about a wrong redirection. I'm having hard time to figure out where I've made something wrong. Is they're a list of the CAS server configuration directives file by file ? I suspect the CAS server try to redirect wrongly after the login splash screen. cas.properties content : server.prefix=https://auth.domain.tld:8443/cas cas.securityContext.serviceProperties.service=${server.prefix}/services/j_acegi_cas_security_check # Names of roles allowed to access the CAS service manager cas.securityContext.serviceProperties.adminRoles=ROLE_ADMIN cas.securityContext.casProcessingFilterEntryPoint.loginUrl=${server.prefix}/login cas.securityContext.ticketValidator.casServerUrlPrefix=${server.prefix} cas.themeResolver.defaultThemeName=cas-theme-default cas.viewResolver.basename=default_views host.name=auth.domain.tld -- Jérôme Benoit aka fraggle La Météo du Net - http://grenouille.com OpenPGP Key ID : 9FE9161D Key fingerprint : 9CA4 0249 AF57 A35B 34B3 AC15 FAA0 CB50 9FE9 161D -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
