Hi all! What is the best way to make Cas grant a ticket and create a cookie based on the original client ip listed in the 'X-Forwarding-For' field (or in other ways if you have any ideas) and not based on the host that directly communicates with him (might be a proxy server or a load balancer) ?
I have two Cas servers, each installed on a separate apache tomcat server with a load balancer in front (Amazon Elastic Load Balancer). The load balancer supports 'X-Forwarding-For' out of the box, so all I need is to make Cas use it. By the way, I'm using mod_cas_auth as a Cas client and Mysql as a db for the JPA ticket registration implementation. Another issue I might get into is driven from the fact that the Cas web app terminates the ssl and not the load balancer, in that case I doubt if the load balancer will actually update the 'X-Forwarding-For' field (it might remain encapsulated and 'untouched' within the encrypted header), what do you think? Thanks !! -- * Ronen Itkin* Taykey | www.taykey.com -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
