>From sources here : https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php
I suppose the CAS client is automatically configured to take the protocol and url from the http request header. If so, the proxified local protocol is used. the function _isHttps() seems to be called to build the service URL. I think you should add the header HTTP_X_FORWARDED_PROTO = HTTPS in your proxy configuration. It should do the trick. 2013/11/4 Michael EDLICH <[email protected]> > Hi Maxime, > > I've looked for an error twice after your aswer, but I dont find anythings. > > *The version of PhpCas is 1.3.2**.* > > The problem can be the version oh phpCAS ? > > *This is an example of app :* > ---------------- > include_once($CASlib); // Your version of php_cas > // initialize phpCAS > phpCAS::client(SAML_VERSION_1_1,$CASurl,$CASport,'cas'); // > IP_FQDN_cas_server, protocol : 80 or 443, folder ex. : cas > // no SSL validation for the CAS server > phpCAS::setNoCasServerValidation(); > > phpCAS::forceAuthentication(); > > // Get the username with SSO CAS > $username = phpCAS::getUser(); > > ......... > ---------------- > > *This is the configuration of the reverse proxy (apache) :* > > ---------------- > > <VirtualHost *:443> > ProxyRequests off > > ProxyPass /app http://URL.LAN/app > ProxyPassReverse /app http://URL.LAN/app > > ProxyPass /cas http://URL.LAN:8080/cas > ProxyPassReverse /cas http://URL.LAN:8080/cas > > SSLEngine on > > ...... > > > ---------------- > > > > > > > > > > > > > Le 04/11/2013 11:17, Maxime BOSSARD a écrit : > > Hello, > > If your second URL is correct, the client call the cas login with the > service URL : http%3A%2F%2FURL%2Fapp%2F wich is not secured. > > I think your problem reside in the CAS client configuration. You should > provide the secured service URL in it instead of the http one. > > > 2013/11/4 Michael EDLICH <[email protected]> > >> Hi all ! >> >> I have a CAS server that works. However, despite the request of an >> application via https, the CAS server, after authentication, referring >> to the no-secure url (http). >> >> Ex: client ask for https://URL/app >> url redirected to : >> https://URL/cas/login?service=http%3A%2F%2FURL%2Fapp%2F >> the url after authentification : http://URL/app >> >> The server and applications (LAN) are behind a reverse proxy. >> The lan network is all HTTP. >> Only the reverse proxy is https to secure all transactions with clients. >> >> It's been two days since I'm stuck on this problem, please ... HELP ! >> >> Michael. >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > -- > Cordialement, Maxime BOSSARD. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Cordialement, Maxime BOSSARD. 06 89 51 04 12 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
