Having two CAS clients (mod_auth_cas and phpCAS) in front of one URL is not going to work. Once mod_auth_cas has validated the service ticket from CAS (?ticket=foo), it will pass the call through with the ticket stripped off. phpCAS will then forward back to CAS for an ST, CAS will forward back to your URL with an ST, which will then be stripped off by mod_auth_cas, etc. If you want to use mod_auth_cas, you need to turn off phpCAS.
David Ohsie EMC Corporation ________________________________ From: Frank Burleigh [[email protected]] Sent: Tuesday, December 10, 2013 3:27 PM To: [email protected] Subject: [cas-user] Application Clients with mod_auth_cas? I've used mod_auth_cas (on Apache 2.2) to authenticate directories, and I've used phpCAS 1.3.2 to authenticate simple PHP applications. But now I'm wondering if an application that lives in a directory authorized by mod_auth_cas couldn't make use of the ticket (and session?) created by mod_auth_cas. As a simple test, I've password-protected a directory that holds a PHP script that itself uses phpCAS. The results aren't good: all browsers detect a loop between our institution's CAS server (protocol 1, I believe) and the app's site, bouncing back and forth, it seems. They says this might be caused by "3rd party cookies" being disabled, which is not my situation. Any guidance? Thanks very much. -- Frank Burleigh [email protected]<mailto:[email protected]> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
