Hi all, I have also refactored mod_cas to be Apache 2.2 compatible such that
* no authz code and so can mix and match different mod_authz modules. I have made it successful working with mod_authnz_ldap module. * refactor to use Apache and APR API where possible * dump mmap and use APR shared memory for ticket cache * parse CAS2 response using APR XML API But the code is still messy for public use. It sounds good to consolidate various efforts to make a better mod_auth_cas module. And I can contribute our code for review. Anyone would like to head it? -Ken On 11/8/06, Scott Battaglia <[EMAIL PROTECTED]> wrote: > If any of you guys are interested in working on this as a JA-SIG Client > module, let me know and we can use the JA-SIG CVS, etc. > > -Scott > > > On 11/7/06, Eric Faden <[EMAIL PROTECTED]> wrote: > > Getting pretty close. I got the module setup and installed. Configured > > a CA.crt, and then signed a key for tomcat. Set the mod_cas to trust > > the CA. When I go to the main url it redirects properly to the login > > page. Once I login I can checkout the catalina logs and see that it in > > fact granted the ticket, but fails to redirect back. The error I see in > > the apache logs is > > > > > > [Tue Nov 07 12:56:15 2006] [notice] in do_cas() > > [Tue Nov 07 12:56:15 2006] [notice] portstr: > > [Tue Nov 07 12:56:15 2006] [notice] 80 > > [Tue Nov 07 12:56:15 2006] [notice] \n > > [Tue Nov 07 12:56:15 2006] [notice] service = 'http://<The Site>'; > > ticket = 'ST-33-0lIrZmvHPo61fIDLAeCxcehb7peWo1KY4gA-20' > > [Tue Nov 07 12:56:15 2006] [notice] about to call CAS_validate() > > [Tue Nov 07 12:56:15 2006] [notice] CAS validation failed > > > > Thoughts? I am not sure exactly why it is failing validation. > > > > -Eric > > > > Smith, Matt wrote: > > > Eric- > > > I have been playing with the mod_cas-VATECH posted at > > > http://www.ja-sig.org/wiki/display/CAS/MOD_CAS with > Apache 2.2. I > > > haven't submitted a patch yet, but a simple replace of > > > "apr_group_name_get" with "apr_gid_name_get" in mod_cas.c line 1242 > > > makes it compile cleanly, and it seems to be working under 2.2 with no > > > problems for me. I have not rolled this out to production yet, so bugs > > > may still appear. Also note that with VA Tech's extensions, mod_cas is > > > configured with the CAS 2.0 Validation URL (/serviceValidate), instead > > > of the CAS 1.0 Validation URL (/validate). > > > > > > A simple extract of the tarball, the above mentioned change, and a > > > "apxs2 -i -c mod_cas.c ssl_client.c ezxml.c" should do the trick. > > > > > > HTH, > > > -Matt > > > > > > On Tue, 2006-11-07 at 09:53 -0500, Eric Faden wrote: > > > > > >> Hey all, > > >> > > >> I just got finished configuring cas-server to authenticate off of my > > >> LDAP server which works perfectly. I am using mod_jk to map the tomcat > > >> apps onto the main part of my server. It all works great, but now I > > >> actually need to use cas-server to protect some directories. I don't > > >> actually want to have to modify the pages in the directories, but do > > >> want them to be protected. I have looked at mod_cas and AuthCAS, but > > >> neither of which seem to work in apache2 (mod_perl2). I am in the > > >> process of attempting to hack together a sqlite3 version of AuthCAS > > >> which works in apache 2.2 with mod_perl 2, but was curious if someone > > >> was already working on something as I am positive other people have > > >> similar problems. Anyone? > > >> > > >> -Eric > > >> _______________________________________________ > > >> Yale CAS mailing list > > >> [email protected] > > >> http://tp.its.yale.edu/mailman/listinfo/cas > > >> > > >> > ------------------------------------------------------------------------ > > >> > > >> _______________________________________________ > > >> Yale CAS mailing list > > >> [email protected] > > >> http://tp.its.yale.edu/mailman/listinfo/cas > > >> > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
