Perhaps this may help: http://www.sfu.ca/acs/cas/Install_SFU_mod_cas.html
Also, may be, use cas-on-tomcat behind apache HTTP server via mod_jk or mod_proxy. Here are a couple of tips: http://tp.its.yale.edu/confluence/display/TP/Configuring+mod_jk+and+mod_ jk2 http://tp.its.yale.edu/confluence/display/TP/Configuring+Apache+to+front +Tomcat The above references gloss over SSL, which seems to be the key hurdle. Perhaps Andrew can enlighten us all as to the best practices if we are to use tomcat behind Apache (which in my opinion is the way to go...right? As opposed to mod_cas? Or am *I* missing something?! Sorry did not mean to hijack this thread...). Specifically, CAS dogma seems to be have the SSL certificate within the cas server JVM. But what if SSL is to be handled by the Apache *HTTP* Server (by company policy) rather than Apache *Tomcat*? I am simply unable to get my head around this...any guidance on using CAS server deployed in tomcat with SSL being handled by the Apache HTTP server? The versions in question are Tomcat 5.5.x and Apache 2.0.x. Obviously, having SSL certificates in tomcat JVM trust-store is now moot since the tomcat instances, including the one hosting the CAS server itself, are behind the fire-wall. Right? Using the virtualhost tags in Apache config we can presumably ensure that no one can get to CAS without A) going through Apache and B) using SSL. Am I even thinking this through right? Right now, struggling with getting SSL going in Apache HTTP. Specifically, after jk-mounting using the above wiki, I am unable to get into https://host/cas while being able to do http://host/cas (proving that JK-mount works). -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Brondsema Sent: Tuesday, May 22, 2007 6:31 AM To: Yale CAS mailing list Subject: Re: Apache::AuthCAS vs mod_cas Andrew R Feller wrote: > While evaluating the available CAS clients > <http://www.ja-sig.org/products/cas/downloads/index.html> to hook into > Apache, the CAS downloads show the Apache::AuthCAS Perl module > <http://search.cpan.org/~dcastro/Apache-AuthCAS-0.4/lib/Apache/AuthCAS.p m>. > After looking around for information, I also noticed the use of an > Apache CAS module (mod_cas) that appears to come with the source from > Yale's CAS client > <http://www.ja-sig.org/downloads/cas-clients/cas-client-java-2.1.1.tar.g z>. > Can anyone provide a case to use one over the other? > I am interested in this also. mod_cas at http://mod-cas.sourceforge.net/ doesn't have complete documentation and neither have had a release for over two years (?!). It seems that Apache::AuthCAS requires mod_perl and mod_cas wouldn't. There really should be nice, up-to-date way to CASify an application at the webserver level. Is there something I'm missing? -- Dave Brondsema Software Developer Cornerstone University _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
