Josh, There are some interesting "features" involving Apache and mod_dir (the one that implements DirectoryIndex). When I was developing, I ran into problems like this and this is what I believe is happening.
1. You request /private/ 2. mod_dir intercepts your request since it is for a directory and consults a list of things it will treat as Directory Indexes (in the order you specify them) 3. Mod_dir generates a subrequest from your original request and specifies a file(whatever your first DirectoryIndex is), and then sends your browser to it 4. Mod_auth_cas now takes effect (mod_dir has hooks before mod_auth_cas) and is given a resource, like /private/index.php 5. Mod_auth_cas performs the CAS redirect and authenticates you to that service, but that service may not exist (if your indexes are really HTL files, for instance) and you get a 404 Alternatively, what could be happening since you mention refresh is that your browser could be re-transmitting the old (used up) ticket in the query string. This will fail verification. Another issue could be how Firefox and IE handle cookies on responses like a 302 redirect. Have you had the opportunity to use something like Live HTTP Headers in conjunction with CASDebug to see what is going back and forth in the case of each browser? When using mod_cas by Yale I had to set the DirectoryIndex in each directory that I wanted people to be able to access using the /path/ notation to the proper name (e.g. "DirectoryIndex admin.php") -Phil -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kelley Sent: Thursday, August 02, 2007 12:12 PM To: [email protected] Subject: mod_auth_cas redirects to nonexistent DirectoryIndex? I'm having a very odd problem with mod_auth_cas... The first time I visit a CAS-protected web site (https://www/private/), it redirects me to the CAS login page, as expected, and then redirects me back, with a successful login. However, after having logged in and gotten a ticket, if I try to reload the web site or revisit it, it redirects me to the CAS serviceValidate page again (I thought that mod_auth_cas set a cookie to remove the need for this?) and passes a service of https://www/private/index.php, rather than using a service of https://www/private/ and letting Apache's DirectoryIndex directive figure out the rest. Even weirder is that only Firefox exhibits this behavior; Internet Explorer works fine. Any suggestions for tracking down this problem? Josh Kelley _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
