Oddity with mod_cas and redirects to https

Tue, 14 Aug 2007 08:29:01 -0700 

I'm seeing something really odd today.

We have a server that hosts multiple domains. For some of those domains
all traffic is redirected to https. For others, it is not. This all
works well in practice. However, I want to add CAS authentication to a
particular domain so that that data will be protected behind a common
auth. This is where it gets odd.

In the httpd.conf file we have rewrite rules like below:

     RewriteCond %{HTTPS} !=on
     RewriteCond %{HTTP_HOST} !=a.scranton.edu
     RewriteCond %{HTTP_HOST} !=b.scranton.edu
     RewriteCond %{HTTP_HOST} !=c.scranton.edu
     RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

So, anything coming to this host that isn't a, b, or c, get's all
traffic rewritten to the https side.

In the virtual host config for c.scranton.edu we have the following just
to ensure it isn't getting rewritten:
     RewriteCond %{HTTPS} !=on
     RewriteCond %{HTTP_HOST} !=.scranton.edu
     RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
     RewriteRule ^/(.*) - [PT]

In the rewrite logs, I see the urls getting passed through and not
rewritten.

Now, if I turn on CAS auth on the cgi-bin directory for c.scranton.edu
using the following it gets wierd:
     <Location /location/>
         AuthType CAS
         AuthName "CAS"
         require valid-user
     </Location>

The rewrite logs show the urls as being passed through as before,
however, on the CAS server, the service is being advertised as
https://c.scranton.edu/location/. This causes an issue since the cert
does not match the domain name for c.scranton.edu and throws a popup.

Now, we have never seen this issue before because all of the sites we
are protecting with apache/mod_cas are actually running https. So, it is
entirely possible that it is being masked.

Has anyone else seen this behavior? We are running apache 2.0.52 on RHEL
4, with a mod_cas from the Case Western SVN modified to allow larger
usernames.

Dallas
-- 
Dallas Wisehaupt                            Senior Systems Administrator
[EMAIL PROTECTED]               The University of Scranton
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to