Srikar,
Mod_auth_cas sets the Apache server's REMOTE_USER variable. I believe some
connectors require a special flag be passed so that they accept the value that
is given to it by Apache. I found this example for mod_jk:
<Connector port="8009" enableLookups="false" redirectPort="8443"
protocol="AJP/1.3"
tomcatAuthentication="false"/>
The key piece is the 'tomcatAuthentication=false' - some documentation on that
is available here:
>From http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ug.html#conf_svr_cust :
...
3. Configure whether Tomcat or a web server does authentication
When Tomcat is used with a web server, such as Apache, the default is to have
Tomcat continue to handle authentication. Any authenticated user specified in
the request forwarded from the web server to Tomcat will be ignored.
If you want Tomcat to make use of the authenticated user provided by the web
server, add:
tomcatAuthentication="false"
to the Ajp12Connector or Ajp13Connector as appropriate. For example:
<Ajp13Connector port="8009" tomcatAuthentication="false" />
...
Hope this helps,
-Phil
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Srikar Kummamuri
Sent: Wednesday, January 09, 2008 3:20 PM
To: [email protected]
Subject: mod_auth_cas - Getting Remote User
I implemented the MOD_CAUTH_CAS and it works as expected. One question is, once
the authentication is done and apache forwarding the request to another app
server on URL matching, how do I get the remote user there? Is the
request.getRemoteUser() gets me the CAS user??
I have multiple App Servers on which I only do Authorization taking the user
form the request since each request coming from apache (Mod_Auth_Cas now and
earlier Oracle SSO) is already authenticated. So no CAS clients on App Servers.
So I need to fetch the user form the request. Can somebody help in this regard?
Thanks
Srikar.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
