Srikar,
Mod_auth_cas sets the Apache server's REMOTE_USER variable.  I believe some 
connectors require a special flag be passed so that they accept the value that 
is given to it by Apache.  I found this example for mod_jk:

<Connector port="8009" enableLookups="false" redirectPort="8443" 
protocol="AJP/1.3"
    tomcatAuthentication="false"/>

The key piece is the 'tomcatAuthentication=false' - some documentation on that 
is available here:

>From http://tomcat.apache.org/tomcat-3.3-doc/tomcat-ug.html#conf_svr_cust :
...
3. Configure whether Tomcat or a web server does authentication
When Tomcat is used with a web server, such as Apache, the default is to have 
Tomcat continue to handle authentication. Any authenticated user specified in 
the request forwarded from the web server to Tomcat will be ignored.

If you want Tomcat to make use of the authenticated user provided by the web 
server, add:
    tomcatAuthentication="false"
to the Ajp12Connector or Ajp13Connector as appropriate. For example:
    <Ajp13Connector port="8009" tomcatAuthentication="false" />
...


Hope this helps,

-Phil


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Srikar Kummamuri
Sent: Wednesday, January 09, 2008 3:20 PM
To: [email protected]
Subject: mod_auth_cas - Getting Remote User

I implemented the MOD_CAUTH_CAS and it works as expected. One question is, once 
the authentication is done and apache forwarding the request to another app 
server on URL matching, how do I get the remote user there? Is the 
request.getRemoteUser()   gets me the CAS user??  

I have multiple App Servers on which I only do Authorization taking the user 
form the request since each request coming from apache (Mod_Auth_Cas now and 
earlier Oracle SSO) is already authenticated. So no CAS clients on App Servers. 
 So I need to fetch the user form the request. Can somebody help in this regard?

Thanks
Srikar. 


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to