Hi Chris- Is mod_auth_cas configured on "pwiki", or on "rwiki.company.com"? Your example service parameter looks funny, showing "http://r.company.com" -- does this refer to "rwiki.company.com"? Guessing that m-a-c is configured on pwiki, can you try adding "|UseCanonicalName On" to your vhost? That will cause Apache to identify itself internally using the name supplied in "ServerName", overriding the default which obtains the server name from the client-supplied headers.
One other thing to try -- can you reverse the order that mod_auth_cas and mod_proxy are loaded? It's possible that mod_proxy is rewriting the Location header to the destination before CAS can retrieve the server name. Alternatively, perhaps ProxyPreserveHost could work, but I'm not sure of the implications to your destination server. Please let us know if any of that helps, -Matt |Chris wrote: > Hi all, > > I'm trying to configure an apache 2.2 reverse proxy with mod_auth_cas. > > My website config (virtual host) is: > > <VirtualHost *:80> > ServerName pwiki > DocumentRoot /home/httpd/pwiki > CustomLog plmwiki/logs/access_log common > ErrorLog plmwiki/logs/error_log > > ProxyRequests Off > ProxyPass / http://rwiki.company.com/ > ProxyPassReverse / http://rwiki.company.com/ > </VirtualHost> > > <Directory /home/httpd/pwiki> > Options FollowSymLinks ExecCGI > AllowOverride All > order allow,deny > allow from all > </Directory> > > and mod_auth_cas was configured like this: > > # JASIG MOD_AUTH_CAS MODULE > LoadModule auth_cas_module modules/mod_auth_cas.so > > <IfModule mod_auth_cas.c> > CASDebug On > CASCookiePath /tmp/ > CASLoginURL https://cas-rd.company.com/cas/ > CASValidateURL https://cas-rd.company.com/cas/serviceValidate > CASCertificatePath /etc/pki/tls/certs/casserver.crt > CASValidateServer on > </IfModule> > > When I try to login into http://pwiki, I am redirected to > https://cas-rd.company.com/cas/ with > service=service=http%3a%2f%2fr.company.com%2f and not http://pwiki > > Anything wrong with the config? I didn't found any configuration por CAS > caching/proxy in http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas. > > Maybe mod_auth_cas does not supports proxy CAS ? If so, any news when > this would be available? Any workaround if so? > > Best, > > Chris > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
