I have a similare configuration and it works.
- The first thing to check is about the "AuthType CAS" directive. I
didn't found it in your config ...
- The second thing is about the "DocumentRoot" directive, I don't
understand why you need it as the vhost is RProxified.
On my server I have something like that :
<VirtualHost *:80>
ServerName pwiki
CustomLog plmwiki/logs/access_log common
ErrorLog plmwiki/logs/error_log
<Proxy *>
AddDefaultCharset Off
Order deny,allow
Allow from all
</Proxy>
<Location />
AuthType CAS
AuthName "espace securise"
AuthGroupFile /myapphome/etc/group
Require group mygroup
CASAuthNHeader REMOTE_USER
ProxyPass / http://rwiki.company.com/
ProxyPassReverse / http://rwiki.company.com/
</Location>
</VirtualHost>
Hope that helps.
regards,
Stéphane GULLY
http://www.zeitoun.net
On Mon, Jun 9, 2008 at 3:50 PM, Chris <[EMAIL PROTECTED]> wrote:
> Hi,
> Mis-typing :) The mod_auth_cas is on http://rwiki.company.com and the
> reverse-proxy is set for http://pwiki. The CAS URL
> https://cas-rd.company.com/cas/login;jsessionid=4FC9DA45BB577437028F17?service=http%3a%2f%2frwiki.company.com%2f
>
> I've tried 'UseCanonicalName On' on the vhost; but it didn't changed the
> behavior.
>
> I've also moved the mod_cas.so include before the mod_proxy.so. This
> hasn't fix the problem too. I'm still redirected to the real websire
> rdwiki.company.com and not the proxy URL http://pwiki
>
> Hope this helps.
>
> Chris
>
>
> Matt Smith a écrit :
>> Hi Chris-
>> Is mod_auth_cas configured on "pwiki", or on "rwiki.company.com"? Your
>> example service parameter looks funny, showing "http://r.company.com"; --
>> does this refer to "rwiki.company.com"?
>>
>> Guessing that m-a-c is configured on pwiki, can you try adding
>> "|UseCanonicalName On" to your vhost? That will cause Apache to
>> identify itself internally using the name supplied in "ServerName",
>> overriding the default which obtains the server name from the
>> client-supplied headers.
>>
>> One other thing to try -- can you reverse the order that mod_auth_cas
>> and mod_proxy are loaded? It's possible that mod_proxy is rewriting the
>> Location header to the destination before CAS can retrieve the server
>> name. Alternatively, perhaps ProxyPreserveHost could work, but I'm not
>> sure of the implications to your destination server.
>>
>> Please let us know if any of that helps,
>> -Matt
>>
>> |Chris wrote:
>>> Hi all,
>>>
>>> I'm trying to configure an apache 2.2 reverse proxy with mod_auth_cas.
>>>
>>> My website config (virtual host) is:
>>>
>>> <VirtualHost *:80>
>>> ServerName pwiki
>>> DocumentRoot /home/httpd/pwiki
>>> CustomLog plmwiki/logs/access_log common
>>> ErrorLog plmwiki/logs/error_log
>>>
>>> ProxyRequests Off
>>> ProxyPass / http://rwiki.company.com/
>>> ProxyPassReverse / http://rwiki.company.com/
>>> </VirtualHost>
>>>
>>> <Directory /home/httpd/pwiki>
>>> Options FollowSymLinks ExecCGI
>>> AllowOverride All
>>> order allow,deny
>>> allow from all
>>> </Directory>
>>>
>>> and mod_auth_cas was configured like this:
>>>
>>> # JASIG MOD_AUTH_CAS MODULE
>>> LoadModule auth_cas_module modules/mod_auth_cas.so
>>>
>>> <IfModule mod_auth_cas.c>
>>> CASDebug On
>>> CASCookiePath /tmp/
>>> CASLoginURL https://cas-rd.company.com/cas/
>>> CASValidateURL https://cas-rd.company.com/cas/serviceValidate
>>> CASCertificatePath /etc/pki/tls/certs/casserver.crt
>>> CASValidateServer on
>>> </IfModule>
>>>
>>> When I try to login into http://pwiki, I am redirected to
>>> https://cas-rd.company.com/cas/ with
>>> service=service=http%3a%2f%2fr.company.com%2f and not http://pwiki
>>>
>>> Anything wrong with the config? I didn't found any configuration por CAS
>>> caching/proxy in http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas.
>>>
>>> Maybe mod_auth_cas does not supports proxy CAS ? If so, any news when
>>> this would be available? Any workaround if so?
>>>
>>> Best,
>>>
>>> Chris
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
