m-a-c will use the servicename as supplied by the server it is installed on, not the URL it receives from the end user. There is a security issue with doing otherwise - see http://www.ja-sig.org/wiki/display/CASC/CASFilter.
If you want m-a-c to redirect using pwiki as the service name, I think you'll need to do one of the following: * Configure m-a-c on pwiki, not on rwiki, and negotiate a trusted connection between pwiki and rwiki, or * Configure Apache on rwiki to use "pwiki" as the ServerName ( rwiki can still be a ServerAlias) HTH, -Matt On Mon, Jun 9, 2008 at 9:50 AM, Chris <[EMAIL PROTECTED]> wrote: > Hi, > Mis-typing :) The mod_auth_cas is on http://rwiki.company.com and the > reverse-proxy is set for http://pwiki. The CAS URL > https://cas-rd.company.com/cas/login;jsessionid=4FC9DA45BB577437028F17?service=http%3a%2f%2frwiki.company.com%2f > > I've tried 'UseCanonicalName On' on the vhost; but it didn't changed the > behavior. > > I've also moved the mod_cas.so include before the mod_proxy.so. This > hasn't fix the problem too. I'm still redirected to the real websire > rdwiki.company.com and not the proxy URL http://pwiki > > Hope this helps. > > Chris > > > Matt Smith a écrit : >> Hi Chris- >> Is mod_auth_cas configured on "pwiki", or on "rwiki.company.com"? Your >> example service parameter looks funny, showing "http://r.company.com"; -- >> does this refer to "rwiki.company.com"? >> >> Guessing that m-a-c is configured on pwiki, can you try adding >> "|UseCanonicalName On" to your vhost? That will cause Apache to >> identify itself internally using the name supplied in "ServerName", >> overriding the default which obtains the server name from the >> client-supplied headers. >> >> One other thing to try -- can you reverse the order that mod_auth_cas >> and mod_proxy are loaded? It's possible that mod_proxy is rewriting the >> Location header to the destination before CAS can retrieve the server >> name. Alternatively, perhaps ProxyPreserveHost could work, but I'm not >> sure of the implications to your destination server. >> >> Please let us know if any of that helps, >> -Matt >> >> |Chris wrote: >>> Hi all, >>> >>> I'm trying to configure an apache 2.2 reverse proxy with mod_auth_cas. >>> >>> My website config (virtual host) is: >>> >>> <VirtualHost *:80> >>> ServerName pwiki >>> DocumentRoot /home/httpd/pwiki >>> CustomLog plmwiki/logs/access_log common >>> ErrorLog plmwiki/logs/error_log >>> >>> ProxyRequests Off >>> ProxyPass / http://rwiki.company.com/ >>> ProxyPassReverse / http://rwiki.company.com/ >>> </VirtualHost> >>> >>> <Directory /home/httpd/pwiki> >>> Options FollowSymLinks ExecCGI >>> AllowOverride All >>> order allow,deny >>> allow from all >>> </Directory> >>> >>> and mod_auth_cas was configured like this: >>> >>> # JASIG MOD_AUTH_CAS MODULE >>> LoadModule auth_cas_module modules/mod_auth_cas.so >>> >>> <IfModule mod_auth_cas.c> >>> CASDebug On >>> CASCookiePath /tmp/ >>> CASLoginURL https://cas-rd.company.com/cas/ >>> CASValidateURL https://cas-rd.company.com/cas/serviceValidate >>> CASCertificatePath /etc/pki/tls/certs/casserver.crt >>> CASValidateServer on >>> </IfModule> >>> >>> When I try to login into http://pwiki, I am redirected to >>> https://cas-rd.company.com/cas/ with >>> service=service=http%3a%2f%2fr.company.com%2f and not http://pwiki >>> >>> Anything wrong with the config? I didn't found any configuration por CAS >>> caching/proxy in http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas. >>> >>> Maybe mod_auth_cas does not supports proxy CAS ? If so, any news when >>> this would be available? Any workaround if so? >>> >>> Best, >>> >>> Chris > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- [EMAIL PROTECTED] Key ID:D6EEC5B5 _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
