[EMAIL PROTECTED] wrote: > The biggest problem we have is with redirections that are being returned > to the browser.
Ok. > We use the Netegrity SiteMinder product to implement single sign on > for the entire web server park. The SiteMinder web agent that is plugged > into each web server assesses whether a user has already logged in > (cookies) and if not redirects back to the logon web server which > performs the logon process (with all sorts of fancy smart card > technology if needed). > > This means that SiteMinder returns a 30x reply with a Location header > that goes something like: > > Location: >http://loginserv.internal.bigacme.com?return=http://webserv.internal.bigacme.com The "return" paramter is yuck - this is what is making the wheels fall off. Currently the ProxyPassReverse directive fixes the URLs of headers which are themselves URLs, but it does not fix any parameters embedded in the URL itself (in your case, the "return" parameter). Does mod_rewrite not do header rewriting? Your second problem is that SiteMinder seems to be redirecting you to the internal name of the authentication website. As far as Apache is concerned, it only knows about the *current* website. If some other website you redirect to (in this case the auth site) is also behind a hidden URL, Apache has no way of knowing this is the case. Tell your SiteMinder agents that your login server can be found at http://login.bigacme.com/ (the external address of the login server, wherever that is). This will solve half your problem. Regards, Graham -- ----------------------------------------- [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..."
