-----Mensaje original----- De: André Warnier [mailto:a...@ice-sa.com] Enviado el: viernes, 25 de marzo de 2011 13:09 Para: Tomcat Users List Asunto: Re: reverse proxy with SSO using CAS.
Jorge Infante Osorio wrote: > I have an issue in reverse proxy with apache, tomcat and SSO using CAS. > > The problem is that my reverse proxy work just fine when I use an > Apache Server as the reverse proxy with two back-end tomcats. > > But when the I include SSO with CAS to authenticate the user with > access to the tomcat servers the internal redirections are missing to > the users that use the reverse proxy and I don´t know why. > Thanks, for reposting as a new message. I don't know CAS. I just read the Wikipedia entry right now. I just want to point out something to you, in case you would not know and in case it may help. If you use mod_jk as a proxying connector between Apache and Tomcat, and you set the "tomcatAuthentication=false" attribute on the AJP Connector in Tomcat, then Tomcat will accept the user authentication from Apache (which mod_jk forwards to Tomcat). This allows to do the user authentication at the front-end Apache level, and pass the user-id to the Tomcat back-end(s) easily. It may simplify your problem. It is possible that mod_proxy_ajp provides a similar capability, I don't know. There are plenty more possibilities for similar schemes, but my time is running out right now, because yes I am in my late afternoon mode, and I am taking a holiday starting tomorrow (in what increasingly looks like the wrong region to be right now). From what I read about CAS, it looks similar to another scheme named OpenId I think. I understood once how that works, but right now something eludes me in the redirections schema. I'll think about it next week on the beach. But a question : in your CAS scheme, which is/are the server(s) which need to talk to the CAS server ? When I try to access any tomcat server I'm redirected to the CAS server, I authenticate in CAS and then I´m forward to the server that made the call. So if I want to authenticate to App1, this App1 redirect me to CAS, I authenticate in CAS and then forward me again to App1. Jorge. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
