Landing Page using Gateway with mod_auth_cas

[Travis Schmidt]

I have been trying to come up with a way to configure a landing page for an app that uses gateway to determine if the user is logged in or not with Apache 2.4 and mod_auth_cas.  I thought at first just doing something like 

Require valid-user

Require all granted 

would do the trick, but the RequireAny is evaluated before authentication is called which means mod_auth_cas is never executed in that case.  The best I could come up with is something like this: 

<Location /GatewayApp/>

    AuthType CAS

    AuthName "Authentication via CAS"

    CASScope /GatewayApp/

    CASSecureCookie CAS_GATEWAY_S

    CASGateway /GatewayApp/

    Require valid-user

    <If "%{QUERY_STRING} =~ /.*ticket.*/">

       require valid-user

    </If>

    <ElseIf "%{HTTP_COOKIE} == 'MOD_CAS_G=TRUE'">

       Require all granted

    </ElseIf>

</Location>

Anyone else have or know of a better way to do this?

Travis

[David Hawes]

I can't think of a better way to do this, but I admittedly haven't
played around with the gateway stuff too much.

I'll have to think if there's a way to make this work a little more
seamlessly in Apache 2.4, which seems to be a little more strict about
setting a user during auth (which is something mod_auth_cas explicitly
does not do).

Here's the comment in the 2.4 code:

if (r->user == NULL) {
/* don't let buggy authn module crash us in authz */

:)