mod_auth_cas and secure content

25 views

Skip to first unread message

Tom Barber

unread,

Sep 29, 2016, 8:27:28 AM9/29/16

to cas-...@apereo.org

Hi folks I have the following setup in a vhost:


        <Location "/">
            AuthType CAS
            AuthName "Restricted Content"
            Require valid-user
            SetEnvIf Request_URI ^/jenkins noauth=1
            SetEnvIf Request_URI ^/cas noauth=1
            order deny,allow
            deny from all
            Satisfy Any
            Allow from env=noauth
        </Location>

        CASCookiePath /var/cache/apache2/mod_auth_cas/
        CASLoginURL https://REPLACEME2/cas/login
        CASValidateURL http://REPLACEME2:8080/cas/validate
        CASRootProxiedAs https://REPLACEME2
        CASAllowWildcardCert on
        CASVersion 1
        CASDebug on
        LogLevel debug

When users land its fine they get an ticket and login, after a while or, for example post CAS restart, they continue to get accessed pages from cache, but secure content like

ajax calls, css or requests to other http resources are met behind the scenes with a login page as a CSS file etc, and don't get a full page redirect to re-authenticate.

Anyone got any smart ideas?

Thanks

Tom

Reply all

Reply to author

Forward

0 new messages