So, where I work we have a CAS server we like to use. We like to use it with mod_auth_cas. So far, so good - RemoteUserMiddleware is my friend. The problem here is that REMOTE_USER will not be set unless the URI is protected by CAS, and if the URI is protected by CAS, then the user will be redirected right away. This is fine for admin URLs, but I want the CAS cookie to be validated/checked only on some URLs, without redirect. So, REMOTE_USER should be set only if the cookie is present and valid.
Does anyone have any suggestions, either how I should change mod_auth_cas or my Apache directives to support this, or how I should change my use of RemoteUserMiddleware to allow this.
Thanks,
-Dan