You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by joon yang <jo...@yahoo.com> on 2004/07/22 15:56:44 UTC

[users@httpd] Troubleshooting a custom module MOD_CAS

Hi folks,

I'm trying to implement a sing sign on solution
between Tomcat and Apache so I can deliver static
contents from Apache and dynamic contents from Tomcat
without requiring to users to log in twice.  Our user
info is in an LDAP server.

I've found an opensource SSO stuff from yale.edu,
called CAS (Central Authentication System)  It uses
ticket based authentication scheme to provide the SSO
functionality.  The CAS server (java servlet) issues
and validates tickets.  CAS Client (one for apache and
one for tomcat) checks all requests for ticket and
validate by forwarding to CAS Server.

Now, I got it almost working, but running into the
following problems and wanted to get some opinions.

1. Are there better/more widely accepted/easier way to
implement a single sign on between Apache and Tomcat?

2. The authenticated pages come back fine, but if it
has any embedded url, these contents don't show.  I've
played with it's formats to see if direct url vs.
relative url would make a difference and it didn't. 
The url's themselves work fine on its own.

3.  The Apache log shows that the embeded url
initiated another login request as if it didn't have
the needed tickets, but the browser and the request
ends in result code 200, OK.  However, the login
screen does not show up in the browser.  Where should
I look first?

Thanks for any input you can provide and I apologize
for the long e-mail.

JoOn


	
		
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Troubleshooting a custom module MOD_CAS

Posted by joon yang <jo...@yahoo.com>.

Just for the record.

This was caused by "My evil twin" forgetting to turn
on ticket caching mechanism in the MOD_CAS.  I had
originally turned it off to simplify my efforts in
converting to Win32 code.  After I got all the rest
working, I forgot to go back and tackle that piece. 
After turning on the cache, it worked.

Thanks

JoOn

--- joon yang <jo...@yahoo.com> wrote:
> Hi folks,
> 
> I'm trying to implement a sing sign on solution
> between Tomcat and Apache so I can deliver static
> contents from Apache and dynamic contents from
> Tomcat
> without requiring to users to log in twice.  Our
> user
> info is in an LDAP server.
> 
> I've found an opensource SSO stuff from yale.edu,
> called CAS (Central Authentication System)  It uses
> ticket based authentication scheme to provide the
> SSO
> functionality.  The CAS server (java servlet) issues
> and validates tickets.  CAS Client (one for apache
> and
> one for tomcat) checks all requests for ticket and
> validate by forwarding to CAS Server.
> 
> Now, I got it almost working, but running into the
> following problems and wanted to get some opinions.
> 
> 1. Are there better/more widely accepted/easier way
> to
> implement a single sign on between Apache and
> Tomcat?
> 
> 2. The authenticated pages come back fine, but if it
> has any embedded url, these contents don't show. 
> I've
> played with it's formats to see if direct url vs.
> relative url would make a difference and it didn't. 
> The url's themselves work fine on its own.
> 
> 3.  The Apache log shows that the embeded url
> initiated another login request as if it didn't have
> the needed tickets, but the browser and the request
> ends in result code 200, OK.  However, the login
> screen does not show up in the browser.  Where
> should
> I look first?
> 
> Thanks for any input you can provide and I apologize
> for the long e-mail.
> 
> JoOn
> 
> 
> 	
> 		
> __________________________________
> Do you Yahoo!?
> Vote for the stars of Yahoo!'s next ad campaign!
>
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
> 
>
---------------------------------------------------------------------
> The official User-To-User support forum of the
> Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for
> more info.
> To unsubscribe, e-mail:
> users-unsubscribe@httpd.apache.org
>    "   from the digest:
> users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail:
> users-help@httpd.apache.org
> 
> 



		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org