Thanks a lot Matt. In between we put a workaround in place and now able to see CASAuthNHeader field is getting populated. Workaround: In AbstractPersonDirectoryCredentialsToPrincipalResolver: resolvePrincipal method we overwrote uid with principalId. Once this is done, we are getting mod_auth_cas parameter populated as expected.
*Apache Web Server version: 2.2* Please find below configuration in apache2.conf. Please advise if you see something significantly wrong. Secondly we are struggling to define multiple unprotected URL’s. We use CASGateway with some of the URL/folder but as we have multiple applications to be protected by CAS, we are unable to define URL’s for multiple applications. We advise on recommended approach. # CAS Configurations CASCookiePath /etc/apache2/cas/ CASVersion 2 CASDebug on CASValidateServer Off CASAllowWildcardCert Off CASTimeout 86400 CASIdleTimeout 7200 <VirtualHost *:443> SSLEngine On SSLProxyEngine On CASCookieDomain "fwcms.com.my" ServerName "fwcms.com.my" ServerAlias "fwcms.com.my" SSLCertificateFile /etc/apache2/ssl/public.crt SSLCertificateKeyFile /etc/apache2/ssl/new-digitss.key SSLCertificateChainFile /etc/apache2/ssl/interim.crt LogLevel debug # Validate the authenticity of the login.goshen.edu SSL certificate by # checking its chain of authority from the root CA. CASCertificatePath /etc/apache2/ssl/castomcat-cert.crt SSLProxyMachineCertificateFile /etc/apache2/ssl/castomcat-cert.crt CASValidateDepth 9 CASLoginURL "https://10.16.11.224:8443/login"; CASValidateURL "https://10.16.11.224:8443/serviceValidate"; #CASValidateURL "https://10.16.11.252:8443/cas/samlValidate"; #ProxyPass http://10.18.1.193:8080/cdc #ProxyPass /cdc ajp://10.18.1.193:8009/cdc ProxyPreserveHost On ProxyVia On ProxyPassReverseCookiePath /etc/apache2/cas/ /etc/apache2/cas/ ProxyPassReverseCookieDomain fwcms.com.my fwcms.com.my #RewriteEngine on #RewriteCond %{HTTPS} ^off$ #RewriteRule ^/cdc/?(.*) https://10.18.1.196:8443/cdc/$1 [L,R] ProxyPass /cdc https://10.16.11.236:8443/cdc ProxyPassReverse /cdc https://10.16.11.236:8443/cdc ProxyPass /tc https://10.16.11.236:8443/tc ProxyPassReverse /tc https://10.16.11.236:8443/tc #ProxyPass /iam ajp://10.18.1.196:8443/iam #ProxyPassReverse /iam ajp://10.18.1.196:8443/iam #ProxyPass /cdc https://10.18.1.196:8443/cdc #ProxyPassReverse /cdc https://10.18.1.196:8443/cdc <Location / > Order deny,allow Deny from all AuthType CAS CASAuthNHeader userName CASGateway /cdc/forgotPassword.do CASScope / AuthName "Bestinet CAS" Require valid-user Satisfy Any </Location> </VirtualHost> On Mon, Oct 28, 2013 at 1:01 AM, Matt Smith-21 [via Jasig] < [email protected]> wrote: > Narayan, > > Could you share your Apache httpd.conf, or at least the portions showing > the vhost, proxy, and CAS configurations? > > Could you also please supply the Apache version? > > Also, when using mod_auth_cas with mod_jk or proxy_ajp to Tomcat, please > make sure to set the "tomcatAuthentcation='false'" attribute on the AJP > connector in your server.xml . This should allow "request.getRemoteUser()" > to work correctly. > > -Matt > > > > > On Wed, Oct 23, 2013 at 12:46 PM, nmahtolia <[hidden > email]<http://user/SendEmail.jtp?type=node&node=4661039&i=0> > > wrote: > >> Hi All, >> >> I’m evaluating CAS for single sign on solution using CAS-Server-3.5.2 and >> mod_auth_cas v1.0.9.1 Apache module. I’ve Apache Web Server, CAS Server in >> tomcat and various Applications in JBoss. I've limited option to use CAS >> Java client to avoid additional calls in between application server and >> CAS >> server. >> >> Issue I’m facing is, after successful authentication I don’t get username >> in >> application. I did following: >> 1) In mod_auth_cas, I have directive: CASAuthNHeader on >> 2) I also see Cookie getting persist in folder specified via >> directive: CASCookiePath >> 3) Trying to access username as below: >> a. request.getHeader("on") . Also tried various other >> options, >> such as request.getHeader("REMOTE_USER")/ >> request.getParameter("REMOTE_USER") and few other approach but none >> returned >> expected username and it is null. >> >> Request to please give some pointer, what might be wrong causing this >> issue? >> >> Thanks & Regards, >> Narayan >> >> >> >> >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/Issue-getting-username-in-Http-Headers-tp4661000.html >> Sent from the CAS Developers mailing list archive at Nabble.com. >> >> -- >> >> You are currently subscribed to [hidden >> email]<http://user/SendEmail.jtp?type=node&node=4661039&i=1>as: [hidden >> email] <http://user/SendEmail.jtp?type=node&node=4661039&i=2> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > > > -- > [hidden email] <http://user/SendEmail.jtp?type=node&node=4661039&i=3> > PGP: E2144AD8 > > -- > > You are currently subscribed to [hidden email] > <http://user/SendEmail.jtp?type=node&node=4661039&i=4> as: [hidden email] > <http://user/SendEmail.jtp?type=node&node=4661039&i=5> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > ------------------------------ > If you reply to this email, your message will be added to the discussion > below: > > http://jasig.275507.n4.nabble.com/Issue-getting-username-in-Http-Headers-tp4661000p4661039.html > To unsubscribe from Issue getting username in Http Headers, click > here<http://jasig.275507.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4661000&code=bWFodG9saWFzaW5jQGdtYWlsLmNvbXw0NjYxMDAwfDg1NTAyMjk4Nw==> > . > NAML<http://jasig.275507.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://jasig.275507.n4.nabble.com/Issue-getting-username-in-Http-Headers-tp4661000p4661040.html Sent from the CAS Developers mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
