Thanks Perrin and Rob,
Let me summarise what I have gathered from the responses that you all have
provided also with my little knowledge about mod_perl/apache2
Instead of writing a PerlHandler and redirecting to a particular URL, we
should write a PerlAuthenHandler
e.g httpd.conf should be something like this.
<Location /privateUrl>
AuthType AuthCAS
AuthName CAS
PerlAuthenHandler AuthCAS->test_Method
Require valid-user
</Location>
inside the test_Method I need to do my customize authentication check (with
CAS) and update the remote_user variable(e.g $r->connection->user($user1))
and if success return the OK or else return AUTH_REQUIRED.
The application in /privateUrl is a Vendor application, is a complete black
box for us. As part of this integration(Casification) Vendor asked us to do
the authentication (CAS) and if success update the remote user env variable.
Apart from CAS server everything else running on same apache server.
Following are the further little doubts that we have also have given our
suggestion as well, pls do comment on that
1) As we dont use the apache basic authentication but our CAS
authentication. If the authentication is not successful how can we redirect
to the CAS login page.
My suggestion -> instead of returning the AUTH_REQUIRED redirect to
CAS URL with the service.
if this is wrong how to achieve this in a different way
2) As we dont use the basic authentication in apache in the above httpd.conf
entry what the values should we give for AuthType , AuthName in the above
Location declaration.
3) Pass addtional parameters to the handler
solution -> in the httpd.conf block pass it as
PerlSetVar CASHost "testCasServer"
PerlSetVar CASPort "8443"
Please let us know if futher things needs to be done to achieve our
objective
Thanks
Robert Landrum wrote:
>
> Perrin Harkins wrote:
>>> After successful authentication we need to pass the
>>> control to another application(which is running on the same apache
>>> server)
>>> which depend on the REMOTE_USER value which we set.
>>
>> That will work fine, as long as your auth handler runs in the same
>> request as the thing that wants to look at REMOTE_USER. If you do an
>> external redirect, that creates a totally separate request from the
>> client. You need to set your handler as the auth handler for the
>> location that you want to protect, not go the auth handler and then
>> redirect to the location.
>>
>
> I think what Perrin is saying is that you don't want your authentication
> handler to perform the location redirect. In fact, you don't want a
> location redirect at all. You want to return OK if the user is
> authenticated (i.e. the username and passsword are verified by the CAS
> service) and AUTH_REQUIRED otherwise. At least that's how it was in MP1
> and it's probably pretty much the same in MP2.
>
> Rob
>
>
--
View this message in context:
http://www.nabble.com/Lost-ENV-variable-value-.........-tf2956856.html#a8289722
Sent from the mod_perl - General mailing list archive at Nabble.com.
