[users@httpd] mod_rewrite redirect to login page

Mon, 03 Mar 2014 14:41:32 -0800 

Hello, 
 
I'm attempting to set up a site with a mixture of mod_auth_kerb and an in house 
mod_perl2 auth handler we wrot. Basically what I need to do is when you hit the 
root of the site if "REMOTE_USER" isn't populated and you're on the LAN 
redirect to a page under mod_auth_kerb that sets a ticket and if you're outside 
our LAN redirect to a page where our users can manually log in. My rewrite rule 
never seems to see "REMOTE_USER" as populated even though I'm using 
"LA-U:REMOTE_USER" so the rewrite rule keeps kicking in and redirecting over to 
the mod_auth_kerb page which redirects back to Apache. I've searched google and 
the lists here and I can't seem to solve the problem. Here's my current 
configuration: 
 
   <Location /kltest>
          AuthType Site::SSO
          AuthName sso
          PerlAuthenHandler  Site::SSO->authenticate
          PerlAuthzHandler   Site::SSO->authorize
          require valid-user
   </Location>
 
   RewriteEngine On
   RewriteLog /var/log/apache2/rewrite.log
   RewriteLogLevel 5
 
   # Redirect to pass through authentication if internal
   #
   RewriteCond %{REMOTE_ADDR} ^10\..*$
   RewriteCond %{LA-U:REMOTE_USER} !(.+)
   RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/signauto/in [NS]
 
   # Redirect to manual authentication if external
   #
   RewriteCond %{LA-U:REMOTE_USER} !(.+)
   RewriteCond %{REMOTE_ADDR}     !^10\..*$
   RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/sign/in [NS]
 
 
"Site::SSO" is our in house Apache2::AuthCookie auth handler, the ticket for 
this is set once you authenticate to one of the pages on "sso.lhsc.on.ca" and 
"REMOTE_USER" is set if I remove the rewrite rules but mod_rewrite never sees 
anything in "REMOTE_USER". What am I missing? 
 
Thanks, 
Keith.

 
--------------------------------------------------------------------------------
This information is directed in confidence solely to the person named above and 
may contain confidential and/or privileged material. This information may not 
otherwise be distributed, copied or disclosed. If you have received this e-mail 
in error, please notify the sender immediately via a return e-mail and destroy 
original message. Thank you for your cooperation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to