Jorge Infante Osorio wrote:
I have an issue in reverse proxy with apache, tomcat and SSO using CAS.
The problem is that my reverse proxy work just fine when I use an Apache
Server as the reverse proxy with two back-end tomcats.
But when the I include SSO with CAS to authenticate the user with access to
the tomcat servers the internal redirections are missing to the users that
use the reverse proxy and I don´t know why.
Thanks, for reposting as a new message.
I don't know CAS. I just read the Wikipedia entry right now.
I just want to point out something to you, in case you would not know and in
case it may help.
If you use mod_jk as a proxying connector between Apache and Tomcat, and you set the
"tomcatAuthentication=false" attribute on the AJP Connector in Tomcat, then Tomcat will
accept the user authentication from Apache (which mod_jk forwards to Tomcat).
This allows to do the user authentication at the front-end Apache level, and pass the
user-id to the Tomcat back-end(s) easily. It may simplify your problem.
It is possible that mod_proxy_ajp provides a similar capability, I don't know.
There are plenty more possibilities for similar schemes, but my time is running out right
now, because yes I am in my late afternoon mode, and I am taking a holiday starting
tomorrow (in what increasingly looks like the wrong region to be right now).
From what I read about CAS, it looks similar to another scheme named OpenId I think. I
understood once how that works, but right now something eludes me in the redirections
schema. I'll think about it next week on the beach.
But a question : in your CAS scheme, which is/are the server(s) which need to talk to the
CAS server ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org