tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: reverse proxy with SSO using CAS.
Date Fri, 25 Mar 2011 17:08:43 GMT
Jorge Infante Osorio wrote:
> I have an issue in reverse proxy with apache, tomcat and SSO using CAS. 
> The problem is that my reverse proxy work just fine when I use an Apache
> Server as the reverse proxy with two back-end tomcats. 
> But when the I include SSO with CAS to authenticate the user with access to
> the tomcat servers the internal redirections are missing to the users that
> use the reverse proxy and I don´t know why.

Thanks, for reposting as a new message.

I don't know CAS.  I just read the Wikipedia entry right now.
I just want to point out something to you, in case you would not know and in case it may help.

If you use mod_jk as a proxying connector between Apache and Tomcat, and you set the 
"tomcatAuthentication=false" attribute on the AJP Connector in Tomcat, then Tomcat will 
accept the user authentication from Apache (which mod_jk forwards to Tomcat).
This allows to do the user authentication at the front-end Apache level, and pass the 
user-id to the Tomcat back-end(s) easily.  It may simplify your problem.

It is possible that mod_proxy_ajp provides a similar capability, I don't know.
There are plenty more possibilities for similar schemes, but my time is running out right

now, because yes I am in my late afternoon mode, and I am taking a holiday starting 
tomorrow (in what increasingly looks like the wrong region to be right now).

 From what I read about CAS, it looks similar to another scheme named OpenId I think.  I 
understood once how that works, but right now something eludes me in the redirections 
schema. I'll think about it next week on the beach.

But a question : in your CAS scheme, which is/are the server(s) which need to talk to the

CAS server ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message