David,
I hope this clarifies things.
We upgraded RH5 apache 2.2.x web servers to RH7 apache 2.4.6 servers.
Mod_auth_cas for RHEL5 was 1.0.9
We had mod_auth_cas.conf have a number of config entries thusly:
<Location /reports.php>
Authtype CAS
require valid-user
CASAuthNHeader CAS_USER
</Location>
This would block a script alias to IBM's Cognos Report server.
ScriptAlias /reports/cgi-bin "/ibmcognos/cgi-bin"
Alias /reports "/ibmcognos/webcontent"
<Directory "/ibmcognos">
Options Indexes MultiViews
AuthType CAS
Require valid-user
Require all granted
</Directory>
The script alias and mod_auth_cas.conf were simply ported from RH5 to RH7
verbatim.
You would authenticate through LDAP and it would pass CAS_USER variable from
the LDAP login to Cognos.
In Cognos we configured it to accept the CAS_USER variable.
When we upgraded the RHEL7 / mod_auth_cas 1.1 /apache 2.4.6 this would not work.
However, it does work for all the other <location></location> configurations
only blocking web pages on the local machine.
When I dumped the nic card text we saw REMOTE_USER was being passed so
mod_auth_cas 1.1 was ignoring the CAS_USER configuration.
We changed Cognos to accept REMOTE_USER and it orked just fine.
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of David Hawes
Sent: Tuesday, January 24, 2017 8:55 PM
To: CAS Community
Subject: Re: [cas-user] Converting REMOTE_USER variable to all lower/upper case
in mod_auth_cas v. 1.1?
On 24 January 2017 at 16:19, Chris Cheltenham
<[email protected]<mailto:[email protected]>> wrote:
> Bryon ,
>
> According to my tcpdump mod_auth_cas is pushing REMOTE_USER no matter what we
> configure it to be.
> So when we changed the behavior of the other side to EXPECT the REMOTE_USER
> variable , it worked.
>
> The question for CAS folks is, Is that a bug?
>
> Is it supposed to ignore the configured value in our mod_auth_cas.conf file?
>
> I would think not.
mod_auth_cas sets r->user which gets evaluated as REMOTE_USER. This is
something that can't be changed.
What does your configuration look like?
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wAtN3yqF_NaCYBF-JydjVc3JH05Y9U6QXQ_5kV5OrrQRQ%40mail.gmail.com.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB1213978B7CA7CB04EBBB7D1BC4740%40MWHPR17MB1213.namprd17.prod.outlook.com.
