我有以下内容/etc/apache2/httpd.conf:
Include /private/etc/apache2/passenger_pane_vhosts/*.conf
我有以下内容/etc/apache2/passenger_pane_vhosts/my_site.conf:
LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so
CASCookiePath /tmp/mod_auth_cas/
CASVersion 2
CASDebug on
CASValidateServer off
CASAllowWildcardCert on
CASTimeout 86400
CASIdleTimeout 7200
CASLoginURL https://cas.mycompany.com/cas/login
CASValidateURL https://cas.mycompany.com/cas/serviceValidate
CASCookieDomain hattip-dev.mitre.org
LogLevel debug
<VirtualHost *:80>
LogLevel debug
ServerName hattip.local
DocumentRoot "/path/to/rails_app/public"
RailsEnv development
<Location />
AuthType CAS
AuthName "MyCompany CAS"
CASAuthNHeader MOD_AUTH_CAS_USER
require valid-user
</Location>
<directory "/path/to/rails_app/public">
Order allow,deny
Allow from all
</directory>
</VirtualHost>
Apache 可以正常启动,但对我的 Rails 应用程序的每个请求都会返回 403,而不会重定向到我的 CAS 服务器。日志中没有与 CAS 相关的信息,尽管在CASDebug我能想到的所有地方都可以设置on它LogLevel。debug
PS:我尝试了上述配置的几种变体,包括将mod_auth_cas声明放在定义中<VirtualHost>,但大多数在启动时都会失败。我还尝试删除该<Location>块并将该身份验证移到该<Directory>块中:没有变化。
有人知道我怎样才能mod_auth_cas真正重定向到我的 CAS 服务器吗?
(移自堆栈溢出)
答案1
明白了。答案是合并<Location>和<Directory>块并添加一个Satisfy指令:
LoadModule auth_cas_module /usr/libexec/apache2/mod_auth_cas.so
CASCookiePath /tmp/mod_auth_cas/
CASVersion 2
CASDebug on
CASValidateServer off
CASAllowWildcardCert on
CASTimeout 86400
CASIdleTimeout 7200
LogLevel debug
<VirtualHost *:80>
CASCookieDomain "myapp"
CASLoginURL "https://cas.mycompany.com/cas/login"
CASValidateURL "https://cas.mycompany.com/cas/serviceValidate"
LogLevel debug
ServerName "myapp"
DocumentRoot "/path/to/rails_app/public"
RailsEnv development
<Location />
Order deny,allow
Deny from all
AuthType CAS
AuthName "MyCompany CAS"
require valid-user
Satisfy Any
</Location>
</VirtualHost>