1

I need to use an Apache (or other) proxy to enable SSO on a platform which does not natively support CAS (namely splunk)

It looks like everyone on Internet has "successfully configured their Apache CAS proxy" but we (Google and I) cannot find any simple, straightforward example on how to set this up.

Would someone be willing to share a basic version of their configuration of such a proxy?

WoJ
  • 3,607
  • 9
  • 49
  • 79

1 Answers1

4

I finally managed to do this with the configuration below. splunk.example.com:8000 is the actual site to be accessed, cas.example.com is the CAS server. The proxy is on the same machine and will be defined in a VirtualHost.

Apache

The VirtualHost which serves the to-be-SSO-ed application (splunk.example.com:8000)

<VirtualHost splunk.example.com:80>
ServerName splunk.example.com
DocumentRoot /var/www

CASCookiePath /var/cache/apache2/mod_auth_cas/
CASLoginURL https://cas.example.com/cas/login?gateway=true
CASValidateURL  https://cas.example.com/cas/proxyValidate

<Location />
        Authtype CAS
        require valid-user
        CASAuthNHeader Cas-User
</Location>

ProxyPreserveHost On
ProxyPass        / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
</VirtualHost>

CAS

The module to load is mod_auth_cas. The version I had on Debian failed on some crypto module, it is enough to clone the git repository, configure, make and install and it works out of the box

WoJ
  • 3,607
  • 9
  • 49
  • 79
  • @kashyap you are welcome. There seems to be a small problem with this config, though. I am investigating right now (the problem is posted at [splunkbase](http://splunk-base.splunk.com/answers/81764/sso-sometimes-fails-with-deeper-urls)) – WoJ Apr 20 '13 at 13:22