mod_rewrite redirect to login page

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,
 
I'm attempting to set up a site with a mixture of mod_auth_kerb and an in house mod_perl2 auth handler we wrot. Basically what I need to do is when you hit the root of the site if "REMOTE_USER" isn't populated and you're on the LAN redirect to a page under mod_auth_kerb that sets a ticket and if you're outside our LAN redirect to a page where our users can manually log in. My rewrite rule never seems to see "REMOTE_USER" as populated even though I'm using "LA-U:REMOTE_USER" so the rewrite rule keeps kicking in and redirecting over to the mod_auth_kerb page which redirects back to Apache. I've searched google and the lists here and I can't seem to solve the problem. Here's my current configuration:
 
   <Location /kltest>
      AuthType Site::SSO
      AuthName sso
      PerlAuthenHandler  Site::SSO->authenticate
      PerlAuthzHandler   Site::SSO->authorize
      require valid-user
   </Location>
 
   RewriteEngine On
   RewriteLog /var/log/apache2/rewrite.log
   RewriteLogLevel 5
 
   # Redirect to pass through authentication if internal
   #
   RewriteCond %{REMOTE_ADDR} ^10\..*$
   RewriteCond %{LA-U:REMOTE_USER} !(.+)
   RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/signauto/in [NS]
 
   # Redirect to manual authentication if external
   #
   RewriteCond %{LA-U:REMOTE_USER} !(.+)
   RewriteCond %{REMOTE_ADDR}      !^10\..*$
   RewriteRule ^/kltest/env$ https://sso.lhsc.on.ca/sign/in [NS]
 
 
"Site::SSO" is our in house Apache2::AuthCookie auth handler, the ticket for this is set once you authenticate to one of the pages on "sso.lhsc.on.ca" and "REMOTE_USER" is set if I remove the rewrite rules but mod_rewrite never sees anything in "REMOTE_USER". What am I missing?
 
Thanks,
Keith.

This information is directed in confidence solely to the person named above and may contain confidential and/or privileged material. This information may not otherwise be distributed, copied or disclosed. If you have received this e-mail in error, please notify the sender immediately via a return e-mail and destroy original message. Thank you for your cooperation. 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux