TF, You might want to try setting the "CASScope" setting to a particular path. For example, to protect just the resource that logs you in and establishes an application session. You probably don't actually want CAS to be involved when accessing every resource on the site.
Thanks, Carl Waldbieser On Fri, Aug 16, 2024 at 10:01 AM TF <timm.flagme...@ionos.com> wrote: > */etc/apache2/mods-enabled/auth_cas.conf* > > CASLoginURL https://login.example.org/ims-sso/login > CASCookiePath /var/www/website/production/sessions/ > CASValidateURL https://login.example.org/ims-sso/serviceValidate > CASValidateSAML Off > CASVersion 2 > CASDebug On > CASTimeout 32400 > CASIdleTimeout 7200 > > */etc/apache2/sites-enabled/001-ssl.conf* > <IfModule mod_ssl.c> > <VirtualHost *:443> > ServerAdmin webmaster@localhost > ServerName example.com > DocumentRoot /var/www/example > LogLevel error > ErrorLog ${APACHE_LOG_DIR}/error.log > CustomLog ${APACHE_LOG_DIR}/access.log combined > SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 > SSLEngine on > SSLCertificateFile /etc/ssl/certs/example.org.pem > SSLCertificateKeyFile /etc/ssl/certs/example.key > > Alias /static/ /var/www/example/production/static/ > <Directory /var/www/example/production/static> > SSLRequireSSL > AuthType None > Require all granted > Order allow,deny > Allow from all > </Directory> > > WSGIDaemonProcess example user=www-data group=www-data processes=4 > threads=20 display-name=%{GROUP} python-home=/var/www/example/venv > python-path=/var/www/example > WSGIScriptReloading On > WSGIScriptAlias / /var/www/example/system/wsgi.py > > <Directory /var/www/example> > SSLRequireSSL > WSGIProcessGroup example > WSGIApplicationGroup %{GLOBAL} > > <If "%{REMOTE_ADDR} == 'x.x.x.x'"> > AuthType None > Require all granted > </If> > > # Regular User > <Else> > AuthType CAS > Require valid-user > </Else> > > WSGIPassAuthorization On > </Directory> > </VirtualHost> > </IfModule> > > On Friday 16 August 2024 at 15:51:25 UTC+2 Carl Waldbieser wrote: > >> You probably are going to need to share your mod_auth_cas config (if you >> need to replace your actual domain with "example.com" that is fine). >> >> Thanks, >> Carl Waldbieser >> >> On Fri, Aug 16, 2024 at 9:08 AM 'TF' via CAS Community < >> cas-...@apereo.org> wrote: >> >>> Hey guys, >>> >>> i hope i can get help here. Im going crazy with my problem... >>> >>> *My Setup:* >>> >>> Debian Server >>> Apache2 with mod_auth_cas and mod_wsgi >>> Application: Django >>> >>> *Problem:* >>> >>> if you enter the main domain "https://example.com"; everything is good, >>> no problems, Auth via CAS (SSO) => Website => OK >>> >>> But if you enter a sub page of the website for example " >>> https://example.com/site1"; there is a problem with the static files >>> (css, js, etc.). Auth via CAS (SSO) => Website => static files are not >>> loading. >>> >>> If i take a look into the browser dev tools i can see the browser trys >>> to get the static files from the cas server, not from my server. >>> >>> for example: main.css => 302 => login?service= >>> example.com/static/css/main.css >>> >>> But only if you try to enter a sub page directly, if you enter the main >>> domain and then go back to the sub page everyting is ok again.... >>> >>> Maybe someone can help me. >>> >>> Thanks & kind regards, >>> TF >>> >>> -- >>> - Website: https://apereo.github.io/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/2005cf4e-1c29-49da-ae1d-85ab85d4b6f9n%40apereo.org >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/2005cf4e-1c29-49da-ae1d-85ab85d4b6f9n%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CALt4NbMtMB_QVTiYJNz_iCvAKgR-ne5BqFKXE5DWHegKwV26UQ%40mail.gmail.com.
