Perrin Harkins wrote:
After successful authentication we need to pass the control to another application(which is running on the same apache server) which depend on the REMOTE_USER value which we set.That will work fine, as long as your auth handler runs in the same request as the thing that wants to look at REMOTE_USER. If you do an external redirect, that creates a totally separate request from the client. You need to set your handler as the auth handler for the location that you want to protect, not go the auth handler and then redirect to the location.
I think what Perrin is saying is that you don't want your authentication handler to perform the location redirect. In fact, you don't want a location redirect at all. You want to return OK if the user is authenticated (i.e. the username and passsword are verified by the CAS service) and AUTH_REQUIRED otherwise. At least that's how it was in MP1 and it's probably pretty much the same in MP2.
Rob
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.