What I want
For various reasons, I'd like to see the following authentication procedure work:
- go to moodle.blah.bla
- Apache asks for your login information via mod_auth_cas
- Once authenticated, Apache sends you to moodle.blah.bla/login/index.php?authCAS=CAS
- Moodle then sends you to your CAS server which is already authenticated
- CAS sends you back to moodle as an authenticated user.
What I have
Currently I have confirmed that mod_auth_cas does authenticate my user. I also have successfully authenticated Moodle using their CAS plugin.
The problem
Where I am stuck is putting the two things together.
First, once mod_auth_cas authenticates you, I'm not sure how to send the user on to the correct Moodle url.
Second, when I manually browse to the Moodle CAS auth link, it ends up sending me into a redirect loop.
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
And Chromium:
ERR_TOO_MANY_REDIRECTS
My thoughts on the problem
For the first issue, I would think that I'd want to redirect only when a specific header is set. Except that I think the header would stick around until the end of the session, thus triggering a redirect for every single page...
For the second issue, is the ticket from mod_auth_cas getting invalidated and thus apache is trying to send me back to the cas server? Even though we just came from there... Which would be a redirect loop.
Any other suggestions on how to get his working?
Server config and specs
My server is running:
- Ubuntu 14.04
- Apache 2.4
- http://packages.ubuntu.com/trusty/libapache2-mod-auth-cas
- Moodle 2.8+
In my vhost:
CASValidateServer Off
CASLoginURL https://casserver/cas/login
CASValidateURL https://casserver/cas/serviceValidate
<LocationMatch "/.*">
AuthType CAS
require valid-user
</LocationMatch>
Moodle is configured to use CAS 2.0.
The CAS server is running 4.x.