You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yeah, I've been thinking about how to handle this case. An empty user string seems like a decent way to go, but I wonder if something configurable would be better? I'll need to experiment some before I can comment further.
When accessing a CASGateway location as an unauthenticated user, a 500 error is returned. The Apache error log shows an error like this:
AH00027: No authentication done but request not allowed without authentication for /gateway. Authentication not configured?
In Apache 2.4 AuthZ module requires the request user to be set when the authentication provider returns OK.
Sample config:
In my own build, I've updated the flow to set the user to an empty string.
This works for my own use cases, but I'm not sure this would be an acceptable change in behavior for all users of mod-auth-cas.
The text was updated successfully, but these errors were encountered: