A little more that I found on this. I was missing the not-so-prominent informational line that my CAS login "failed" when coming back from the https URL. I also found that there is a /tmp/sessionlog being created and that it is immediately claiming a CAS logout for "inactivity" upon return from the CAS login screen call. But I'm still evidently getting logged in because I can still get to my personal information if I remove the "s" from https. So it looks like Koha is not properly accepting the CAS ticket but is, in reality, getting me logged in. Any ideas on what might be going on here? Thanks, Tom On 10/31/2011 04:11 PM, Tom Hanstra wrote:

Some questions about CAS authentication:

I have been able to link in our CAS service with Koha. I get the "Log in to your Account" page and choose to login via CAS. This jumps me out to our site CAS server. OK so far.

Now for the wrinkle. Our site wants to have the CAS login transaction secure from end to end so it sends me back to:

https://kohapprd.library.nd.edu/cgi-bin/koha/opac-user.pl?ticket=<ticket #>

So, I had do create a secure server for the return trip. I've tried to do that via apache, but evidently don't have something set up properly. When it comes back from the return trip, it is sending me back to the Log In screen, whereas if I remove the "s" from https in the same URL:

http://kohapprd.library.nd.edu/cgi-bin/koha/opac-user.pl?ticket=<ticket #>

I get properly sent to the Koha screen with loans, fines, personal details, etc.

But the URL I see is still the same (opac-user.pl). So, where is the redirection to this screen happening? And why is my secure host not getting to it?

Thanks, Tom

-- ----------------------------------------------------------------------------- Tom Hanstra Systems Administrator Hesburgh Libraries of Notre Dame Phone: (574)631-4686 213 Hesburgh Library Email: tom@nd.edu Notre Dame, IN 46556 Please stop, I'm bored. Miss Sweetie Poo -----------------------------------------------------------------------------