Adding custom 401 page doesn’t suppress the internal ‘Access Denied’ page

cambridgeuniversity / mod_ucam_webauth

Ucam WebAuth Apache authentication agent (mod_ucam_webauth)

GNU Lesser General Public License v2.1

7 stars 9 forks source link

Adding custom 401 page doesn’t suppress the internal ‘Access Denied’ page #11

Closed jw35 closed 7 years ago

jw35 commented 7 years ago

RAVEN101 in master TODO list

jw35 commented 7 years ago

The module tries to add a custom 401 error page (either one provided, or its own default) following authentication because the Apache default page that will otherwise be rendered is misleading (it talks about trying again, for example).

This doesn't seem to be working in Apache 2.4, probably as a result of 2.4's reorganisation of the wat the authn/authz works.

mgkuhn commented 7 years ago

Actually, it had nothing to do with "2.4's reorganisation of the way the authn/authz works". Instead, there was a change in Apache 2.4.13 in the data structure used for ErrorDocument, and wls_response_code_string() needs to be updated accordingly. Fix is now in pull request #15.