I'm new with mod_auth_cas and mod_jk but I'm doing this right now and that's what I think about the subject. If I'm wrong please correct me:The problem is not related to the JkMount points, they are doing their job right. This mounts just "connect" your apache httpd server with tomcat, they are not responsible for CAS authentication.In some other configuration file, the one related to mod_auth_cas you have "Location" entry protecting whole "/alfresco" path. I change it to this:
<Location /alfresco/faces>
AuthType CAS
AuthName "CAS"
require valid-user
CASScope /alfresco
</Location>
This makes only "/alfresco/faces" be protected. I don't think this is a security risk because when no CAS credentials are supplied but Alfresco Explorer authentication is required Alfresco will jump to "/alfresco/faces/jsp/login.jsp" and, of course, then CAS will fire.That way /alfresco/webdav (which uses HTTP authentication) will just use "normal" authentication, and the same applies for /alfresco/service or whatever. Of course you'll need to chain additional authentication subsystems in order for this other services to authenticate. Tipycally you will chain the same methods that your CAS uses, for example if your CAS uses LDAP authentication, then you'll chain in alfresco the external authentication method (for CAS), as well as the LDAP subsystem (for other authentications).Hope it helps.
