CASGateway error 500 for unauthenticated requests in Apache 2.4

[nregina-hbs]

When accessing a CASGateway location as an unauthenticated user, a 500 error is returned. The Apache error log shows an error like this:

AH00027: No authentication done but request not allowed without authentication for /gateway. Authentication not configured?

In Apache 2.4 AuthZ module requires the request user to be set when the authentication provider returns OK.

Sample config:

<Location / >
  Authtype CAS
  Require valid-user
  CASGateway /gateway
</Location>

In my own build, I've updated the flow to set the user to an empty string.

/* do not set a user, but still allow anonymous access */
r->user = "";

This works for my own use cases, but I'm not sure this would be an acceptable change in behavior for all users of mod-auth-cas.

[dhawes]

Yeah, I've been thinking about how to handle this case. An empty user string seems like a decent way to go, but I wonder if something configurable would be better? I'll need to experiment some before I can comment further.