I’m sorry am noob and not yet used to think abstracted of our CAS deployments that use database ticket registries.
I do not know which part of the README says “this”. "AH01998 connection closed to child i with abortive shutdown” reads like a pretty standard message, searching it jumps to http://stackoverflow.com/questions/683149/apache-ssl-error-336027900 and from there to https://wiki.apache.org/httpd/InternalDummyConnection, which makes a hint on the web server configuration, have you tried that? Sideways, yours is a pretty old *unsupported* CAS server dated from March 2014 not receiving security updates anymore, so you if you have not yet, you should consider urging your product owner, scrum master and the backing development team to migrate your customers’ installations to CAS 4 or 5. Hope that helped. Regards, > On 10 Dec 2016, at 19:10, Chris Cheltenham <[email protected]> wrote: > > Uxio, > > Just for some more details. > > The httpd log says this: > [Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] > ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] > AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in > browser?!] > [Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client > 10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive > shutdown (server test.dcis.hhs.gov:443 <http://test.dcis.hhs.gov:443/>) > > The mod_auth_cas 1.1 READ ME says this which worries me. > > ======================================================================== > KNOWN LIMITATIONS > ======================================================================== > These limitations are known to exists in this release of the software: > > * CAS Proxy Validation is not implemented in this version. > > From: Uxío Prego [mailto:[email protected]] > Sent: Saturday, December 10, 2016 1:02 PM > To: CAS Community > Cc: David Lawson; Pathe Sow; Chris Cheltenham > Subject: Re: [cas-user] mod_auth_cas 1.1 > > Have you discarded a misconfigured database problem? > > Have you tried to `tailf` both the catalina.out log, the CAS runtime log/s, > and the web server's error and SSL error logs when reproducing this to try to > find more facts? > > There is also the possibility to turn on hibernate SQL logging and increasing > the verbosity of the CAS runtime logs if at first sight you see nothing > interesting. If you can not repackage the web application archive, this > should be feasible with package manipulation techniques too. > > Regards, > > Uxío Prego > > Madiva Soluciones > Cl / Serrano Galvache 56 E Abedul 4 > 28033 Madrid > > 917 56 84 94 > www.madiva.com <http://www.madiva.com/> > > The activity of email inboxes can be systematically tracked by colleagues, > business partners and third parties. Turn off automatic loading of images to > hamper it. > > 2016-12-10 17:41 GMT+01:00 Chris Cheltenham <[email protected] > <mailto:[email protected]>>: > Hello everyone, > > We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1 > > We are getting this error once we log into CAS. > > Unauthorized > > This server could not verify that you are authorized to access the document > requested. Either you supplied the wrong credentials (e.g., bad password), or > your browser doesn't understand how to supply the credentials required. > > The URL has the ticket I there when we proxy to the CAS server. > > > https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov > > <https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov> > > On other RHEL5 apache servers that work we see this in the URL > > https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php > <https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php> > > > The install seems to go well. > See below > > See any operating system documentation about shared libraries for > more information, such as the ld(1) and ld.so(8) manual pages. > ---------------------------------------------------------------------- > chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so > make[1]: Leaving directory `/tmp/mod_auth_cas-master/src' > Making install in tests > make[1]: Entering directory `/tmp/mod_auth_cas-master/tests' > make[2]: Entering directory `/tmp/mod_auth_cas-master/tests' > make[2]: Nothing to be done for `install-exec-am'. > make[2]: Nothing to be done for `install-data-am'. > make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests' > make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests' > make[1]: Entering directory `/tmp/mod_auth_cas-master' > make[2]: Entering directory `/tmp/mod_auth_cas-master' > make[2]: Nothing to be done for `install-exec-am'. > make[2]: Nothing to be done for `install-data-am'. > make[2]: Leaving directory `/tmp/mod_auth_cas-master' > make[1]: Leaving directory `/tmp/mod_auth_cas-master' > root@test-web:/tmp/mod_auth_cas-master > ls -l > total 1684 > -rw-r--r--. 1 root root 42423 Oct 11 18:39 aclocal.m4 > -rwxr-xr-x. 1 root root 7333 Oct 11 18:39 compile > -rwxr-xr-x. 1 root root 42938 Oct 11 18:39 config.guess > -rw-r--r--. 1 root root 5958 Dec 10 11:33 config.h > -rw-r--r--. 1 root root 5576 Oct 11 18:39 config.h.in <http://config.h.in/> > -rw-r--r--. 1 root root 60120 Dec 10 11:33 config.log > -rwxr-xr-x. 1 root root 60916 Dec 10 11:33 config.status > -rwxr-xr-x. 1 root root 36006 Oct 11 18:39 config.sub > -rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure > -rw-r--r--. 1 root root 5083 Oct 11 18:39 configure.ac > <http://configure.ac/> > -rwxr-xr-x. 1 root root 23566 Oct 11 18:39 depcomp > -rwxr-xr-x. 1 root root 14675 Oct 11 18:39 install-sh > -rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool > -rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh > drwxr-xr-x. 2 root root 4096 Oct 11 18:39 m4 > -rw-r--r--. 1 root root 27298 Dec 10 11:33 Makefile > -rw-r--r--. 1 root root 961 Oct 11 18:39 Makefile.am > -rw-r--r--. 1 root root 27090 Oct 11 18:39 Makefile.in > -rwxr-xr-x. 1 root root 6872 Oct 11 18:39 missing > -rw-r--r--. 1 root root 801 Oct 11 18:39 NOTES > -rw-r--r--. 1 root root 17243 Oct 11 18:39 README > -rw-r--r--. 1 root root 3327 Oct 11 18:39 README.win32 > drwxr-xr-x. 4 root root 4096 Dec 10 11:33 src > -rw-r--r--. 1 root root 23 Dec 10 11:33 stamp-h1 > -rwxr-xr-x. 1 root root 4640 Oct 11 18:39 test-driver > drwxr-xr-x. 3 root root 4096 Dec 10 11:33 tests > root@test-web:/tmp/mod_auth_cas-master > ls -l > /usr/lib64/httpd/modules/mod_auth_cas.so > -rwxr-xr-x. 1 root root 245800 Dec 10 11:33 > /usr/lib64/httpd/modules/mod_auth_cas.so > root@test-web:/tmp/mod_auth_cas-master > service httpd start > Redirecting to /bin/systemctl start httpd.service > root@test-web:/tmp/mod_auth_cas-master > systemctl httpd status > Unknown operation 'httpd'. > root@test-web:/tmp/mod_auth_cas-master > systemctl status httpd > ● httpd.service - The Apache HTTP Server > Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor > preset: disabled) > Active: active (running) since Sat 2016-12-10 11:34:34 EST; 17s ago > Docs: man:httpd(8) > man:apachectl(8) > Process: 10235 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, > status=0/SUCCESS) > Process: 29467 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful > (code=exited, status=0/SUCCESS) > Main PID: 13258 (httpd) > Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 > B/sec" > CGroup: /system.slice/httpd.service > ├─13258 /usr/sbin/httpd -DFOREGROUND > ├─13260 /usr/sbin/httpd -DFOREGROUND > ├─13262 /usr/sbin/httpd -DFOREGROUND > ├─13263 /usr/sbin/httpd -DFOREGROUND > ├─13264 /usr/sbin/httpd -DFOREGROUND > ├─13265 /usr/sbin/httpd -DFOREGROUND > └─13266 /usr/sbin/httpd -DFOREGROUND > > Dec 10 11:34:34 test-web.dcis.hhs.gov <http://test-web.dcis.hhs.gov/> > systemd[1]: Starting The Apache HTTP Server... > Dec 10 11:34:34 test-web.dcis.hhs.gov <http://test-web.dcis.hhs.gov/> > systemd[1]: Started The Apache HTTP Server. > root@test-web:/tmp/mod_auth_cas-master > > > Thank You; > > Chris Cheltenham > [email protected] <mailto:[email protected]> > SwainTechs > 10 Walnut Grove Rd > Suite 110 > Horsham, PA > > 484-502-4943 <tel:(484)%20502-4943> > > > -- > - CAS gitter chatroom: https://gitter.im/apereo/cas > <https://gitter.im/apereo/cas> > - CAS mailing list guidelines: > https://apereo.github.io/cas/Mailing-Lists.html > <https://apereo.github.io/cas/Mailing-Lists.html> > - CAS documentation website: https://apereo.github.io/cas > <https://apereo.github.io/cas> > - CAS project website: https://github.com/apereo/cas > <https://github.com/apereo/cas> > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB12137CB786190C5AFED56C7AC4860%40MWHPR17MB1213.namprd17.prod.outlook.com > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB12137CB786190C5AFED56C7AC4860%40MWHPR17MB1213.namprd17.prod.outlook.com?utm_medium=email&utm_source=footer>. -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/E9601DEA-8E81-4E13-AF2C-1837AAD7CFA4%40madiva.com.
