Ramakrishna,

This is what I set on my test machine:

    upstream casssl {
                server localhost:8491;
                server localhost:8492 backup;
    }

        location /cas {
            proxy_pass   https://casssl;
        }

The backup means that all requests go through 8491 unless it is down. I think 
there are other ways of setting the load balance.

Is it a failed validation or does the ticket never arrive for validation? What 
are the log messages?

Ray

On Sat, 2018-08-04 at 00:37 +0530, Ramakrishna G wrote:
Ray,

Can you please elaborate this "If you set nginx to be sticky, will validation 
succeed?" Any example for this.

Also in cas logs I could see ticket was not validated when I go through NGINX

Thanks
Ramakrishna G


On Fri, Aug 3, 2018 at 11:02 PM, Ray Bon <r...@uvic.ca<mailto:r...@uvic.ca>> 
wrote:
Ramakrishna,

This sounds like slow ticket replication. Does redis sentinel have multiple 
stores?
If you set nginx to be sticky, will validation succeed?

Check your cas logs to see if the ticket is being validated. I think the cas 
client tries to validate the ticket using https.

You could simplify your config:
location /cas
{
proxy_pass http://cas.server/cas
}

Ray

On Fri, 2018-08-03 at 22:28 +0530, Ramakrishna G wrote:
Hello all,

I am using Mod_auth_cas and HA- Cas server behind a loadbalancer.


Whenever I set CASValidateURL to one of the cas servers it works fine. But when 
I send to cas via NGINX server then it says "Unauthorized error" in browser.

My Nginx has

 location /cas/login
 {
        proxy_pass  http://cas_server/cas/login;
 }

 location /cas/serviceValidate
 {
        proxy_pass  http://cas_server/cas/serviceValidate;
 }

 location /secured
 {
        proxy_pass  
http://<http://cas_server/cas>application_servers/api/services;
 }


My cas.conf has

LoadModule auth_cas_module modules/mod_auth_cas.so
CASCertificatePath /etc/pki/tls/certs/
CASCookiePath /var/cache/mod_auth_cas/
CASLoginURL http://localhost:81/cas/login // Works fine
CASValidateURL  http://localhost:81/cas/serviceValidate // Pointing to NGINX
#CASValidateURL  http://localhost:8080/cas/serviceValidate // Pointing to one 
of the cas server - Works fine
CASDebug On
LogLevel debug

No error as well. I am not sure where I am going wrong.

Can anyone help please.

Thanks
Ramakrishna G




--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca>

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca<https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca?utm_medium=email&utm_source=footer>.



--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | r...@uvic.ca

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533325036.2860.105.camel%40uvic.ca.

Reply via email to