Thanks for the hint & instant responses Ray. Regards Ramakrishna G +91 8792114542
On Sat, Aug 4, 2018 at 1:07 AM, Ray Bon <[email protected]> wrote: > Ramakrishna, > > This is what I set on my test machine: > > upstream casssl { > server localhost:8491; > server localhost:8492 backup; > } > > location /cas { > proxy_pass https://casssl; > } > > > The backup means that all requests go through 8491 unless it is down. I > think there are other ways of setting the load balance. > > Is it a failed validation or does the ticket never arrive for validation? > What are the log messages? > > Ray > > On Sat, 2018-08-04 at 00:37 +0530, Ramakrishna G wrote: > > Ray, > > Can you please elaborate this "If you set nginx to be sticky, will > validation succeed?" Any example for this. > > Also in cas logs I could see ticket was not validated when I go through > NGINX > > Thanks > Ramakrishna G > > > On Fri, Aug 3, 2018 at 11:02 PM, Ray Bon <[email protected]> wrote: > > Ramakrishna, > > This sounds like slow ticket replication. Does redis sentinel have > multiple stores? > If you set nginx to be sticky, will validation succeed? > > Check your cas logs to see if the ticket is being validated. I think the > cas client tries to validate the ticket using https. > > You could simplify your config: > location /cas > { > proxy_pass http://cas.server/cas > } > > Ray > > On Fri, 2018-08-03 at 22:28 +0530, Ramakrishna G wrote: > > Hello all, > > I am using Mod_auth_cas and HA- Cas server behind a loadbalancer. > > > Whenever I set CASValidateURL to one of the cas servers it works fine. But > when I send to cas via NGINX server then it says "Unauthorized error" in > browser. > > My Nginx has > > location /cas/login > { > proxy_pass http://cas_server/cas/login; > } > > location /cas/serviceValidate > { > proxy_pass http://cas_server/cas/serviceValidate; > } > > location /secured > { > proxy_pass http:// <http://cas_server/cas>application > _servers/api/services; > } > > > My cas.conf has > > LoadModule auth_cas_module modules/mod_auth_cas.so > CASCertificatePath /etc/pki/tls/certs/ > CASCookiePath /var/cache/mod_auth_cas/ > CASLoginURL http://localhost:81/cas/login // Works fine > CASValidateURL http://localhost:81/cas/serviceValidate // Pointing to > NGINX > #CASValidateURL http://localhost:8080/cas/serviceValidate // Pointing to > one of the cas server - Works fine > CASDebug On > LogLevel debug > > No error as well. I am not sure where I am going wrong. > > Can anyone help please. > > Thanks > Ramakrishna G > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ap > ereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1533325036.2860.105.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533325036.2860.105.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P-jWuQQrf%3DL%2BDrgHJ8q5r7Zj-scA7EVHJ86_GEnmOsJUQ%40mail.gmail.com.
