That's usually a certificate problem. Are you using a self-signed certificate on the CAS server? If so, you need to have
CASCertificatePath /etc/pki/tls/certs/casserver.crt in the mod_auth_cas configuration. -- DAVID A. CURRY, CISSP *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 • [email protected] [image: The New School] On Sun, Sep 23, 2018 at 3:00 AM Fahmi L. Ramdhani < [email protected]> wrote: > Hello, all. I tried to build CAS server based on the guidelines from > https://dacurry-tns.github.io/deploying-apereo-cas. In the trial phase my > client application gets a problem: > > >> *Unauthorized*This server could not verify that you are authorized to >> access the document requested. Either you supplied the wrong credentials >> (e.g., bad password), or your browser doesn't understand how to supply the >> credentials required. > > > This problem appears after logging in. The following configuration of the > cas: > > *etc/cas/config/cas.properties* > cas.server.name: https://cas.domain.com:8443 > cas.server.prefix: https://cas.domain.com:8443/cas > > cas.adminPagesSecurity.ip=127\.0\.0\.1 > > cas.tgc.secure: true > cas.tgc.crypto.signing.key: xxxxxxxx > cas.tgc.crypto.encryption.key: xxxxxxxxxxxxxxxx > > cas.webflow.crypto.signing.key: xxxxxxxxxxxxxxxxxxxxxxxxx > cas.webflow.crypto.encryption.key: xxxxxxxxxxxxxxxxxxxxxx > > cas.serviceRegistry.initFromJson: true > cas.serviceRegistry.json.location: file:/etc/cas/services > > logging.config: file:/etc/cas/config/log4j2.xml > > *etc/cas/services/**HTTPSandIMAPSwildcard-1503925297.json* > > { > /* > * Wildcard service definition that applies to any https or imaps url. > * Do not use this definition in a production environment. > */ > "@class" : "org.apereo.cas.services.RegexRegisteredService", > "serviceId" : "^(https|imaps)://.*", > "name" : "HTTPS and IMAPS wildcard", > "id" : 1503925297, > "evaluationOrder" : 99999 > } > > > *apache site virtualhost configuration* > <VirtualHost *:443> > ServerName cas.domain.com > ServerAdmin [email protected] > > <Directory "/var/www/html"> > <IfModule mod_auth_cas.c> > AuthType CAS > </IfModule> > Require valid-user > </Directory> > > <IfModule mod_auth_cas.c> > CASLoginUrl > https://cas.domain.com:8443/cas/login > CASValidateUrl https://cas.domain > .com:8443/cas/serviceValidate > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASSSOEnabled On > CASDebug Off > </IfModule> > > ErrorLog ${APACHE_LOG_DIR}/error.log > CustomLog ${APACHE_LOG_DIR}/access.log combined > > SSLCertificateFile /etc/pki/tls/certs/cas.crt > SSLCertificateKeyFile /etc/pki/tls/private/cas.key > </VirtualHost> > > > How to solve this problem? I hope anyone can provide a detailed solution > about this. Thank you. > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/b7cf7903-1f56-40e0-b177-d2bd67ee1eb8%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b7cf7903-1f56-40e0-b177-d2bd67ee1eb8%40apereo.org?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMZxXSdBr7bkbOVp1o8G8sE_8qiigsBcZB3yshS7%2B9v%2BA%40mail.gmail.com.
