*Requirement* : Enable CAS authentication for Kibana using HTTPD and MOD CAS
*Software Version *: mod_auth_cas 1.1 OpenSSL 1.0.2k-fips Apache Portable Runtime apr-1.6.3 Apache Web Server httpd-2.4.34 libcurl curl-7.61.1 libpcre pcre-8.42 RHEL Red Hat Enterprise Linux Server release 7.5 (Maipo) *Server and Software details :* Server 1 (10.0.0.12) : CAS Server 2 (10.0.0.13) : Kibana, mod_auth_cas, openssl, Apache Portable Runtime, Apache Web Server, libcurl and libpcre Status : While connecting to HTTPD URL, based on configuration file, CAS login page is loaded and CAS authentication is successful, but it is not routing to Kibana page (Note : If invalid credentials is entered, then getting valid message in CAS login page) Error Message in UI : This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g bad password), or your browser doesnt understand how to supply the credentials required. *Error in TOMCAT Catalina.out file :* ============================================================= WHO: user1 WHAT: Supplied credentials: [user1] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Tue Oct 30 10:36:54 UTC 2018 CLIENT IP ADDRESS: 10.0.121.9 SERVER IP ADDRESS: 10.0.0.12 ============================================================= 2018-10-30 10:36:54,872 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: TGT-**************************************************D4hA1i3dcK-server1 ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Tue Oct 30 10:36:54 UTC 2018 CLIENT IP ADDRESS: 10.0.121.9 SERVER IP ADDRESS: 10.0.0.12 ============================================================= 2018-10-30 10:36:54,874 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: user1 WHAT: ST-268890-0TYIGhZAait2pCXX3Zki-server1 for http://10.0.0.13:4010/ ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Tue Oct 30 10:36:54 UTC 2018 CLIENT IP ADDRESS: 10.0.121.9 SERVER IP ADDRESS: 10.0.0.12 ============================================================= 2018-10-30 10:36:55,255 WARN [org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] - <No clients could be determined based on the provided configuration> 2018-10-30 10:36:55,258 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Tue Oct 30 10:36:55 UTC 2018,source=InitialAuthenticationAttemptWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Tue Oct 30 10:36:55 UTC 2018 CLIENT IP ADDRESS: 10.0.121.9 SERVER IP ADDRESS: 10.0.0.12 ============================================================= *Httpd.conf file* : <VirtualHost *:4010> CASCookiePath /data/CAS_Kibana_Integration/cache/httpd/mod_auth_cas/ CASLoginURL https://10.0.0.12:8443/cas/login CASValidateURL https://10.0.0.12:8443/cas/serviceValidate CASCertificatePath CASCertificatePath ServerName 10.0.0.13 ServerAdmin kibana_ad...@abc.com ProxyRequests Off SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off SSLCertificateFile “SERVER2.pem file path" SSLCertificateKeyFile “Server2_private.key" ErrorLog logs/kibana_error.log LogLevel debug CustomLog logs/kibana_access.log combined <Location "/.*"> CASScope / AuthType CAS AuthName "CAS" Options Indexes MultiViews Order allow,deny Allow from all require valid-user ProxyPass / https://10.0.0.13:5601 ProxyPassReverse / https://10.0.0.13:5601/ Redirect / https://10.0.0.13:5601 </Location> </VirtualHost> *Please let us know configuration changes required to overcome this issue. * Regards, Bharath -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/902bf228-dace-4dad-ae98-eac1504c3a34%40apereo.org.
