Bharath,
Are you using a self signed certificate?
You can add the certificate to the jdk store with something like:
sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
$JAVA_HOME/jre/lib/security/cacerts
Ray
On Wed, 2018-11-14 at 21:17 -0800, Bandi Bharath Reddy wrote:
Requirement : Enable CAS authentication for Kibana using HTTPD and MOD CAS
Software Version :
mod_auth_cas 1.1
OpenSSL 1.0.2k-fips
Apache Portable Runtime apr-1.6.3
Apache Web Server httpd-2.4.34
libcurl curl-7.61.1
libpcre pcre-8.42
RHEL Red Hat Enterprise Linux Server release 7.5 (Maipo)
Server and Software details :
Server 1 (10.0.0.12) : CAS
Server 2 (10.0.0.13) : Kibana, mod_auth_cas, openssl, Apache Portable
Runtime, Apache Web Server, libcurl and libpcre
Status : While connecting to HTTPD URL, based on configuration file, CAS login
page is loaded and CAS authentication is successful, but it is not routing to
Kibana page (Note : If invalid credentials is entered, then getting valid
message in CAS login page)
Error Message in UI : This server could not verify that you are authorized to
access the document requested. Either you supplied the wrong credentials (e.g
bad password), or your browser doesnt understand how to supply the credentials
required.
Error in TOMCAT Catalina.out file :
=============================================================
WHO: user1
WHAT: Supplied credentials: [user1]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Tue Oct 30 10:36:54 UTC 2018
CLIENT IP ADDRESS: 10.0.121.9
SERVER IP ADDRESS: 10.0.0.12
=============================================================
2018-10-30 10:36:54,872 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: user1
WHAT: TGT-**************************************************D4hA1i3dcK-server1
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Oct 30 10:36:54 UTC 2018
CLIENT IP ADDRESS: 10.0.121.9
SERVER IP ADDRESS: 10.0.0.12
=============================================================
2018-10-30 10:36:54,874 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: user1
WHAT: ST-268890-0TYIGhZAait2pCXX3Zki-server1 for http://10.0.0.13:4010/
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Tue Oct 30 10:36:54 UTC 2018
CLIENT IP ADDRESS: 10.0.121.9
SERVER IP ADDRESS: 10.0.0.12
=============================================================
2018-10-30 10:36:55,255 WARN
[org.apereo.cas.support.pac4j.web.flow.DelegatedClientAuthenticationAction] -
<No clients could be determined based on the provided configuration>
2018-10-30 10:36:55,258 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue Oct 30 10:36:55 UTC
2018,source=InitialAuthenticationAttemptWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Oct 30 10:36:55 UTC 2018
CLIENT IP ADDRESS: 10.0.121.9
SERVER IP ADDRESS: 10.0.0.12
=============================================================
Httpd.conf file :
<VirtualHost *:4010>
CASCookiePath /data/CAS_Kibana_Integration/cache/httpd/mod_auth_cas/
CASLoginURL https://10.0.0.12:8443/cas/login
CASValidateURL https://10.0.0.12:8443/cas/serviceValidate
CASCertificatePath CASCertificatePath
ServerName 10.0.0.13
ServerAdmin [email protected]
ProxyRequests Off
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile “SERVER2.pem file path"
SSLCertificateKeyFile “Server2_private.key"
ErrorLog logs/kibana_error.log
LogLevel debug
CustomLog logs/kibana_access.log combined
<Location "/.*">
CASScope /
AuthType CAS
AuthName "CAS"
Options Indexes MultiViews
Order allow,deny
Allow from all
require valid-user
ProxyPass / https://10.0.0.13:5601
ProxyPassReverse / https://10.0.0.13:5601/
Redirect / https://10.0.0.13:5601
</Location>
</VirtualHost>
Please let us know configuration changes required to overcome this issue.
Regards,
Bharath
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1542302450.2911.35.camel%40uvic.ca.
