Hi there,
I've just installed CAS 6.1.0 to replace our legacy SSO infrastructure and
I'm facing an issue while trying to authenticate from a web app secured
by mod_auth_cas.
Redirection to the CAS service works, authentification is done but I
receive an HTTP 401 in my web application.
Looking in the mod_auth_cas logs (set to debug), I see the following :
[Mon Feb 04 09:27:59.756552 2019] [:debug] [pid 9503] mod_auth_cas.c(1442):
[client 147.<xx>:59439] MOD_AUTH_CAS: response = <!doctype html><html
lang="fr"><head><title>\xc3\x89tat HTTP 406 \xe2\x80\x93
Inacceptable</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>\xc3\x89tat
HTTP 406 \xe2\x80\x93 Inacceptable</h1><hr class="line" /><p><b>Type</b>
Rapport d'\xc3\xa9tat</p><p><b>description</b> La ressource
identifi\xc3\xa9e par cette requ\xc3\xaate n'est capable de
g\xc3\xa9n\xc3\xa9rer des r\xc3\xa9ponses qu'avec des
caract\xc3\xa9ristiques incompatible avec la directive "accept"
pr\xc3\xa9sente dans l'ent\xc3\xaate de requ\xc3\xaate.</p><hr class="line"
/><h3>Apache Tomcat/9.0.14</h3></body></html>, referer: https://dummy.<xx>
/?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410
[Mon Feb 04 09:27:59.756676 2019] [:error] [pid 9503] [client 147.<xx>:59439]
MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code: syntax
error (2), referer:
https://dummy.<xx>/?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410
I believe that the interesting part is the HTTP 406 answer received while
validating the ticket. (La ressource identifiée par cette requète n'est
capable de gérer des réponses qu'avec des caractéristiques incompatible
avec la directive "accept" présente dans l'entête de requète.)
Looking at the Tomcat logs of the CAS server I see :
147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST
/cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 1119
147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST
/cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 1119
The configuration of the mod_auth_cas apache module :
LoadModule auth_cas_module modules/mod_auth_cas.so
<IfModule mod_auth_cas.c>
CASVersion 2
CASLoginURL https://federation.<xx>/cas/login
CASValidateURL https://federation.<xx>/cas/serviceValidate
CASProxyValidateURL https://federation.<xx>/cas/proxyValidate
CASCertificatePath /etc/httpd/conf.modules.d/federation.<xx>.crt
CASValidateSAML On
CASCookiePath /var/lib/cas/
CASTimeout 7200
CASIdleTimeout 7200
CASDebug On
</IfModule>
Any help would be greatly appreciated.
Kind regards,
Jean-Damien
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5b6d82c9-4996-429a-96ed-00983940e225%40apereo.org.
