[cas-user] Re: [CAS 6.1.X] Issue with mod_auth_cas

Mon, 04 Feb 2019 03:46:50 -0800 

Turning CASValidateSAML to Off in the mod_auth_cas configuration correct 
the issue :

CASValidateSAML On


But I need to understand why.

Did I miss to include a dependency in my build.gradle ? Following are added 
:

dependencies {
    compile 
"org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}"
    compile 
"org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}"
    compile "com.unboundid:unboundid-ldapsdk:4.0.9"
    compile 
"org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}"
    compile 
"org.apereo.cas:cas-server-support-saml:${project.'cas.version'}"
    compile 
"org.apereo.cas:cas-server-support-saml-idp-ticket:${project.'cas.version'}"
    compile 
"org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}"
    compile 
"org.apereo.cas:cas-server-support-saml-idp-metadata:${project.'cas.version'}"
    compile 
"org.apereo.cas:cas-server-support-saml-idp-web:${project.'cas.version'}"
}


Kind regards,
Jean-Damien


On Monday, February 4, 2019 at 9:56:56 AM UTC+1, Jean-Damien POGOLOTTI 
wrote:
>
> Hi there,
>
> I've just installed CAS 6.1.0 to replace our legacy SSO infrastructure and 
> I'm facing an issue while trying to authenticate from a web app secured 
> by mod_auth_cas.
>
> Redirection to the CAS service works, authentification is done but I 
> receive an HTTP 401 in my web application.
>
> Looking in the mod_auth_cas logs (set to debug), I see the following :
>
> [Mon Feb 04 09:27:59.756552 2019] [:debug] [pid 9503] 
> mod_auth_cas.c(1442): [client 147.<xx>:59439] MOD_AUTH_CAS: response = 
> <!doctype html><html lang="fr"><head><title>\xc3\x89tat HTTP 406 
> \xe2\x80\x93 Inacceptable</title><style type="text/css">h1 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
>  
> h2 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
>  
> h3 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
>  
> body 
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b 
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} 
> p 
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
>  
> a {color:black;} a.name {color:black;} .line 
> {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>\xc3\x89tat
>  
> HTTP 406 \xe2\x80\x93 Inacceptable</h1><hr class="line" /><p><b>Type</b> 
> Rapport d'\xc3\xa9tat</p><p><b>description</b> La ressource 
> identifi\xc3\xa9e par cette requ\xc3\xaate n'est capable de 
> g\xc3\xa9n\xc3\xa9rer des r\xc3\xa9ponses qu'avec des 
> caract\xc3\xa9ristiques incompatible avec la directive "accept" 
> pr\xc3\xa9sente dans l'ent\xc3\xaate de requ\xc3\xaate.</p><hr class="line" 
> /><h3>Apache Tomcat/9.0.14</h3></body></html>, referer: https://dummy.<xx>
> /?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410
>
>  
>
> [Mon Feb 04 09:27:59.756676 2019] [:error] [pid 9503] [client 147.<xx>:59439] 
> MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code: syntax 
> error (2), referer: https://dummy
> .<xx>/?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410
>
>
>
> I believe that the interesting part is the HTTP 406 answer received while 
> validating the ticket. (La ressource identifiée par cette requète n'est 
> capable de gérer des réponses qu'avec des caractéristiques incompatible 
> avec la directive "accept" présente dans l'entête de requète.)
>
> Looking at the Tomcat logs of the CAS server I see :
>
>
> 147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST 
> /cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 1119
> 147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST 
> /cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 1119
>
>
> The configuration of the mod_auth_cas apache module :
>
> LoadModule auth_cas_module modules/mod_auth_cas.so
>
> <IfModule mod_auth_cas.c>
>     CASVersion 2
>     CASLoginURL https://federation.<xx>/cas/login
>     CASValidateURL https://federation.<xx>/cas/serviceValidate
>     CASProxyValidateURL https://federation.<xx>/cas/proxyValidate
>     CASCertificatePath /etc/httpd/conf.modules.d/federation.<xx>.crt
>     CASValidateSAML On
>     CASCookiePath /var/lib/cas/
>     CASTimeout 7200
>     CASIdleTimeout 7200
>     CASDebug On
> </IfModule>
>
>
> Any help would be greatly appreciated.
>
> Kind regards,
> Jean-Damien
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5f7d1a54-7f68-4b47-894c-6de252db8e49%40apereo.org.

Reply via email to