Ok, found it digging in the archive. I want a SAML answer and I'm not using the correct endpoint.
Replacing with : #CASValidateURL https://federation.<xx>/cas/serviceValidate CASValidateURL https://federation.<xx>/cas/samlValidate CASValidateSAML On Solve the issue. Kind regards, Jean-Damien On Monday, February 4, 2019 at 12:40:17 PM UTC+1, Jean-Damien POGOLOTTI wrote: > > Turning CASValidateSAML to Off in the mod_auth_cas configuration correct > the issue : > > CASValidateSAML On > > > But I need to understand why. > > Did I miss to include a dependency in my build.gradle ? Following are > added : > > dependencies { > compile > "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}" > compile > "org.apereo.cas:cas-server-support-ldap:${project.'cas.version'}" > compile "com.unboundid:unboundid-ldapsdk:4.0.9" > compile > "org.apereo.cas:cas-server-support-json-service-registry:${project.'cas.version'}" > compile > "org.apereo.cas:cas-server-support-saml:${project.'cas.version'}" > compile > "org.apereo.cas:cas-server-support-saml-idp-ticket:${project.'cas.version'}" > compile > "org.apereo.cas:cas-server-support-saml-idp:${project.'cas.version'}" > compile > "org.apereo.cas:cas-server-support-saml-idp-metadata:${project.'cas.version'}" > compile > "org.apereo.cas:cas-server-support-saml-idp-web:${project.'cas.version'}" > } > > > Kind regards, > Jean-Damien > > > On Monday, February 4, 2019 at 9:56:56 AM UTC+1, Jean-Damien POGOLOTTI > wrote: >> >> Hi there, >> >> I've just installed CAS 6.1.0 to replace our legacy SSO infrastructure >> and I'm facing an issue while trying to authenticate from a web app secured >> by mod_auth_cas. >> >> Redirection to the CAS service works, authentification is done but I >> receive an HTTP 401 in my web application. >> >> Looking in the mod_auth_cas logs (set to debug), I see the following : >> >> [Mon Feb 04 09:27:59.756552 2019] [:debug] [pid 9503] >> mod_auth_cas.c(1442): [client 147.<xx>:59439] MOD_AUTH_CAS: response = >> <!doctype html><html lang="fr"><head><title>\xc3\x89tat HTTP 406 >> \xe2\x80\x93 Inacceptable</title><style type="text/css">h1 >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} >> >> h2 >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} >> >> h3 >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} >> >> body >> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b >> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} >> p >> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} >> >> a {color:black;} a.name {color:black;} .line >> {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>\xc3\x89tat >> >> HTTP 406 \xe2\x80\x93 Inacceptable</h1><hr class="line" /><p><b>Type</b> >> Rapport d'\xc3\xa9tat</p><p><b>description</b> La ressource >> identifi\xc3\xa9e par cette requ\xc3\xaate n'est capable de >> g\xc3\xa9n\xc3\xa9rer des r\xc3\xa9ponses qu'avec des >> caract\xc3\xa9ristiques incompatible avec la directive "accept" >> pr\xc3\xa9sente dans l'ent\xc3\xaate de requ\xc3\xaate.</p><hr class="line" >> /><h3>Apache Tomcat/9.0.14</h3></body></html>, referer: https://dummy. >> <xx>/?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410 >> >> >> >> [Mon Feb 04 09:27:59.756676 2019] [:error] [pid 9503] [client >> 147.<xx>:59439] >> MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code: syntax >> error (2), referer: https://dummy >> .<xx>/?ticket=ST-41-aF1h-Q9qm9Ri-Gd01CUyPOwxjtQvmi-prod-410 >> >> >> >> I believe that the interesting part is the HTTP 406 answer received while >> validating the ticket. (La ressource identifiée par cette requète n'est >> capable de gérer des réponses qu'avec des caractéristiques incompatible >> avec la directive "accept" présente dans l'entête de requète.) >> >> Looking at the Tomcat logs of the CAS server I see : >> >> >> 147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST >> /cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 >> 1119 >> 147.<xx> - - [04/Feb/2019:09:52:59 +0100] "POST >> /cas/serviceValidate?TARGET=https%3a%2f%2fdummy.<xx>%2f HTTP/1.1" 406 >> 1119 >> >> >> The configuration of the mod_auth_cas apache module : >> >> LoadModule auth_cas_module modules/mod_auth_cas.so >> >> <IfModule mod_auth_cas.c> >> CASVersion 2 >> CASLoginURL https://federation.<xx>/cas/login >> CASValidateURL https://federation.<xx>/cas/serviceValidate >> CASProxyValidateURL https://federation.<xx>/cas/proxyValidate >> CASCertificatePath /etc/httpd/conf.modules.d/federation.<xx>.crt >> CASValidateSAML On >> CASCookiePath /var/lib/cas/ >> CASTimeout 7200 >> CASIdleTimeout 7200 >> CASDebug On >> </IfModule> >> >> >> Any help would be greatly appreciated. >> >> Kind regards, >> Jean-Damien >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/a5f0ea65-ad9d-4d25-9edc-6edad2daf776%40apereo.org.
