Still wrestling with this, I'm now specifying just the serviceValidate endpoint to remove any possible problems with SAML attribute delivery. My Apache configuration now looks like this:
LoadModule auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so CASCookiePath /var/cache/apache2/mod_auth_cas/ CASLoginURL https://CAS_SERVER/cas/login CASValidateURL https://CAS_SERVER/cas/serviceValidate CASDebug On <LocationMatch ^/auth/> AuthType CAS AuthName "Autentication required" CASAuthNHeader CAS-User Require valid-user </LocationMatch> My logs never show a response validation: [Thu Dec 12 16:54:20.821632 2019] [auth_cas:debug] [pid 20232] mod_auth_cas. c(2675): entering check_vhost_config() [Thu Dec 12 16:54:20.904208 2019] [auth_cas:debug] [pid 20233] mod_auth_cas. c(2675): entering check_vhost_config() [Thu Dec 12 16:54:29.432630 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(2159): [client CLIENT_IP:44734] Entering cas_authenticate() [Thu Dec 12 16:54:29.432643 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(610): [client CLIENT_IP:44734] CAS Service 'https%3a%2f%2fAPP_HOST%2fauth%2f' [Thu Dec 12 16:54:29.432652 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(558): [client CLIENT_IP:44734] entering getCASLoginURL() [Thu Dec 12 16:54:29.432663 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(535): [client CLIENT_IP:44734] entering getCASGateway() [Thu Dec 12 16:54:29.432671 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(625): [client CLIENT_IP:44734] entering redirectRequest() [Thu Dec 12 16:54:29.432681 2019] [auth_cas:debug] [pid 20238] mod_auth_cas. c(637): [client CLIENT_IP:44734] Adding outgoing header: Location: https: //CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:34.729642 2019] [auth_cas:debug] [pid 20235] mod_auth_cas. c(2159): [client CLIENT_IP:44736] Entering cas_authenticate(), referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:34.729659 2019] [auth_cas:debug] [pid 20235] mod_auth_cas. c(682): [client CLIENT_IP:44736] Modified r->args (now ''), referer: https: //CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:34.729749 2019] [auth_cas:debug] [pid 20235] mod_auth_cas. c(1832): [client CLIENT_IP:44736] entering getResponseFromServer(), referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:34.729853 2019] [auth_cas:debug] [pid 20235] mod_auth_cas. c(610): [client CLIENT_IP:44736] CAS Service 'https%3a%2f%2fAPP_HOST%2fauth%2f', referer: https: //CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:35.031085 2019] [auth_cas:debug] [pid 20236] mod_auth_cas. c(2159): [client CLIENT_IP:44754] Entering cas_authenticate(), referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:35.031100 2019] [auth_cas:debug] [pid 20236] mod_auth_cas. c(682): [client CLIENT_IP:44754] Modified r->args (now ''), referer: https: //CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:35.031149 2019] [auth_cas:debug] [pid 20236] mod_auth_cas. c(1832): [client CLIENT_IP:44754] entering getResponseFromServer(), referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f [Thu Dec 12 16:54:35.031241 2019] [auth_cas:debug] [pid 20236] mod_auth_cas. c(610): [client CLIENT_IP:44754] CAS Service 'https%3a%2f%2fAPP_HOST%2fauth%2f', referer: https: //CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f Any idea what could be causing this "Secure Connection Failed" issue on a 5.3 server connection? (I've tried connecting on the latest mod_auth_cas master and v1.2 tag.) Thanks! -Alan -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ec545d94-070a-4a0d-b9e9-8db739d3ab6c%40apereo.org.
