I wanted to follow up on this. We got this issue resolved. It turned out that the university's CAS server was sending us service tickets that didn't have "ST-" prepended to the ticket. Once they resolved this, things started working.
On Thursday, October 8, 2020 at 10:41:32 AM UTC-5 1ms8ygts wrote: > We are working to integrate mod_auth_cas with a university's CAS > server. We have this successfully working with over 120 other colleges > and universities. However, with this one, we are getting some bizarre > behavior, that I hope somebody can help explain: > > 1. The application successfully redirects the unauthenticated user to > their CAS server login page. > > 2. When I monitor the live HTTP headers, I see what looks like their CAS > login server redirecting to another server with a ../login/callback url. > > 3. Then it looks like something called a callback code is generated and > then a ticket of some time is created and then we are redirected back to > mod_auth_cas with a short query string of: "?ticket=8NWAY5Y9TD66jAnF" > > 4. But at this point, mod_auth_cas redirects back to the login url, not > the serviceValidate url, and we get a HTTP/2.0 400 Bad Request in the > http headers. All I see in our Apache debug log that seems related is: > > mod_headers.c(848): AH01503: headers: ap_headers_error_filter() > > I'm not familar with this callback thing. Is there something that we > need to be doing with mod_auth_cas to accomodate this? > > BTW, if helpful, I can supply apache debug logs and live http headers. > > Thanks, > Bryan > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c8a080b-c61e-4121-8608-9c32059dc89fn%40apereo.org.
