I wanted to follow up on this.  We got this issue resolved.  It turned out 
that the university's CAS server was sending us service tickets that didn't 
have "ST-" prepended to the ticket.  Once they resolved this, things 
started working.

On Thursday, October 8, 2020 at 10:41:32 AM UTC-5 1ms8ygts wrote:

> We are working to integrate mod_auth_cas with a university's CAS
> server. We have this successfully working with over 120 other colleges
> and universities. However, with this one, we are getting some bizarre
> behavior, that I hope somebody can help explain:
>
> 1. The application successfully redirects the unauthenticated user to
> their CAS server login page.
>
> 2. When I monitor the live HTTP headers, I see what looks like their CAS
> login server redirecting to another server with a ../login/callback url.
>
> 3. Then it looks like something called a callback code is generated and
> then a ticket of some time is created and then we are redirected back to
> mod_auth_cas with a short query string of: "?ticket=8NWAY5Y9TD66jAnF"
>
> 4. But at this point, mod_auth_cas redirects back to the login url, not
> the serviceValidate url, and we get a HTTP/2.0 400 Bad Request in the
> http headers. All I see in our Apache debug log that seems related is:
>
> mod_headers.c(848): AH01503: headers: ap_headers_error_filter()
>
> I'm not familar with this callback thing. Is there something that we
> need to be doing with mod_auth_cas to accomodate this?
>
> BTW, if helpful, I can supply apache debug logs and live http headers.
>
> Thanks,
> Bryan
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4c8a080b-c61e-4121-8608-9c32059dc89fn%40apereo.org.

Reply via email to