CJ, Java will silently drop requests with an invalid cert. Should CASCertificatePath point to the OnDemand host cert?
You could try running the curl command from the command line. Ray On Fri, 2022-10-14 at 08:41 -0700, CJ Keist wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, I'm in process of trying to install Open OnDemand 2.0 with CAS authentication. Following documentation of install mod_auth_cas. After I access the ondemand server it redirects my browser to our CAS server, which then authenticates me via DUO. After DUO succeeds, CAS server then redirects my browser back to the ondemand server with the ticket. At this point mod_auth_cas fails on the curl_easy_perform function. From the Apache logs with debug turned on for both Apache and mod_auth_cas, this is what I see in the logs: 921): [client 10.197.140.94:50583] MOD_AUTH_CAS: curl_easy_perform() failed (), referer: https://login.oregonstate.edu/ As you can see, the failed error code is null. So not getting any help as to why mod_auth_cas is failing to validate the ticket? Also confirmed with tcpdump that the ondemand server didn't contact the CAS server. Apache: 2.4.37 OS: RockyLinux 8 created file 01-cas.conf in /etc/httpd/conf.modules.d with: LoadModule auth_cas_module /usr/lib64/httpd/modules/mod_auth_cas.so created file auth_cas.conf in /etc/httpd/conf.d with: CASDebug on CASTimeout 43200 CASIdleTimeout 7200 CASCookiePath /var/cache/httpd/mod_auth_cas/ CASCertificatePath /etc/pki/tls/certs/incommon.interm-sha2.crt CASLoginURL https://server.oregonstate.edu/idp/profile/cas/login CASValidateURL https://server.oregonstate.edu/idp/profile/cas/serviceValidate In OOD conf file I have: AuthType CAS Require valid-user -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f7f7a5c78f350e369e5d11793f8ce4b3639615ee.camel%40uvic.ca.
