Ray, thank you for the response. I did run the curl from the command line and it worked, specifying the cert to use. I then installed OOD and CAS on CentOS7 and it worked just fine. So I thought I had it down to an issue with the libcurl version. So this morning I compiled an older version of libcurl on RockyLinux 8 and compiled mod_auth_cas against that and it worked! I then went to see what the latest version of libcurl I could use before it breaks. The only problem, I made it all the way to the latest release of libcurl and it is still working! Reboots of the server and still works. I then went back and compiled it against the standard libcurl with Rocky and it still works. Have no idea what changed over the weekend but it looks to be working now without any issues. Very confused, but moving on.
On Monday, October 17, 2022 at 8:58:12 AM UTC-7 Ray Bon wrote: > CJ, > > Java will silently drop requests with an invalid cert. > Should CASCertificatePath point to the OnDemand host cert? > > You could try running the curl command from the command line. > > Ray > > On Fri, 2022-10-14 at 08:41 -0700, CJ Keist wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, > I'm in process of trying to install Open OnDemand 2.0 with CAS > authentication. Following documentation of install mod_auth_cas. After I > access the ondemand server it redirects my browser to our CAS server, which > then authenticates me via DUO. After DUO succeeds, CAS server then > redirects my browser back to the ondemand server with the ticket. At this > point mod_auth_cas fails on the curl_easy_perform function. From the > Apache logs with debug turned on for both Apache and mod_auth_cas, this is > what I see in the logs: > > 921): [client 10.197.140.94:50583] MOD_AUTH_CAS: curl_easy_perform() > failed (), referer: https://login.oregonstate.edu/ > > As you can see, the failed error code is null. So not getting any help as > to why mod_auth_cas is failing to validate the ticket? > > Also confirmed with tcpdump that the ondemand server didn't contact the > CAS server. > > Apache: 2.4.37 > OS: RockyLinux 8 > > created file 01-cas.conf in /etc/httpd/conf.modules.d with: > LoadModule auth_cas_module /usr/lib64/httpd/modules/mod_auth_cas.so > > created file auth_cas.conf in /etc/httpd/conf.d with: > CASDebug on > CASTimeout 43200 > CASIdleTimeout 7200 > CASCookiePath /var/cache/httpd/mod_auth_cas/ > CASCertificatePath /etc/pki/tls/certs/incommon.interm-sha2.crt > CASLoginURL https://server.oregonstate.edu/idp/profile/cas/login > CASValidateURL > https://server.oregonstate.edu/idp/profile/cas/serviceValidate > > In OOD conf file I have: > AuthType CAS > Require valid-user > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/85e1b3de-9ef9-437e-9d41-be641dab0638n%40apereo.org.
