Hi Patrick, If you look at the "Validation Response" in the debug logs, you will see that mod_auth_cas received this from the server:
HTTP/1.1 200 OK [...] yes pln mod_auth_cas by default uses CASVersion 2. This version of the CAS protocol sends ticket validation responses as an XML message. The response you are receiving looks like a CAS version 1 response. It may be that you have pointed the CASValidateURL to the CAS v1 validation URL. The 2 possible fixes are to correct the CASValidateURL or to set the directive CASVersion 1 in your mod_auth_cas configuration. Hope this helps, -Phil On Thu, Mar 19, 2009 at 1:34 PM, Patrick Nolan <[email protected]> wrote: > I first heard of CAS two days ago and decided to try it out. > I'm working with a guy who has a CAS version 2 server. > > My web server is Apache 2.2.3 on a clone of Red Hat Enterprise 5. > I found an RPM for mod_auth_cas 1.0.7 and installed it with no > problem. I made a minimal setup: I set CASLoginURL, CASValidateURL > and CASDebug on. Everything else was left alone. I made a directory > and put the directives > AuthName "CAS" > AuthType CAS > require valid-user > in its configuration. > > When I direct my browser to that directory, it is redirected to the > CAS server's login page. After entering my username and password, > I am sent back to my destination, with > ?ticket=ST-2217-Bj9j9WvqzXqa2arzgZE5 appended to the URL. So far > this looks good. > > Unfortunately the result is a 401 error, "Authorization Required". > I boosted Apache's LogLevel to "debug" and got this: > > [Thu Mar 19 10:27:42 2009] [debug] mod_auth_cas.c(481): [client > 171.64.108.17] CAS Service 'http%3a%2f%2fglast2.stanford.edu%2fCAS' > [Thu Mar 19 10:27:42 2009] [debug] mod_auth_cas.c(506): [client > 171.64.108.17] Adding outgoing header: Location: > https://glast-ground.slac.stanford.edu/cas/login?service=http%3a%2f%2fglast2.stanford.edu%2fCAS > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(550): [client > 171.64.108.17] Modified r->args (old 'ticket=ST-2217-Bj9j9WvqzXqa2arzgZE5', > new '') > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(481): [client > 171.64.108.17] CAS Service 'http%3a%2f%2fglast2.stanford.edu%2fCAS' > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1450): [client > 171.64.108.17] Validation request: GET > /cas/validate?service=http%3a%2f%2fglast2.stanford.edu%2fCAS&ticket=ST-2217-Bj9j9WvqzXqa2arzgZE5 > HTTP/1.1\nHost: glast-ground.slac.stanford.edu\nConnection: close\n\n > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1458): [client > 171.64.108.17] Request successfully transmitted > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 338 bytes of response > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 8 bytes of response > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 0 bytes of response > [Thu Mar 19 10:27:46 2009] [debug] mod_auth_cas.c(1472): [client > 171.64.108.17] Validation response: HTTP/1.1 200 OK\r\nConnection: > close\r\nDate: Thu, 19 Mar 2009 17:27:48 GMT\r\nServer: > Microsoft-IIS/6.0\r\nMicrosoftOfficeWebServer: 5.0_Pub\r\nX-Powered-By: > ASP.NET\r\nPragma: No-cache\r\nCache-Control: no-cache\r\nExpires: Wed, 31 > Dec 1969 16:00:00 PST\r\nSet-Cookie: > JSESSIONID=01AB1BEEA7485E5B91470B7F7B5FB056; Path=/cas; > Secure\r\nContent-Length: 8\r\n\r\nyes\npln\n > [Thu Mar 19 10:27:46 2009] [error] [client 171.64.108.17] MOD_AUTH_CAS: > error parsing CASv2 response: XML parser error code: syntax error (2) > > I don't have a clue how to proceed. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
