Hi Patrick, Are these logs complete, or are there corresponding ticket validation logs by mod_auth_cas for all of those subsequent requests with new tickets?
Can you use something like HttpFox (https://addons.mozilla.org/en-US/firefox/addon/6647) to see if mod_auth_cas is setting a new cookie with each 302 redirect? Is the /CAS resource a directory, or a file? If it is a directory, can you try adding a trailing / to your request? mod_auth_cas generates a 302 redirect in a few situations: -When the user is accessing a "Gateway" protected resource (not the case here, as there is no mention of Gateway in the logs) -When the user has no ticket and no cookie and is accessing a CAS protected resource -After successful ticket validation to the resource the user originally requested -When the user has a cookie, but it does not pass mod_auth_cas' validation check to ensure it has not expired It looks like the user gets a ticket and it validates properly, and that the user is then redirected to their original request, leaving only the 4th option. Can you verify that the directory mod_auth_cas is using to store cookie/session information is writable by the web server and contains files that correspond to the MOD_AUTH_CAS cookie value you receive? This directory is controlled by the CASCookiePath directive. Thanks, -Phil On Thu, Mar 19, 2009 at 2:20 PM, Patrick Nolan <[email protected]> wrote: [snip] > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(851): [client > 171.64.108.17] Insufficient time elapsed since last cache clean > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(994): [client > 171.64.108.17] Cookie '2ba7d38cc0a45d62cd0a16ffa88ea7e5' created for user > 'pln' > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(363): [client > 171.64.108.17] Determining CAS scope (path: /, CASScope: (null), CASRenew: > (null), CASGateway: (null)) > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(643): [client > 171.64.108.17] Adding outgoing header: Set-Cookie: > MOD_AUTH_CAS=2ba7d38cc0a45d62cd0a16ffa88ea7e5;Path=/ > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(481): [client > 171.64.108.17] CAS Service 'http%3a%2f%2fglast2.stanford.edu%2fCAS' > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(506): [client > 171.64.108.17] Adding outgoing header: Location: > https://glast-ground.slac.stanford.edu/cas/login?service=http%3a%2f%2fglast2.stanford.edu%2fCAS > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(550): [client > 171.64.108.17] Modified r->args (old 'ticket=ST-2249-RyvchBENq3HPHMPNELpD', > new '') > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(481): [client > 171.64.108.17] CAS Service 'http%3a%2f%2fglast2.stanford.edu%2fCAS' > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1450): [client > 171.64.108.17] Validation request: GET > /cas/validate?service=http%3a%2f%2fglast2.stanford.edu%2fCAS&ticket=ST-2249-RyvchBENq3HPHMPNELpD > HTTP/1.1\nHost: glast-ground.slac.stanford.edu\nConnection: close\n\n > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1458): [client > 171.64.108.17] Request successfully transmitted > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 338 bytes of response > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 8 bytes of response > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1466): [client > 171.64.108.17] Received 0 bytes of response > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(1472): [client > 171.64.108.17] Validation response: HTTP/1.1 200 OK\r\nConnection: > close\r\nDate: Thu, 19 Mar 2009 18:11:36 GMT\r\nServer: > Microsoft-IIS/6.0\r\nMicrosoftOfficeWebServer: 5.0_Pub\r\nX-Powered-By: > ASP.NET\r\nPragma: No-cache\r\nCache-Control: no-cache\r\nExpires: Wed, 31 > Dec 1969 16:00:00 PST\r\nSet-Cookie: > JSESSIONID=1EE90136D0D96359119D68EC0C009DDA; Path=/cas; > Secure\r\nContent-Length: 8\r\n\r\nyes\npln\n > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(851): [client > 171.64.108.17] Insufficient time elapsed since last cache clean > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(994): [client > 171.64.108.17] Cookie '289b076032f7b96be68db8164b1589b6' created for user > 'pln' > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(363): [client > 171.64.108.17] Determining CAS scope (path: /, CASScope: (null), CASRenew: > (null), CASGateway: (null)) > [Thu Mar 19 11:11:36 2009] [debug] mod_auth_cas.c(643): [client > 171.64.108.17] Adding outgoing header: Set-Cookie: > MOD_AUTH_CAS=289b076032f7b96be68db8164b1589b6;Path=/ > [Thu Mar 19 11:11:37 2009] [debug] mod_auth_cas.c(481): [client > 171.64.108.17] CAS Service 'http%3a%2f%2fglast2.stanford.edu%2fCAS' > [Thu Mar 19 11:11:37 2009] [debug] mod_auth_cas.c(506): [client > 171.64.108.17] Adding outgoing header: Location: > https://glast-ground.slac.stanford.edu/cas/login?service=http%3a%2f%2fglast2.stanford.edu%2fCAS > > gamera.stanford.edu - - [19/Mar/2009:11:11:31 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:35 -0700] "GET > /CAS?ticket=ST-2243-Xqk4Nhhaq2WkuuWtiPqj HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:35 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:35 -0700] "GET > /CAS?ticket=ST-2244-R6EXMFNEasrKYgEe7YHW HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:35 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:35 -0700] "GET > /CAS?ticket=ST-2245-T57XbUFXE1w5VSnZG8hB HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:36 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:36 -0700] "GET > /CAS?ticket=ST-2246-MoJfnIqkJ2F07orRX2AY HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:36 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:36 -0700] "GET > /CAS?ticket=ST-2247-P8ZwzD4kRrXklS7EWnkQ HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:36 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:36 -0700] "GET > /CAS?ticket=ST-2248-Saf0uslViAtzotRDYcB8 HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:36 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > gamera.stanford.edu - pln [19/Mar/2009:11:11:36 -0700] "GET > /CAS?ticket=ST-2249-RyvchBENq3HPHMPNELpD HTTP/1.1" 302 217 "-" "Mozilla/5.0 > (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) Gecko/2009021910 > Firefox/3.0.7" > gamera.stanford.edu - - [19/Mar/2009:11:11:37 -0700] "GET /CAS HTTP/1.1" 302 > 279 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.7) > Gecko/2009021910 Firefox/3.0.7" > [snip] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
