Thanks for your quick response. You were right, there was a LogLevel directive for <VirtualHost *> that was overriding the global LogLevel and setting it to "warn".
However, even after I put "LogLevel debug" in all the <VirtualHost> directives, and restarted httpd and accessed the "protected" resources again, there is still nothing in the logs about CAS. I checked the error log, access log, and ssl_error log. The error log has more than it used to: it has stuff about mod_proxy_http.c, in addition to what it already had about proxy_util.c. But nothing about CAS that I can find. One thing I noticed was that the ssl_error log kept giving the warnings, "RSA server certificate CommonName (CN) 'localhost.localdomain' does NOT match server name!?" and "RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)" I didn't think that was relevant, but it reminded me that I hadn't yet configured CASCertificatePath or put the certificates in there. I tentatively tried setting that up, but got errors saying that the file I specified (/etc/ssl/certs/myca.crt) was "not a regular file." So I took CASCertificatePath out again. (I checked the permissions to get to the cert file ... they seemed fine.) Any further help would be appreciated... I'm still not getting debugging output from mod_auth_cas. Thanks, Lars On 6/19/2009 12:56 PM, Phil Ames wrote: > Hi Lars, > Can you please make sure that the "LogLevel" directive for that > VirtualHost is set to Debug as well? CASDebug On does output debug > logs, but often times the LogLevel is set to "warn" or something > similar that causes those logs to be discarded instead of output in > the file. > > Thanks, > -Phil > > On Fri, Jun 19, 2009 at 1:12 PM, Lars Huttar<[email protected]> wrote: >> On 6/19/2009 12:08 PM, Lars Huttar wrote: >>> Hello, >>> >>> I'm new to CAS. We've been using a different SSO system for our >>> Intranet, but are moving to CAS because it means not having to go >>> through a distant reverse-proxy on every http request. >>> >>> I've been configuring an Apache httpd instance to use mod_auth_cas. >>> As far as I can tell, I have things configured right in >>> /etc/httpd/conf.d/auth_cas.conf. But when I try navigating to the >>> protected URLs from a browser (e.g. >>> http://mydomain/arcgis/rest/services), Apache serves the pages without >>> (AFAICT) doing any CAS authentication at all. >> P.S. >> Let me add that when I access these "protected" URLs, nothing additional >> (e.g. no debug info and no errors) gets written to the error log. >> >> The access log shows a normal access occurring: >> 172.20.6.57 - - [DateTime] "GET /arcgis/rest/services/ HTTP/1.1" 200 >> etc. >> Nothing else. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
