Hi Lars, Are you able to get any other AuthType directives to work on that location (e.g. AuthType Basic)? Is it just AuthType CAS that is failing?
Thanks, -Phil On Fri, Jun 19, 2009 at 3:25 PM, Lars Huttar<[email protected]> wrote: > Thanks for your quick response. > You were right, there was a LogLevel directive for <VirtualHost *> that > was overriding the global LogLevel and setting it to "warn". > > However, even after I put "LogLevel debug" in all the <VirtualHost> > directives, and restarted httpd and accessed the "protected" resources > again, there is still nothing in the logs about CAS. > I checked the error log, access log, and ssl_error log. The error log > has more than it used to: it has stuff about mod_proxy_http.c, in > addition to what it already had about proxy_util.c. But nothing about > CAS that I can find. > > One thing I noticed was that the ssl_error log kept giving the warnings, > "RSA server certificate CommonName (CN) 'localhost.localdomain' does NOT > match server name!?" > and > "RSA server certificate is a CA certificate (BasicConstraints: CA == > TRUE !?)" > > I didn't think that was relevant, but it reminded me that I hadn't yet > configured CASCertificatePath or put the certificates in there. > I tentatively tried setting that up, but got errors saying that the file > I specified (/etc/ssl/certs/myca.crt) was "not a regular file." So I > took CASCertificatePath out again. (I checked the permissions to get to > the cert file ... they seemed fine.) > > > Any further help would be appreciated... I'm still not getting debugging > output from mod_auth_cas. > > Thanks, > Lars > > > On 6/19/2009 12:56 PM, Phil Ames wrote: >> Hi Lars, >> Can you please make sure that the "LogLevel" directive for that >> VirtualHost is set to Debug as well? CASDebug On does output debug >> logs, but often times the LogLevel is set to "warn" or something >> similar that causes those logs to be discarded instead of output in >> the file. >> >> Thanks, >> -Phil >> >> On Fri, Jun 19, 2009 at 1:12 PM, Lars Huttar<[email protected]> wrote: >>> On 6/19/2009 12:08 PM, Lars Huttar wrote: >>>> Hello, >>>> >>>> I'm new to CAS. We've been using a different SSO system for our >>>> Intranet, but are moving to CAS because it means not having to go >>>> through a distant reverse-proxy on every http request. >>>> >>>> I've been configuring an Apache httpd instance to use mod_auth_cas. >>>> As far as I can tell, I have things configured right in >>>> /etc/httpd/conf.d/auth_cas.conf. But when I try navigating to the >>>> protected URLs from a browser (e.g. >>>> http://mydomain/arcgis/rest/services), Apache serves the pages without >>>> (AFAICT) doing any CAS authentication at all. >>> P.S. >>> Let me add that when I access these "protected" URLs, nothing additional >>> (e.g. no debug info and no errors) gets written to the error log. >>> >>> The access log shows a normal access occurring: >>> 172.20.6.57 - - [DateTime] "GET /arcgis/rest/services/ HTTP/1.1" 200 >>> etc. >>> Nothing else. >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
