Hi Phil, I have not tried any other AuthType directives. I'm pretty new to httpd authentication.
I could try "AuthType Basic", but I wouldn't quickly know how to set up the other required details so that a test should work. E.g. an authentication-provider module and an authorization module, a user file and group file... Is there a quick & well-packaged test I could run? Lars On 6/19/2009 2:34 PM, Phil Ames wrote: > Hi Lars, > Are you able to get any other AuthType directives to work on that > location (e.g. AuthType Basic)? Is it just AuthType CAS that is > failing? > > Thanks, > > -Phil > > On Fri, Jun 19, 2009 at 3:25 PM, Lars Huttar<[email protected]> wrote: >> Thanks for your quick response. >> You were right, there was a LogLevel directive for <VirtualHost *> that >> was overriding the global LogLevel and setting it to "warn". >> >> However, even after I put "LogLevel debug" in all the <VirtualHost> >> directives, and restarted httpd and accessed the "protected" resources >> again, there is still nothing in the logs about CAS. >> I checked the error log, access log, and ssl_error log. The error log >> has more than it used to: it has stuff about mod_proxy_http.c, in >> addition to what it already had about proxy_util.c. But nothing about >> CAS that I can find. >> >> One thing I noticed was that the ssl_error log kept giving the warnings, >> "RSA server certificate CommonName (CN) 'localhost.localdomain' does NOT >> match server name!?" >> and >> "RSA server certificate is a CA certificate (BasicConstraints: CA == >> TRUE !?)" >> >> I didn't think that was relevant, but it reminded me that I hadn't yet >> configured CASCertificatePath or put the certificates in there. >> I tentatively tried setting that up, but got errors saying that the file >> I specified (/etc/ssl/certs/myca.crt) was "not a regular file." So I >> took CASCertificatePath out again. (I checked the permissions to get to >> the cert file ... they seemed fine.) >> >> >> Any further help would be appreciated... I'm still not getting debugging >> output from mod_auth_cas. >> >> Thanks, >> Lars >> >> >> On 6/19/2009 12:56 PM, Phil Ames wrote: >>> Hi Lars, >>> Can you please make sure that the "LogLevel" directive for that >>> VirtualHost is set to Debug as well? CASDebug On does output debug >>> logs, but often times the LogLevel is set to "warn" or something >>> similar that causes those logs to be discarded instead of output in >>> the file. >>> >>> Thanks, >>> -Phil >>> >>> On Fri, Jun 19, 2009 at 1:12 PM, Lars Huttar<[email protected]> wrote: >>>> On 6/19/2009 12:08 PM, Lars Huttar wrote: >>>>> Hello, >>>>> >>>>> I'm new to CAS. We've been using a different SSO system for our >>>>> Intranet, but are moving to CAS because it means not having to go >>>>> through a distant reverse-proxy on every http request. >>>>> >>>>> I've been configuring an Apache httpd instance to use mod_auth_cas. >>>>> As far as I can tell, I have things configured right in >>>>> /etc/httpd/conf.d/auth_cas.conf. But when I try navigating to the >>>>> protected URLs from a browser (e.g. >>>>> http://mydomain/arcgis/rest/services), Apache serves the pages without >>>>> (AFAICT) doing any CAS authentication at all. >>>> P.S. >>>> Let me add that when I access these "protected" URLs, nothing additional >>>> (e.g. no debug info and no errors) gets written to the error log. >>>> >>>> The access log shows a normal access occurring: >>>> 172.20.6.57 - - [DateTime] "GET /arcgis/rest/services/ HTTP/1.1" >>>> 200 etc. >>>> Nothing else. >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
