Re: [cas-user] Apparent auth success, but authentication failed in moodle

Fri, 18 Dec 2009 07:36:02 -0800 

Hi Johan, thanks for your reply.
I will try using the newer versions, as we run Moodle 1.9.5 and CAS 3.3.3 (I also tried with 3.3.4, same results). I gave a look to your configuration and is roughly similar, except that our ldap is version 2 and not 3 and that we have posix accounts. 

Nonetheless, we use ldap and not ldaps so when you write


Also, make sure that your underlying openssl is properly configured 
for the ldap server ssl certificates; either import the signing CA 
public key(s), or configure not to check (eg. when using self-signed 
certs on the ldap servers)





we actually haven't ldap certificates available, nor our connection to 
ldap is under ssl. We run ssl on apache (not on tomcat), and it's apache 
that proxy redirect the connection to tomcat with its ssl directives:


       ProxyPass / https://localhost:8443/
       ProxyPassReverse /  https://localhost:8443/



Moreover, I have a doubt about the cas.properties file: what's the 
host.name property for?


Cheers,
Giuseppe

Good luck,

Johan

---------------------
INSERT INTO `mdl_config_plugins` (`plugin`, `name`, `value`) VALUES
('auth/cas', 'removeuser', '0'),
('auth/cas', 'groupecreators', ''),
('auth/cas', 'attrcreators', ''),
('auth/cas', 'memberattribute_isdn', ''),
('auth/cas', 'memberattribute', ''),
('auth/cas', 'objectclass', ''),
('auth/cas', 'version', '3'),
('auth/cas', 'bind_pw', 'your-password'),
('auth/cas', 'bind_dn', 'cn=moodleuser,ou=your_ou,dc=yoursite,dc=edu'),
('auth/cas', 'opt_deref', '0'),
('auth/cas', 'search_sub', '1'),
('auth/cas', 'user_attribute', ''),
('auth/cas', 'user_type', 'default'),
('auth/cas', 'contexts', 'ou=web_accounts_ou,dc=yoursite,dc=edu'),
('auth/cas', 'ldapencoding', 'utf-8'),

('auth/cas', 'host_url', 
'ldaps://ldap1.yoursite.edu;ldaps://ldap2.yoursite.edu'),

('auth/cas', 'multiauth', ''),
('auth/cas', 'logoutcas', '1'),
('auth/cas', 'proxycas', ''),
('auth/cas', 'language', 'english'),
('auth/cas', 'baseuri', 'cas/'),
('auth/cas', 'casversion', '2'),
('auth/cas', 'port', '443'),
('auth/cas', 'hostname', 'cas.yoursite.edu');


UPDATE `mdl_user` set `auth` = 'cas' where `auth` = 'manual';



----- Original Message ----- From: "Giuseppe Sollazzo" 
<[email protected]>

To: <[email protected]>
Sent: Thursday, December 17, 2009 9:32 AM

Subject: [cas-user] Apparent auth success, but authentication failed 
in moodle




Hi all,

I was wondering if anyone of you could give me again a hand with 
CAS/Moodle issues. I hope this is not too much off-topic.



Basically, in my setting CAS (3.3.3, over tomcat 5.5 using Apache SSL 
proxying to Tomcat rather than native SSL in Tomcat, as a workaround 
to certificate problems) seems to work properly, as I get the 
following log4j extract:




2009-12-17 16:17:34,381 INFO 
[org.jasig.cas.authentication.AuthenticationManagerImpl] - 
AuthenticationHandler: 
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler 
successfully authenticated the user which provided the following 
credentials: [username: myUser]
2009-12-17 16:17:34,381 DEBUG 
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] 
 - Attempting to resolve a principal...
2009-12-17 16:17:34,381 DEBUG 
[org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver] 
 - Creating SimplePrincipal for [myUser]



I can confirm it works as if I connect straight to the CAS interface, 
I get the "Log in successful" message.



Nonetheless, in Moodle I get an Authentication failed message. I'm 
just wondering if anyone had similar experiences. Can this possibly 
be related to the properties in cas.properties? Or maybe does anyone 
know how to activate logging into phpCAS/moodle?


Thanks,

--
Giuseppe Sollazzo
Systems Developer / Administrator

Computing Services
St. George's, University of London


--

You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user 






--
Giuseppe Sollazzo
Systems Developer / Administrator

Computing Services
St. George's, University of London


--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to