Hi, I would suggest avoiding the test I recommended since the SSL configuration is different. My bet is that the module is just reading garbage encrypted data since the handshake is probably failing. I will look into how mod_auth_cas can gracefully handle this issue. Would you mind creating a JIRA issue to track this and describing your configuration so I can duplicate it for testing?
-Phil On Mon, Feb 15, 2010 at 3:17 PM, J Lopez <[email protected]> wrote: > Hi Phil, > > Right now I'm at home. Tomorrow i will recompile mod_auth_cas with that > parameter increased to 65536 and will make a new test. > Anyway I do not think it is a size problem. In my opinion it is something > related to SSL. The only difference that occurs to me is that SSL VH in > Apache is making optional client certificate, tomcat is not doing that. > > In my previous logs when debugging mod_auth_cas with apache always prints > a line that says > > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1757): [client > 172.23.20.38] Received -1 bytes of response > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1763): [client > 172.23.20.38] Validation response: \x9d\x15 > > Reading SSL_read doc it seems an error occurs. > > I will also make a test removing optional client certification validation > for Apache SSL VH > > Thanks for your time. > Regards > > On Mon, Feb 15, 2010 at 7:31 PM, Phil Ames <[email protected]> wrote: >> >> Strange, it does appear that the response is well-formed when it comes >> back. Can you try increasing CAS_MAX_RESPONSE_SIZE from 4096 to some >> larger value (e.g. 65536 or some other large value) and re-compiling? >> The output of the debug log then may shed some light on what exactly >> mod_auth_cas is seeing when it goes to validate. >> >> -Phil >> >> On Mon, Feb 15, 2010 at 1:09 PM, J Lopez <[email protected]> wrote: >> > Hi Phil, >> > >> > Sorry I send the mail before finishing it. >> > I'm using a self signed certificate but it is the same from tomcat and >> > tomcat it's working >> > >> > I send you the same wget result using tomcat >> > >> > wget >> > >> > "https://djboss4201.cyii.corp:8443/cas/serviceValidate?service=http://dalfresco01.cyii.corp/alfresco&ticket=ST-10-r9t6yxqsbbkob77jsnB1-cas"; >> > --2010-02-15 19:03:58-- >> > >> > https://djboss4201.cyii.corp:8443/cas/serviceValidate?service=http://dalfresco01.cyii.corp/alfresco&ticket=ST-10-r9t6yxqsbbkob77jsnB1-cas >> > Resolving djboss4201.cyii.corp... 172.23.102.5 >> > Connecting to djboss4201.cyii.corp|172.23.102.5|:8443... connected. >> > ERROR: cannot verify djboss4201.cyii.corp's certificate, issued by >> > `/C=ES/ST=Madrid/L=Madrid/O=CYII/OU=Div. Integracion de >> > sistemas/CN=djboss4201.cyii.corp': >> > Self-signed certificate encountered. >> > To connect to djboss4201.cyii.corp insecurely, use >> > `--no-check-certificate'. >> > Unable to establish SSL connection. >> > >> > Anyway if I use wget with Apache and option --no-check-certificate the >> > response using apache is correct. >> > >> > wget --no-check-certificate >> > >> > "https://djboss4201.cyii.corp/cas/serviceValidate?service=http://dalfresco01.cyii.corp/alfresco&ticket=ST-9-p4sfceld9FAgjDSzhfTe-cas"; >> > --2010-02-15 18:50:41-- >> > >> > https://djboss4201.cyii.corp/cas/serviceValidate?service=http://dalfresco01.cyii.corp/alfresco&ticket=ST-9-p4sfceld9FAgjDSzhfTe-cas >> > Resolving djboss4201.cyii.corp... 172.23.102.5 >> > Connecting to djboss4201.cyii.corp|172.23.102.5|:443... connected. >> > WARNING: cannot verify djboss4201.cyii.corp's certificate, issued by >> > `/C=ES/ST=Some-State/O=Canal de Isabell II/CN=djboss4201.cyii.corp': >> > Self-signed certificate encountered. >> > HTTP request sent, awaiting response... 200 OK >> > Length: 174 [text/html] >> > Saving to: >> > >> > `serviceValidate?service=http:%2F%2Fdalfresco01.cyii.corp%2Falfresco&ticket=ST-9-p4sfceld9FAgjDSzhfTe-cas' >> > 100%[======================================>] 174 --.-K/s in >> > 0s >> > 2010-02-15 18:50:41 (3.24 MB/s) - >> > >> > `serviceValidate?service=http:%2F%2Fdalfresco01.cyii.corp%2Falfresco&ticket=ST-9-p4sfceld9FAgjDSzhfTe-cas' >> > saved [174/174] >> > >> > >> > >> > >> > more >> > >> > serviceValidate\?service\=http\:%2F%2Fdalfresco01.cyii.corp%2Falfresco\&ticket\=ST-9-p4sfceld9FAgjDSzhfTe-cas >> > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> > <cas:authenticationSuccess> >> > <cas:user>C26329</cas:user> >> > </cas:authenticationSuccess> >> > </cas:serviceResponse> >> > >> > >> > Thanks in advance. >> > Regards >> > On Thu, Feb 11, 2010 at 8:59 PM, Phil Ames <[email protected]> wrote: >> >> >> >> Hi, >> >> The error message you are receiving basically indicates that more than >> >> 4096(CAS_MAX_RESPONSE_SIZE) bytes of response data are returned when >> >> mod_auth_cas hits the service validate URL. Can you manually create a >> >> ticket and hit that URL using something like curl or wget to see how >> >> much data comes back and what it is actually in it? >> >> >> >> You should be able to accomplish this by intercepting the redirect >> >> from the CAS server to the mod_auth_cas host and ignoring it, then >> >> manually access the >> >> >> >> >> >> http://cas.example.com/cas/serviceValidate?service=[service]&ticket=[ticket] >> >> >> >> Thanks, >> >> -Phil >> >> >> >> On Thu, Feb 11, 2010 at 11:14 AM, Lopetegui <[email protected]> wrote: >> >> > Hi, >> >> > >> >> > I have a working CAS server that is accesible via HTTPS >> >> > (443) with Apache (2.2.9-10+lenny) + mod-jk (1.2.18-3etch2)+ Jboss >> >> > 4.2.3 >> >> > and via HTTPS to the same Jboss in a Debian etch box. >> >> > >> >> > I have compiled and configured mod_auth_cas in a diferrent >> >> > machine, >> >> > RHEL. My mod_auth_cas configuration is >> >> > >> >> > /etc/httpd/conf.d/mod_auth_cas.conf >> >> > >> >> > LoadModule auth_cas_module modules/mod_auth_cas.so >> >> > CASCookiePath /tmp/cas/ >> >> > >> >> > # CAS Apache >> >> > #CASLoginURL https://djboss4201.cyii.corp/cas/login >> >> > #CASValidateURL https://djboss4201.cyii.corp/cas/serviceValidate >> >> > # CAS Jboss >> >> > CASLoginURL https://djboss4201.cyii.corp:8443/cas/login >> >> > CASValidateURL https://djboss4201.cyii.corp:8443/cas/serviceValidate >> >> > >> >> > CASCertificatePath /etc/httpd/cas.pem >> >> > CASValidateServer Off >> >> > CASDebug On >> >> > <Location /alfresco> >> >> > AuthType CAS >> >> > AuthName "CAS" >> >> > require valid-user >> >> > CASScope /alfresco >> >> > </Location> >> >> > >> >> > >> >> > My problem is when the mod_auth_cas configuration points to >> >> > HTTPS >> >> > 443 Apache does not work but it works if I use Jboss. I paste the >> >> > Apache >> >> > error log with the error: >> >> > >> >> > >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(511): [client >> >> > 172.23.20.38] entering getCASService() >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(540): [client >> >> > 172.23.20.38] CAS Service >> >> > 'http%3a%2f%2fdalfresco01.cyii.corp%2falfresco' >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(485): [client >> >> > 172.23.20.38] entering getCASLoginURL() >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(445): [client >> >> > 172.23.20.38] entering getCASGateway() >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(556): [client >> >> > 172.23.20.38] entering redirectRequest() >> >> > [Thu Feb 11 17:04:29 2010] [debug] src/mod_auth_cas.c(568): [client >> >> > 172.23.20.38] Adding outgoing header: Location: >> >> > >> >> > https://djboss4201.cyii.corp/cas/login?service=http%3a%2f%2fdalfresco01.cyii.corp%2falfresco >> >> > [Thu Feb 11 17:04:31 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:04:31 2010] [debug] src/mod_auth_cas.c(608): [client >> >> > 172.23.20.38] Modified r->args (old >> >> > 'ticket=ST-2-CeV6ZB5jXzeq2ljoy4ow-cas', >> >> > new '') >> >> > [Thu Feb 11 17:04:31 2010] [debug] src/mod_auth_cas.c(1626): [client >> >> > 172.23.20.38] entering getResponseFromServer() >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(511): [client >> >> > 172.23.20.38] entering getCASService() >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(540): [client >> >> > 172.23.20..38] CAS Service >> >> > 'http%3a%2f%2fdalfresco01.cyii.corp%2falfresco' >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(468): [client >> >> > 172.23.20.38] entering getCASValidateURL() >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1741): [client >> >> > 172.23.20.38] Validation request: GET >> >> > >> >> > /cas/serviceValidate?service=http%3a%2f%2fdalfresco01.cyii.corp%2falfresco&ticket=ST-2-CeV6ZB5jXzeq2ljoy4ow-cas >> >> > HTTP/1.0\nHost: djboss4201.cyii.corp\n\n >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1749): [client >> >> > 172.23.20.38] Request successfully transmitted >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1757): [client >> >> > 172.23.20.38] Received -1 bytes of response >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1763): [client >> >> > 172.23.20.38] Validation response: \x9d\x15 >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(468): [client >> >> > 172.23.20.38] entering getCASValidateURL() >> >> > [Thu Feb 11 17:04:32 2010] [error] [client 172.23.20.38] >> >> > MOD_AUTH_CAS: >> >> > oversized response received from >> >> > djboss4201.cyii.corp/cas/serviceValidate >> >> > [Thu Feb 11 17:04:32 2010] [debug] src/mod_auth_cas.c(1281): [client >> >> > 172.23.20.38] entering isValidCASTicket() >> >> > >> >> > I do not know much about the SSL handshake but it seems that can not >> >> > read the response. >> >> > Besides the CAS ticket checking is being performed properly. I paste >> >> > cas.log with the full autentication, service ticket grant and >> >> > consumption >> >> > >> >> > 2010-02-11 17:08:19,637 DEBUG >> >> > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor >> >> > generated >> >> > service for: http://dalfresco01.cyii.corp/alfresco >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] >> >> > - >> >> > Action 'SpnegoNegociateCredentialsAction' beginning execution >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.web.flow..SpnegoNegociateCredentialsAction] >> >> > - >> >> > Authorization header not found. Sending WWW-Authenticate header >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas..support.spnego.web.flow.SpnegoNegociateCredentialsAction] >> >> > - >> >> > Action 'SpnegoNegociateCredentialsAction' completed execution; result >> >> > is >> >> > 'success' >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > Action >> >> > 'SpnegoCredentialsAction' beginning execution >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > Action >> >> > 'SpnegoCredentialsAction' completed execution; result is 'error' >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas.adaptors.x509..web.flow.X509CertificateCredentialsNonInteractiveAction] >> >> > - Action 'X509CertificateCredentialsNonInteractiveAction' beginning >> >> > execution >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] >> >> > - Certificates not found in request. >> >> > 2010-02-11 17:08:19,638 DEBUG >> >> > >> >> > [org.jasig.cas.adaptors.x509.web.flow.X509CertificateCredentialsNonInteractiveAction] >> >> > - Action 'X509CertificateCredentialsNonInteractiveAction' completed >> >> > execution; result is 'error' >> >> > 2010-02-11 17:08:19,649 DEBUG >> >> > [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor >> >> > generated >> >> > service for: http://dalfresco01.cyii.corp/alfresco >> >> > 2010-02-11 17:08:19,651 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] >> >> > - >> >> > Action 'SpnegoNegociateCredentialsAction' beginning execution >> >> > 2010-02-11 17:08:19,651 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] >> >> > - >> >> > Action 'SpnegoNegociateCredentialsAction' completed execution; result >> >> > is >> >> > 'success' >> >> > 2010-02-11 17:08:19,651 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > Action >> >> > 'SpnegoCredentialsAction' beginning execution >> >> > 2010-02-11 17:08:19,651 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > SPNEGO >> >> > Authorization header found with 2004 bytes >> >> > 2010-02-11 17:08:19,652 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > Obtained >> >> > token: `Ù+ Í0É $0" *H÷ *H÷ >> >> > +7 >> >> > ¢ *H÷n0 ¡¢ £°a¬0¨ ¡ >> >> > >> >> > >> >> > YII.CORP¢'0% ¡0TTPjboss4201.cyii..corp£i0e ¢\XdªTt^dZ|Jñ¢mÇÿ*\<:o6·l1ð½o:QÅÉÎãð+þÐ >> >> > ;g§v3ï¨ñNHu Rl.æÉ >> >> > fô2öâèQï¯3sRÓÑzÔØ7.Ö»P^&C¾çH¾ãRq8ä:IP^n±sWCþº5of:¦þâc>Ðüåç[ÚsÕ_½E >> >> > oæ'Ì;öNkjZÃÑúýà]ÚÜ<9H?,©ýtÈáPûGÉu >> >> > p...@úßÓó¹ôs1ǧ2üoh6 Àñµ±J,;<üQ >> >> > 5Í609FÂêâA7i >> >> > »...@ì´ÓУzÝùø \ë]#"Æ >> >> > ÏÀêÍÒýý¼¾ãÇW%\t«%M_òþIXI ÓÝCÐ*5,ìh >> >> > *çHP½ù¤4 ðá1:ÏS%MrþÀVõ¨ÜÒPÜAå©A¤}1¿<J°d4|ö/°>кs;bvÃ97òú©ô_CÎ >> >> > Ò >> >> > >> >> > O_ÂEDb!ùf;mj£Èg8æØ�...@s >> >> > ¸ä¨NÆÇä >> >> > õùq½ >> >> > 2F"p¬...@ȱÁ¹rõ¡ï5||¡µÀ*0«w®rKEù¿)`½ºCÜ-YôG¯ >> >> > >> >> > >> >> > `2»S.¨ÄµWïY^á!&å¿õ¨Um_:L8½°c¡ ÕTH?ìëH`o°R×Öñ¢ç*áÎeöPKîæÜfü!pdHgìÍU¾ÎZ¬#Çl÷TPÝà±CÿùG*Êù½wKJÝü¢ >> >> > éO!Èõ`ãñ2^ @Sfcƨ& >> >> > ©w(p_ÏÃÇ)Ük�...@ýª|Ï}Ùkã®ËK>d®ÔåmïÖø fëL|ÙÓ^˳ù¸jS'u¤¸0µ ¢ª >> >> > è9/^Q'dÉT=ÌA"x >> >> > 8ÕåßÒ1ü÷|òX3ü½² >> >> > jOÓ7ø¦ýØâùÃ¥â¤à >> >> > ¿¢4ªâ#S§?2dÍÇ~ÈÅ°ú[ñCø[êÕÍ4WåÀ($º&>ΰï°Õ½sêͺ_!IWa÷¸»Õ_ >> >> > JuIAèo >> >> > 2010-02-11 17:08:19,652 DEBUG >> >> > [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to >> >> > create >> >> > TicketGrantingTicket for Principal is null >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > >> >> > [org.jasig..cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] >> >> > - Setting nextToken in credentials >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler] >> >> > - Kerberos Credentials is valid for user [[email protected]] >> >> > 2010-02-11 17:08:19,722 INFO >> >> > [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> >> > AuthenticationHandler: >> >> > >> >> > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler >> >> > successfully authenticated the user which provided the following >> >> > credentials: C26329 >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] >> >> > - Attempting to resolve a principal... >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > >> >> > [org.jasig.cas.support.spnego.authentication.principal.SpnegoCredentialsToPrincipalResolver] >> >> > - Creating SimplePrincipal for [C26329] >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Added ticket >> >> > [TGT-3-YcXmQpTn4Q0sYMQmkIqPtaC1CmVcaDWv5ohy5fWbfBY7wIc9QW-cas] to >> >> > registry. >> >> > 2010-02-11 17:08:19,722 DEBUG >> >> > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - >> >> > Obtained >> >> > output token: 0} >> >> > ¡ >> >> > *H÷¢ig`e *H÷oV0T ¡¢H0F ¢?=µD+«þ/4mR!tÜø >> >> > Ô¶æ >> >> > 2010-02-11 >> >> > 17:08:19,723 >> >> > DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] >> >> > - >> >> > Action 'SpnegoCredentialsAction' completed execution; result is >> >> > 'success' >> >> > 2010-02-11 17:08:19,723 DEBUG >> >> > [org.jasig.cas.web.support.CookieRetrievingCookieGenerator] - Added >> >> > cookie >> >> > with name [CASTGC] and value >> >> > [TGT-3-YcXmQpTn4Q0sYMQmkIqPtaC1CmVcaDWv5ohy5fWbfBY7wIc9QW-cas] >> >> > 2010-02-11 17:08:19,723 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> >> > retrieve ticket >> >> > [TGT-3-YcXmQpTn4Q0sYMQmkIqPtaC1CmVcaDWv5ohy5fWbfBY7wIc9QW-cas] >> >> > 2010-02-11 17:08:19,723 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> >> > [TGT-3-YcXmQpTn4Q0sYMQmkIqPtaC1CmVcaDWv5ohy5fWbfBY7wIc9QW-cas] found >> >> > in >> >> > registry. >> >> > 2010-02-11 17:08:19,723 DEBUG >> >> > [org.jasig.cas..ticket.registry.DefaultTicketRegistry] - Added ticket >> >> > [ST-3-cjlRiOfRb4bz6cf2MPfC-cas] to registry. >> >> > 2010-02-11 17:08:19,723 INFO >> >> > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >> >> > ticket >> >> > [ST-3-cjlRiOfRb4bz6cf2MPfC-cas] for service >> >> > [http://dalfresco01.cyii.corp/alfresco] for user [C26329] >> >> > >> >> > >> >> > PuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTYPuTTY2010-02-11 >> >> > 17:08:19,946 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - >> >> > Extractor generated service for: >> >> > http://dalfresco01.cyii.corp/alfresco >> >> > 2010-02-11 17:08:19,948 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Attempting to >> >> > retrieve ticket [ST-3-cjlRiOfRb4bz6cf2MPfC-cas] >> >> > 2010-02-11 17:08:19,948 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Ticket >> >> > [ST-3-cjlRiOfRb4bz6cf2MPfC-cas] found in registry. >> >> > 2010-02-11 17:08:19,948 DEBUG >> >> > [org.jasig.cas.ticket.registry.DefaultTicketRegistry] - Removing >> >> > ticket >> >> > [ST-3-cjlRiOfRb4bz6cf2MPfC-cas] from registry >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > When the mod_auth_cas configuration points to HTTPS 8443 (Jboss) it >> >> > works. I paste the Apache error log file showing it is working. >> >> > >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(511): [client >> >> > 172.23.20.38] entering getCASService() >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(540): [client >> >> > 172.23.20.38] CAS Service >> >> > 'http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f' >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(485): [client >> >> > 172.23.20.38] entering getCASLoginURL() >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(445): [client >> >> > 172.23.20..38] entering getCASGateway() >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(556): [client >> >> > 172.23.20.38] entering redirectRequest() >> >> > [Thu Feb 11 17:01:29 2010] [debug] src/mod_auth_cas.c(568): [client >> >> > 172.23.20.38] Adding outgoing header: Location: >> >> > >> >> > https://djboss4201.cyii.corp:8443/cas/login?service=http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(511): [client >> >> > 172.23.20.38] entering getCASService() >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(540): [client >> >> > 172.23.20.38] CAS Service >> >> > 'http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f' >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(485): [client >> >> > 172.23.20.38] entering getCASLoginURL() >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(445): [client >> >> > 172.23.20.38] entering getCASGateway() >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(556): [client >> >> > 172.23.20.38] entering redirectRequest() >> >> > [Thu Feb 11 17:01:31 2010] [debug] src/mod_auth_cas.c(568): [client >> >> > 172.23.20.38] Adding outgoing header: Location: >> >> > >> >> > https://djboss4201.cyii.corp:8443/cas/login?service=http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(608): [client >> >> > 172.23.20.38] Modified r->args (old >> >> > 'ticket=ST-1-Ay2SQZkNjiT1VPoGzpRs-cas', >> >> > new '') >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(1626): [client >> >> > 172.23.20.38] entering getResponseFromServer() >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(511): [client >> >> > 172.23.20.38] entering getCASService() >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(540): [client >> >> > 172.23.20.38] CAS Service >> >> > 'http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f' >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(468): [client >> >> > 172.23.20.38] entering getCASValidateURL() >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(1741): [client >> >> > 172.23.20.38] Validation request: GET >> >> > >> >> > /cas/serviceValidate?service=http%3a%2f%2fdalfresco01.cyii.corp%2falfresco%2f&ticket=ST-1-Ay2SQZkNjiT1VPoGzpRs-cas >> >> > HTTP/1.0\nHost: djboss4201.cyii.corp\n\n >> >> > [Thu Feb 11 17:01:39 2010] [debug] src/mod_auth_cas.c(1749): [client >> >> > 172.23.20.38] Request successfully transmitted >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1757): [client >> >> > 172.23.20.38] Received 471 bytes of response >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1757): [client >> >> > 172.23.20.38] Received 0 bytes of response >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1763): [client >> >> > 172.23.20.38] Validation response: HTTP/1.1 200 OK\r\nServer: >> >> > Apache-Coyote/1.1\r\nX-Powered-By: Servlet 2.4; JBoss-4.2.3.GA >> >> > (build: >> >> > SVNTag=JBoss_4_2_3_GA >> >> > date=200807181417)/JBossWeb-2.0\r\nContent-Type: >> >> > text/html;charset=ISO-8859-1\r\nContent-Language: >> >> > es-ES\r\nContent-Length: >> >> > 174\r\nDate: Thu, 11 Feb 2010 16:01:36 GMT\r\nConnection: >> >> > close\r\n\r\n<cas:serviceResponse >> >> > >> >> > xmlns:cas='http://www.yale.edu/tp/cas'>\n\t<cas:authenticationSuccess>\n\t\t<cas:user>C26329</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse> >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1281): [client >> >> > 172.23.20.38] entering isValidCASTicket() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1295): [client >> >> > 172.23.20.38] MOD_AUTH_CAS: response = <cas:serviceResponse >> >> > >> >> > xmlns:cas='http://www.yale.edu/tp/cas'>\n\t<cas:authenticationSuccess>\n\t\t<cas:user>C26329</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse> >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1112): [client >> >> > 172.23.20.38] entering createCASCookie() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(935): [client >> >> > 172.23.20.38] entering CASCleanCache() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(977): [client >> >> > 172.23.20.38] Beginning cache clean >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(995): [client >> >> > 172.23.20.38] Processing cache file >> >> > '5f78ccce60890ff3ef1ea0f769695b86' >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1252): [client >> >> > 172.23.20.38] entering deleteCASCacheFile() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1007): [client >> >> > 172.23.20.38] Removing expired cache entry >> >> > '5f78ccce60890ff3ef1ea0f769695b86' >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1032): [client >> >> > 172.23.20.38] entering writeCASCacheEntry() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1138): [client >> >> > 172.23.20.38] Cookie '677c1fa457301c54ebe0247fd0aa5bb0' created for >> >> > user >> >> > 'C26329' >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(684): [client >> >> > 172.23.20.38] entering setCASCookie() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(396): [client >> >> > 172.23.20.38] Determining CAS scope (path: /alfresco/, CASScope: >> >> > /alfresco, >> >> > CASRenew: (null), CASGateway: (null)) >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(707): [client >> >> > 172.23.20.38] Adding outgoing header: Set-Cookie: >> >> > MOD_AUTH_CAS=677c1fa457301c54ebe0247fd0aa5bb0;Path=/alfresco >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1469): [client >> >> > 172.23.20.38] entering isValidCASCookie() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1032): [client >> >> > 172.23.20.38] entering writeCASCacheEntry() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1469): [client >> >> > 172.23.20.38] entering isValidCASCookie() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:40 2010] [debug] src/mod_auth_cas.c(1032): [client >> >> > 172.23.20.38] entering writeCASCacheEntry() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1469): [client >> >> > 172.23.20.38] entering isValidCASCookie() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1032): [client >> >> > 172.23.20.38] entering writeCASCacheEntry() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1805): [client >> >> > 172.23.20.38] Entering cas_authenticate() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1469): [client >> >> > 172.23.20.38] entering isValidCASCookie() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(780): [client >> >> > 172.23.20.38] entering readCASCacheFile() >> >> > [Thu Feb 11 17:01:41 2010] [debug] src/mod_auth_cas.c(1032): [client >> >> > 172.23.20.38] entering writeCASCacheEntry() >> >> > >> >> > >> >> > Can somebody give me some help with this. >> >> > >> >> > Thanks in advance. >> >> > >> >> > Regards. >> >> > >> >> > >> >> > >> >> > >> >> > >> >> > -- >> >> > <BR> >> >> > You are currently subscribed to [email protected] as: >> >> > [email protected] >> >> > <BR> >> >> > To unsubscribe, change settings or access archives, see >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > >> >> > >> >> >> >> -- >> >> <BR> >> >> You are currently subscribed to [email protected] as: >> >> [email protected] >> >> <BR> >> >> To unsubscribe, change settings or access archives, see >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> > >> > >> > >> > -- >> > Saludos. >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > > -- > Saludos. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
