I am trying to get CAS working on my organisation's intranet over SSL. I
have installed the certificate on the apache HTTPD server, and am rewriting
any incoming http://logon.company.org.au/cas/login url as
https://logon.company.org.au/cas/login. The CAS authentication part is
working, however, the redirect to the client application is not.
Firstly, a bit of background on the current setup. I have CAS 3.3.2 running
on Apache Tomcat 6 and Java 6.0 update 19. Apache HTTPD server sits in front
of tomcat and proxies requests through to port 8080 like this:
<Location /cas>
Options +FollowSymlinks
Order Deny,Allow
Allow from All
RewriteEngine on
RewriteBase /cas/
RewriteCond %{HTTP_HOST}
!((^\d+\.\d+\.\d+\.\d+$)|(^([a-z0-9-_]+\.)company\.org\.au$)) [NC]
RewriteRule ^(.*)$
http://logon.company.org.au%{REQUEST_URI}
[R,NE]
ProxyPass http://localhost:8080/cas/
ProxyPassReverse http://localhost:8080/cas/
</Location>
When I add the HTTPS redirect like this, things start breaking:
<Location /cas>
Options +FollowSymlinks
Order Deny,Allow
Allow from All
RewriteEngine on
RewriteBase /cas/
RewriteCond %{HTTP_HOST}
!((^\d+\.\d+\.\d+\.\d+$)|(^([a-z0-9-_]+\.)company\.org\.au$)) [NC]
RewriteRule ^(.*)$
http://logon.company.org.au%{REQUEST_URI}
[R,NE]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$
https://logon.company.org.au%{REQUEST_URI}
[L,R,NE]
ProxyPass http://localhost:8080/cas/
ProxyPassReverse http://localhost:8080/cas/
</Location>
The certificate is installed correctly, and the
https://logon.company.org.au/cas/login link works well.
However when a client application (a java web app using spring security)
accesses CAS, the redirect back to the application fails with this error.
Does anyone know how I can troubleshoot this further. Or can anyone provide
some advice on how to get CAS working over HTTPS with a Apache HTTPD reverse
proxy and Apache tomcat server.
Thanks
SEVERE: org.xml.sax.SAXParseException: White spaces are required between
publicId and systemId.
org.xml.sax.SAXParseException: White spaces are required between publicId
and systemId.
at
org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Lorg.apache.xerces.xni.parser.XMLParseException;)Lorg.xml.sax.SAXParseException;(Unknown
Source)
at
org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Ljava.lang.String;Ljava.lang.String;Lorg.apache.xerces.xni.parser.XMLParseException;)V(Unknown
Source)
at
org.apache.xerces.impl.XMLErrorReporter.reportError(Lorg.apache.xerces.xni.XMLLocator;Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;S)V(Unknown
Source)
at
org.apache.xerces.impl.XMLErrorReporter.reportError(Ljava.lang.String;Ljava.lang.String;[Ljava.lang.Object;S)V(Unknown
Source)
at
org.apache.xerces.impl.XMLScanner.reportFatalError(Ljava.lang.String;[Ljava.lang.Object;)V(Unknown
Source)
at
org.apache.xerces.impl.XMLScanner.scanExternalID([Ljava.lang.String;Z)V(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentScannerImpl.scanDoctypeDecl()Z(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(Z)Z(Unknown
Source)
at
org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Z)Z(Unknown
Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Z)Z(Unknown
Source)
at
org.apache.xerces.parsers.XML11Configuration.parse(Lorg.apache.xerces.xni.parser.XMLInputSource;)V(Unknown
Source)
at
org.apache.xerces.parsers.XMLParser.parse(Lorg.apache.xerces.xni.parser.XMLInputSource;)V(Unknown
Source)
at
org.apache.xerces.parsers.AbstractSAXParser.parse(Lorg.xml.sax.InputSource;)V(Unknown
Source)
at
org.jasig.cas.client.util.XmlUtils.getTextForElement(XmlUtils.java:150)
at
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.parseResponseFromServer(Cas20ServiceTicketValidator.java:77)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:188)
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
