> -----Messaggio originale----- > Da: David Hawes [mailto:[email protected]] > Inviato: lunedì 3 maggio 2010 20.18 > A: [email protected] > Oggetto: Re: R: R: [cas-user] Getting info about the backend > authentication used > > On 5/3/10 12:33 PM, Leandro Dardini wrote: > ... > > Thank you for your help, your patch will be really useful. > However for > > now we are trying only to check for the type of authentication > > succeded. I am working on a test CAS server with the > > "SimpleTestUsernamePasswordAuthenticationHandler" (the one accepting > > username=password) and the > "AcceptUsersAuthenticationHandler" (the one > > from the example, with scott/secret). > > > > Unfortunately I am not receiving the additional information > regarding > > the succeded authentication handler in the HTTP header. The only > > additional information in the header is the user logged in. > > > > The general section of httpd configuration file reports: > > > > CASValidateURL https://dvpauthserver:8443/cas/samlValidate > > CASLoginURL https://dvpauthserver:8443/cas/login CASDebug On > > CASValidateServer Off CASCertificatePath > /etc/httpd/conf.d/client.pem > > CASValidateSAML On LoadModule auth_cas_module > modules/mod_auth_cas.so > > > > The virtualhost section reports: > > > > <Location /> AuthType CAS CASAuthNHeader CAS_USER require > valid-user > > </Location> > > Do you see the SAML request and response in your debug logs? > If any attributes are returned, they will be in this log. > > Also, have you configured a CASCookiePath? >
I thank you all for your patience, but the problems I am having with the authentication succeded are not solved. Thinking of a problem due to the simple method implemented, I add the AD/LDAP authentication and this get me some time. Now I can look at the SAML exchange, but there are no useful information in there. Validation request: POST /cas/samlValidate?TARGET=http%3a%2f%2fdvpauthserver.comune.prato.it%2f HTTP/1.0 Host: dvpauthserver soapaction: http://www.oasis-open.org/committees/securitycache-control: no-cache\r\npragma: no-cache\r\naccept: text/xml\r\nconnection: keep-alive\r\ncontent-type: text/xml\r\nC ontent-Length: 382\r\n\r\n<?xml version="1.0" encoding="utf-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.or g/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorV ersion="1" MinorVersion="1"><samlp:AssertionArtifact>ST-3-cOxDMdlaGvGTrF9JfpXl-cas</samlp:AssertionArtifact></samlp:Request> </SOAP-ENV:Body></SOAP-ENV:Envelope> [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] Request successfully transmitted [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] Received 1628 bytes of response [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] Received 0 bytes of response [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] Validation response: HTTP/1.1 200 OK\r\nServer: Apache-Coyote/1. 1\r\nContent-Type: text/xml;charset=UTF-8\r\nContent-Language: it-IT\r\nDate: Thu, 06 May 2010 15:30:52 GMT\r\nConnection: c lose\r\n\r\n<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelop e/"><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:S AML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"; IssueInstant="2010-05-06T15:30:52.270Z" MajorVersion="1" MinorVersion="1" Recip ient="http://dvpauthserver.comune.prato.it/"; ResponseID="_7aefa17d02e2f29f00fd450f7f3f9fe6"><Status><StatusCode Value="samlp :Success"></StatusCode></Status><Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_07d510c6bea1b09b8eb2e cc139a3061f" IssueInstant="2010-05-06T15:30:52.270Z" Issuer="localhost" MajorVersion="1" MinorVersion="1"><Conditions NotBef ore="2010-05-06T15:30:52.270Z" NotOnOrAfter="2010-05-06T15:31:22.270Z"><AudienceRestrictionCondition><Audience>http://dvpaut hserver.comune.prato.it/</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstan t="2010-05-06T15:30:52.240Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>bf45 </NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></Subj ectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope> [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] entering isValidCASTicket() [Thu May 06 17:30:52 2010] [error] [client 192.168.100.251] MOD_AUTH_CAS: response = <?xml version="1.0" encoding="UTF-8"?>< SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmln s="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc: SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; IssueI nstant="2010-05-06T15:30:52.270Z" MajorVersion="1" MinorVersion="1" Recipient="http://dvpauthserver.comune.prato.it/"; Respon seID="_7aefa17d02e2f29f00fd450f7f3f9fe6"><Status><StatusCode Value="samlp:Success"></StatusCode></Status><Assertion xmlns="u rn:oasis:names:tc:SAML:1.0:assertion" AssertionID="_07d510c6bea1b09b8eb2ecc139a3061f" IssueInstant="2010-05-06T15:30:52.270Z " Issuer="localhost" MajorVersion="1" MinorVersion="1"><Conditions NotBefore="2010-05-06T15:30:52.270Z" NotOnOrAfter="2010-0 5-06T15:31:22.270Z"><AudienceRestrictionCondition><Audience>http://dvpauthserver.comune.prato.it/</Audience></AudienceRestri ctionCondition></Conditions><AuthenticationStatement AuthenticationInstant="2010-05-06T15:30:52.240Z" AuthenticationMethod=" urn:oasis:names:tc:SAML:1.0:am:unspecified"><Subject><NameIdentifier>bf45</NameIdentifier><SubjectConfirmation><Confirmation Method>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement ></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
