________________________________
Da: Brian C. Hill [mailto:[email protected]]
Inviato: martedì 11 maggio 2010 2.43
A: [email protected]
Oggetto: [cas-user] simple problem with cas
Hello,
I set up a cas server with a simple configuration (using AD for
authentication). I can go to the CAS login screen directly and successfully
login.
I tried using mod_cas to use simple apache authentication for TWiki
editing. Apache sends the request to the cas server page to login, which
redirects back to the apache page, but the 'Authentication Required' error page
shows up.
I also tried using the twiki cas module with perl AuthCAS. The edit
request gets redirected to the cas login page, which redirects back to the
twiki, but that yields an Internal Server Error, which, looking at the twiki
cas auth code, has to do with the query string from the URL not being what the
Twiki CAS auth component is expecting. The URL that the CAS server sends back
is this one:
http://a.b.c/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas
<http://twiki.tcsg.igt.com/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas>
There are no useful messages returned by apache, TWiki or CAS.
Since neither client works, I am assuming I have left something very
simple out of my server configuration, despite several reviews of the
documentation.
I've attached my deployerConfigContext.html in case that's useful. I
can send along the Apache and Twiki configuration related to CAS auth if needed.
What I am using:
CentOS 5.5
tomcat5-5.5.23-0jpp.7.el5_3.2
java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5
cas-server-3.3.5
mod_auth_cas-1.0.7-3_ITSudParis
httpd-2.2.3-31.el5.centos.4
perl-AuthCAS-1.4-1.el5.rf
Thanks for any clues.
Brian
Hi Brian,
I have exactly your configuration, but I am using the mod_auth_cas module
http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas
<http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas>
Maybe your problem is in the apache module configuration. Here it is my
configuration, hoping it helps you.
# cat /etc/httpd/conf.d/mod_auth_cas.conf
CASCookiePath /var/cache/apache2/mod_auth_cas/
#CASValidateURL https://dvpauthserver:8443/cas/serviceValidate
<https://dvpauthserver:8443/cas/serviceValidate>
CASValidateURL https://dvpauthserver:8443/cas/samlValidate
<https://dvpauthserver:8443/cas/samlValidate>
CASLoginURL https://dvpauthserver:8443/cas/login
<https://dvpauthserver:8443/cas/login>
CASDebug On
CASValidateServer Off
CASCertificatePath /etc/httpd/conf.d/client.pem
CASValidateSAML On
CASCookiePath /tmp/
LoadModule auth_cas_module modules/mod_auth_cas.so
As you can see I am trying to use SAML protocol between the mod_auth_cas and
the CAS server
The virtualhost is configured as follows:
# cat /etc/httpd/conf.d/dvpauthserver.conf
<Virtualhost *:80>
ServerName dvpauthserver.comune.prato.it
ServerAlias dvpauthserver
DocumentRoot /var/www/dvpauthserver/html
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASValidateURL https://dvpauthserver:8443/cas/samlValidate
CASLoginURL https://dvpauthserver:8443/cas/login
CASDebug On
CASValidateServer Off
CASCertificatePath /etc/httpd/conf.d/client.pem
CASValidateSAML On
<Location />
AuthType CAS
CASAuthNHeader username
require valid-user
</Location>
</Virtualhost>
Leandro
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
