Hi Leandro, et al, Thanks for responding. I had to put this on hold for a few days, but I am pretty sure the problem is that I didn't make the server accessible via SSL.
Either it isn't very clear in the general CAS client documentation, or I missing something, but the clients are effectively hard-coded to use SSL. Hopefully, that will turn out to be 'it'. Brian On 5/10/10 11:46 PM, Leandro Dardini wrote: > > ------------------------------------------------------------------------ > *Da:* Brian C. Hill [mailto:[email protected]] > *Inviato:* martedì 11 maggio 2010 2.43 > *A:* [email protected] > *Oggetto:* [cas-user] simple problem with cas > > Hello, > > I set up a cas server with a simple configuration (using AD for > authentication). I can go to the CAS login screen directly and > successfully login. > > I tried using mod_cas to use simple apache authentication for > TWiki editing. Apache sends the request to the cas server page to > login, which redirects back to the apache page, but the > 'Authentication Required' error page shows up. > > I also tried using the twiki cas module with perl AuthCAS. The > edit request gets redirected to the cas login page, which > redirects back to the twiki, but that yields an Internal Server > Error, which, looking at the twiki cas auth code, has to do with > the query string from the URL not being what the Twiki CAS auth > component is expecting. The URL that the CAS server sends back is > this one: > > > http://a.b.c/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas > > <http://twiki.tcsg.igt.com/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas> > > There are no useful messages returned by apache, TWiki or CAS. > > Since neither client works, I am assuming I have left something > very simple out of my server configuration, despite several > reviews of the documentation. > > I've attached my deployerConfigContext.html in case that's useful. > I can send along the Apache and Twiki configuration related to CAS > auth if needed. > > What I am using: > > CentOS 5.5 > tomcat5-5.5.23-0jpp.7.el5_3.2 > java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5 > cas-server-3.3.5 > mod_auth_cas-1.0.7-3_ITSudParis > httpd-2.2.3-31.el5.centos.4 > perl-AuthCAS-1.4-1.el5.rf > > Thanks for any clues. > > Brian > > Hi Brian, > > I have exactly your configuration, but I am using the mod_auth_cas module > > _http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas_ > > Maybe your problem is in the apache module configuration. Here it is > my configuration, hoping it helps you. > > # cat /etc/httpd/conf.d/mod_auth_cas.conf > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > > #CASValidateURL > > _https://dvpauthserver:8443/cas/serviceValidate_ > > CASValidateURL > > _https://dvpauthserver:8443/cas/samlValidate_ > > CASLoginURL > > _https://dvpauthserver:8443/cas/login_ > > CASDebug On > > CASValidateServer Off > > CASCertificatePath /etc/httpd/conf.d/client.pem > > CASValidateSAML On > > CASCookiePath /tmp/ > > LoadModule auth_cas_module modules/mod_auth_cas.so > > As you can see I am trying to use SAML protocol between the > mod_auth_cas and the CAS server > > The virtualhost is configured as follows: > > # cat /etc/httpd/conf.d/dvpauthserver.conf <Virtualhost *:80> > ServerName dvpauthserver.comune.prato.it ServerAlias dvpauthserver > > DocumentRoot /var/www/dvpauthserver/html > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASValidateURL https://dvpauthserver:8443/cas/samlValidate > CASLoginURL https://dvpauthserver:8443/cas/login CASDebug On > CASValidateServer Off CASCertificatePath > /etc/httpd/conf.d/client.pem CASValidateSAML On > > <Location /> AuthType CAS > CASAuthNHeader username require valid-user </Location> > </Virtualhost> > > Leandro > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
