Hi, You may want to try the libcurl branch of mod_auth_cas, which allows, but complains, about HTTP on the service validation URL:
https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/branches/curl/ As an aside, we are currently asking for testers for the libcurl branch. If you're interested, please feel free to give it a spin and let us know if you have any problems. Thanks, -Phil On Fri, May 14, 2010 at 3:33 AM, Brian Hill <[email protected]> wrote: > Hi Leandro, et al, > > Thanks for responding. I had to put this on hold for a few days, but I am > pretty sure the problem is that I didn't make the server accessible via SSL. > > Either it isn't very clear in the general CAS client documentation, or I > missing something, but the clients are effectively hard-coded to use SSL. > > Hopefully, that will turn out to be 'it'. > > Brian > > On 5/10/10 11:46 PM, Leandro Dardini wrote: > > ________________________________ > Da: Brian C. Hill [mailto:[email protected]] > Inviato: martedì 11 maggio 2010 2.43 > A: [email protected] > Oggetto: [cas-user] simple problem with cas > > Hello, > > I set up a cas server with a simple configuration (using AD for > authentication). I can go to the CAS login screen directly and successfully > login. > > I tried using mod_cas to use simple apache authentication for TWiki editing. > Apache sends the request to the cas server page to login, which redirects > back to the apache page, but the 'Authentication Required' error page shows > up. > > I also tried using the twiki cas module with perl AuthCAS. The edit request > gets redirected to the cas login page, which redirects back to the twiki, > but that yields an Internal Server Error, which, looking at the twiki cas > auth code, has to do with the query string from the URL not being what the > Twiki CAS auth component is expecting. The URL that the CAS server sends > back is this one: > > http://a.b.c/bin/login/TWiki/TWikiSite?t=1273537473;ticket=ST-5-xhJu5deURaXKWSbN7hu6-cas;origurl=/bin/edit/TWiki/TWikiSite%3Ft%3D1273537473%26ticket%3DST-5-xhJu5deURaXKWSbN7hu6-cas > > There are no useful messages returned by apache, TWiki or CAS. > > Since neither client works, I am assuming I have left something very simple > out of my server configuration, despite several reviews of the > documentation. > > I've attached my deployerConfigContext.html in case that's useful. I can > send along the Apache and Twiki configuration related to CAS auth if needed. > > What I am using: > > CentOS 5.5 > tomcat5-5.5.23-0jpp.7.el5_3.2 > java-1.6.0-openjdk-devel-1.6.0.0-1.7.b09.el5 > cas-server-3.3.5 > mod_auth_cas-1.0.7-3_ITSudParis > httpd-2.2.3-31.el5.centos.4 > perl-AuthCAS-1.4-1.el5.rf > > Thanks for any clues. > > Brian > > Hi Brian, > > I have exactly your configuration, but I am using the mod_auth_cas module > > http://www.ja-sig.org/wiki/display/CASC/mod_auth_cas > > Maybe your problem is in the apache module configuration. Here it is my > configuration, hoping it helps you. > > > > # cat /etc/httpd/conf.d/mod_auth_cas.conf > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > > #CASValidateURL > > https://dvpauthserver:8443/cas/serviceValidate > > CASValidateURL > > https://dvpauthserver:8443/cas/samlValidate > > CASLoginURL > > https://dvpauthserver:8443/cas/login > > CASDebug On > > CASValidateServer Off > > CASCertificatePath /etc/httpd/conf.d/client.pem > > CASValidateSAML On > > CASCookiePath /tmp/ > > LoadModule auth_cas_module modules/mod_auth_cas.so > > > > As you can see I am trying to use SAML protocol between the mod_auth_cas and > the CAS server > > The virtualhost is configured as follows: > > > > # cat /etc/httpd/conf.d/dvpauthserver.conf > <Virtualhost *:80> > ServerName dvpauthserver.comune.prato.it > ServerAlias dvpauthserver > > DocumentRoot /var/www/dvpauthserver/html > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASValidateURL https://dvpauthserver:8443/cas/samlValidate > CASLoginURL https://dvpauthserver:8443/cas/login > CASDebug On > CASValidateServer Off > CASCertificatePath /etc/httpd/conf.d/client.pem > CASValidateSAML On > > <Location /> > AuthType CAS > CASAuthNHeader username > require valid-user > </Location> > </Virtualhost> > > > > Leandro > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
