Thanks. Now in the debug logs I think I'm seeing the right XML
response from the CAS server.
This appears to be the error I'm getting now:
[Thu Nov 11 14:16:24 2010] [crit] [client IPADDRESS] configuration
error: couldn't check access. No groups file?: /castest/hello.html,
referer: <snip>
Maybe this is set up wrong, but I didn't think we needed to so any
local validation.
We were planning on letting CAS do all of the authentication, and
anyone that successfully authenticates can have access to this
directory (that's all I need to get working for the moment).
-Bob
On Nov 11, 2010, at 4:01 PM, Matt Smith wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Looks like you are using the CAS 1.0 protocol when talking to your CAS
server. You should do one of the following:
1) Use the CAS 2.0 protocol, generally by replacing "validate" with
"serviceValidate" in CASValidateURL (if your CAS server supports it)
2) Add "CASVersion 1" to your conf, forcing m-a-c to use the CAS 1.0
protocol.
Please let us know if this helps,
- -Matt
On 11/11/2010 04:06 PM, Bob Frank wrote:
Hi,
I'm helping Kim Cary install CAS on a Mac OS X SL Apache instance
using mod_auth_cas, and could use a little help. I checked out the
source using:
svn co https://source.jasig.org/cas-clients/mod_auth_cas/trunk/
built via:
apxs -i -c mod_auth_cas.c
The server is running Apache 2.2.14 and its a Mac OS X Server 10.6.4
Just for testing, for the moment, we're just protecting a directory
"/
castest" in the Doc Root, here are my Apache config directives:
CASDebug On
CASLoginURL https://cas.pepperdine.edu:8443/cas/login
CASValidateURL https://cas.pepperdine.edu:8443/cas/validate
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASCertificatePath /etc/certificates/
CASValidateServer Off
<Location /castest >
AuthType CAS
AuthName "CAS"
require valid-user
</Location>
I get redirected to the CAS server, get the ticket, mod_auth_cas sees
the ticket and validates it via the CAS server, but can't correctly
interpret the response coming back from the CAS server validation.
We can't debug it any further at this point and am a bit stumped.
I'd appreciate any help solving this issue or advice on how to debug
it further.
CAS Error message:
[Thu Nov 11 12:56:40 2010] [error] [client MY.IP.ADDRESS]
MOD_AUTH_CAS: error parsing CASv2 response: XML parser error code:
syntax error (2)
Thanks,
Bob
- --
Matthew J. Smith
University of Connecticut UITS
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkzcZ8YACgkQGER0Au6g8xAXfACgmFV5b37xkWOgAFJyQwv4qCOP
9PMAnRucNt9cuqRNpDE93SJIbKl6Mh3e
=bCsL
-----END PGP SIGNATURE-----
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
