Progress! I now get this response:
Received response from https://mycampus.arcadia.edu/cas/clearPass?ticket=&service=https://mycampus.arcadia.edu/cas/clearPass, but cas:credientials IsNullOrEmpty. Check CAS server logs for errors. Make sure SSL certs are trusted. We don't have direct access to our CAS server, so we'll have to contact our host to add the certificate to their end. I got the cert from a free site, but I'm guessing that's the problem. James On Fri, Nov 12, 2010 at 9:34 AM, William G. Thompson, Jr. <[email protected]>wrote: > On Fri, Nov 12, 2010 at 9:30 AM, James Winter <[email protected]> wrote: > > We have some additional problems (the test server is unable to access the > > CAS server at all) so I'm going to have to wait until that's resolved. > > That would help. :) > > > > > Both servers are using commericial certs, and I'm pretty sure Clearpass > is > > working. When I go to /cas/clearPass I don't get a login prompt, I just > get > > the "No authentication information provided." response. > > Login first, and then try the clearPass URL you should get the following: > <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> > <cas:clearPassFailure>invalid sevice > specified</cas:clearPassFailure> > </cas:clearPassResponse> > > Bill > > > > > James > > > > > > > > On Fri, Nov 12, 2010 at 9:13 AM, William G. Thompson, Jr. < > [email protected]> > > wrote: > >> > >> If you're using self-signed certs, both IIS and the CAS JVM must be > >> configured to trust them. > >> > >> If you're using commercial certs there shouldn't be an issue. > >> > >> Have you verified Clearpass extension is working? > >> > >> 7. Verify ClearPass install > >> Authenticate normally by visiting https://{host}/cas/clearPass. You > >> should get this message back. > >> > >> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> > >> <cas:clearPassFailure>invalid sevice > >> specified</cas:clearPassFailure> > >> </cas:clearPassResponse> > >> > >> > >> Bill > >> > >> > >> > >> On Fri, Nov 12, 2010 at 9:04 AM, James Winter <[email protected]> > wrote: > >> > Sorry to be clueless, I was kind of thrown into the deep end here with > >> > the > >> > CAS/OWA implentation. What do you mean by "cert is known to the cas > jvm > >> > and > >> > vice versa"? > >> > I did get a valid SSL certificate for our test server with no change. > I > >> > still get the HttpContext.Current.User is null error. > >> > Thanks for the help. > >> > > >> > James > >> > > >> > > >> > > >> > On Thu, Nov 11, 2010 at 9:40 PM, William G. Thompson, Jr. > >> > <[email protected]> > >> > wrote: > >> >> > >> >> You need to make sure that the exchange server cert is known to the > >> >> cas jvm and visa versa. > >> >> > >> >> Bill > >> >> > >> >> > >> >> On Thu, Nov 11, 2010 at 9:30 PM, James Winter <[email protected]> > >> >> wrote: > >> >> > I'm a little farther, I'm now at the point where I get the > >> >> > "HttpContext.Current.User is null" error but I read that they be > due > >> >> > to > >> >> > an > >> >> > incorrect SSL certificate which our Exchange server has. I set the > >> >> > skip > >> >> > OWA > >> >> > cert parameter to false, but I don't know if that effects the CAS > >> >> > side > >> >> > of > >> >> > things. > >> >> > Is there something I need to do on the CAS side of the setup to > allow > >> >> > the > >> >> > process, or should a correct SSL cert do the trick? > >> >> > I'll find out tomorrow. > >> >> > > >> >> > -James > >> >> > On Nov 11, 2010, at 7:39 PM, "William G. Thompson, Jr." > >> >> > <[email protected]> > >> >> > wrote: > >> >> > > >> >> > Did you follow these instructions? > >> >> > https://wiki.jasig.org/pages/viewpage.action?pageId=29133913 > >> >> > > >> >> > Bill > >> >> > > >> >> > > >> >> > On Thu, Nov 11, 2010 at 4:29 PM, James Winter <[email protected] > > > >> >> > wrote: > >> >> > > >> >> > Some background: > >> >> > > >> >> > I setup the CAS Client for OWA on a test Exchange 2003 server in > IIS > >> >> > 6 > >> >> > and I > >> >> > > >> >> > can successfully get to server.domain.local/coa/auth. I get > >> >> > redirected > >> >> > to > >> >> > > >> >> > the CAS login, which then redirects me back to > >> >> > > >> >> > server.domain.local/coa/auth?ticket=ST-XXX-xxxxetc which gives me a > >> >> > 404 > >> >> > > >> >> > error. > >> >> > > >> >> > Am I missing a configuration piece somewhere? Or does anyone know > >> >> > what > >> >> > the > >> >> > > >> >> > CasOwa.OwaUrl should be for Exchange 2003? I've tried /exchange, > >> >> > /exchweb, > >> >> > > >> >> > /exchweb/bin/auth, and a few others with no change. > >> >> > > >> >> > Thanks. > >> >> > > >> >> > -James > >> >> > > >> >> > -- > >> >> > > >> >> > You are currently subscribed to [email protected] as: > >> >> > > >> >> > [email protected] > >> >> > > >> >> > To unsubscribe, change settings or access archives, see > >> >> > > >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >> > > >> >> > -- > >> >> > You are currently subscribed to [email protected] as: > >> >> > [email protected] > >> >> > To unsubscribe, change settings or access archives, see > >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >> > > >> >> > -- > >> >> > You are currently subscribed to [email protected] as: > >> >> > [email protected] > >> >> > To unsubscribe, change settings or access archives, see > >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> >> > >> >> -- > >> >> You are currently subscribed to [email protected] as: > >> >> [email protected] > >> >> To unsubscribe, change settings or access archives, see > >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > >> > -- > >> > You are currently subscribed to [email protected] as: > >> > [email protected] > >> > To unsubscribe, change settings or access archives, see > >> > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > >> -- > >> You are currently subscribed to [email protected] as: > >> [email protected] > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
