What does it mean that the ticket parameter is blank in that error message? I understand that var proxyTicket = user.GetProxyTicketFor(ClearPassUri); is returning nothing, but is that also caused by the SSL cert?
James On Fri, Nov 12, 2010 at 10:13 AM, James Winter <[email protected]> wrote: > Progress! > > I now get this response: > > Received response from > https://mycampus.arcadia.edu/cas/clearPass?ticket=&service=https://mycampus.arcadia.edu/cas/clearPass, > but cas:credientials IsNullOrEmpty. Check CAS server logs for errors. Make > sure SSL certs are trusted. > > We don't have direct access to our CAS server, so we'll have to contact our > host to add the certificate to their end. I got the cert from a free site, > but I'm guessing that's the problem. > > James > > > > > On Fri, Nov 12, 2010 at 9:34 AM, William G. Thompson, Jr. < > [email protected]> wrote: > >> On Fri, Nov 12, 2010 at 9:30 AM, James Winter <[email protected]> >> wrote: >> > We have some additional problems (the test server is unable to access >> the >> > CAS server at all) so I'm going to have to wait until that's resolved. >> >> That would help. :) >> >> > >> > Both servers are using commericial certs, and I'm pretty sure Clearpass >> is >> > working. When I go to /cas/clearPass I don't get a login prompt, I just >> get >> > the "No authentication information provided." response. >> >> Login first, and then try the clearPass URL you should get the following: >> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:clearPassFailure>invalid sevice >> specified</cas:clearPassFailure> >> </cas:clearPassResponse> >> >> Bill >> >> >> >> > James >> > >> > >> > >> > On Fri, Nov 12, 2010 at 9:13 AM, William G. Thompson, Jr. < >> [email protected]> >> > wrote: >> >> >> >> If you're using self-signed certs, both IIS and the CAS JVM must be >> >> configured to trust them. >> >> >> >> If you're using commercial certs there shouldn't be an issue. >> >> >> >> Have you verified Clearpass extension is working? >> >> >> >> 7. Verify ClearPass install >> >> Authenticate normally by visiting https://{host}/cas/clearPass. You >> >> should get this message back. >> >> >> >> <cas:clearPassResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> >> <cas:clearPassFailure>invalid sevice >> >> specified</cas:clearPassFailure> >> >> </cas:clearPassResponse> >> >> >> >> >> >> Bill >> >> >> >> >> >> >> >> On Fri, Nov 12, 2010 at 9:04 AM, James Winter <[email protected]> >> wrote: >> >> > Sorry to be clueless, I was kind of thrown into the deep end here >> with >> >> > the >> >> > CAS/OWA implentation. What do you mean by "cert is known to the cas >> jvm >> >> > and >> >> > vice versa"? >> >> > I did get a valid SSL certificate for our test server with no change. >> I >> >> > still get the HttpContext.Current.User is null error. >> >> > Thanks for the help. >> >> > >> >> > James >> >> > >> >> > >> >> > >> >> > On Thu, Nov 11, 2010 at 9:40 PM, William G. Thompson, Jr. >> >> > <[email protected]> >> >> > wrote: >> >> >> >> >> >> You need to make sure that the exchange server cert is known to the >> >> >> cas jvm and visa versa. >> >> >> >> >> >> Bill >> >> >> >> >> >> >> >> >> On Thu, Nov 11, 2010 at 9:30 PM, James Winter <[email protected]> >> >> >> wrote: >> >> >> > I'm a little farther, I'm now at the point where I get the >> >> >> > "HttpContext.Current.User is null" error but I read that they be >> due >> >> >> > to >> >> >> > an >> >> >> > incorrect SSL certificate which our Exchange server has. I set the >> >> >> > skip >> >> >> > OWA >> >> >> > cert parameter to false, but I don't know if that effects the CAS >> >> >> > side >> >> >> > of >> >> >> > things. >> >> >> > Is there something I need to do on the CAS side of the setup to >> allow >> >> >> > the >> >> >> > process, or should a correct SSL cert do the trick? >> >> >> > I'll find out tomorrow. >> >> >> > >> >> >> > -James >> >> >> > On Nov 11, 2010, at 7:39 PM, "William G. Thompson, Jr." >> >> >> > <[email protected]> >> >> >> > wrote: >> >> >> > >> >> >> > Did you follow these instructions? >> >> >> > https://wiki.jasig.org/pages/viewpage.action?pageId=29133913 >> >> >> > >> >> >> > Bill >> >> >> > >> >> >> > >> >> >> > On Thu, Nov 11, 2010 at 4:29 PM, James Winter < >> [email protected]> >> >> >> > wrote: >> >> >> > >> >> >> > Some background: >> >> >> > >> >> >> > I setup the CAS Client for OWA on a test Exchange 2003 server in >> IIS >> >> >> > 6 >> >> >> > and I >> >> >> > >> >> >> > can successfully get to server.domain.local/coa/auth. I get >> >> >> > redirected >> >> >> > to >> >> >> > >> >> >> > the CAS login, which then redirects me back to >> >> >> > >> >> >> > server.domain.local/coa/auth?ticket=ST-XXX-xxxxetc which gives me >> a >> >> >> > 404 >> >> >> > >> >> >> > error. >> >> >> > >> >> >> > Am I missing a configuration piece somewhere? Or does anyone know >> >> >> > what >> >> >> > the >> >> >> > >> >> >> > CasOwa.OwaUrl should be for Exchange 2003? I've tried /exchange, >> >> >> > /exchweb, >> >> >> > >> >> >> > /exchweb/bin/auth, and a few others with no change. >> >> >> > >> >> >> > Thanks. >> >> >> > >> >> >> > -James >> >> >> > >> >> >> > -- >> >> >> > >> >> >> > You are currently subscribed to [email protected] as: >> >> >> > >> >> >> > [email protected] >> >> >> > >> >> >> > To unsubscribe, change settings or access archives, see >> >> >> > >> >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> > >> >> >> > -- >> >> >> > You are currently subscribed to [email protected] as: >> >> >> > [email protected] >> >> >> > To unsubscribe, change settings or access archives, see >> >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> > >> >> >> > -- >> >> >> > You are currently subscribed to [email protected] as: >> >> >> > [email protected] >> >> >> > To unsubscribe, change settings or access archives, see >> >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> >> >> -- >> >> >> You are currently subscribed to [email protected] as: >> >> >> [email protected] >> >> >> To unsubscribe, change settings or access archives, see >> >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > >> >> > -- >> >> > You are currently subscribed to [email protected] as: >> >> > [email protected] >> >> > To unsubscribe, change settings or access archives, see >> >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] as: >> >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
