Thanks for the answer. 1) Yes this URL http://myserver/secureCAS/* is declared. (I don't directly use the CAS Services Management, but a commercial solution, who respect CAS 2, and act like CAS Service Management). But if I declare this, when I try, I got an error like this
Validation response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\r\n\t<cas:authenticationFailure code='INVALID_SERVICE'>\r\n\t\tticket 'ST-192-Ud5VfUvlaadrKng2E93E-ideosso' does not match supplied service. The original service was 'http://myserver/secureCAS' and the supplied service was 'http://myserver/secureCAS?casaction=check'.\r\n\t</cas:authenticationFailure>\r\n</cas:serviceResponse> The service URL for the original service and the ticket validation don't match. 2) Yes, I made a mistake in the URL. The right URL is : CAS Service 'http%3a%2f%2fmyserver%2fsecureCAS%3fcasaction%3dcheck' --> http://myserver/secureCAS?casaction=check, so no colon and a ? instead of / 2011/4/11 Smith, Matthew J. <[email protected]>: > A couple things to try: > > 1) From the error message you receive, I will assume you are using the CAS > Services Management. Could you confirm that you have an entry for > "http://myserver/secureCAS/*"; (note the asterisk (*)) > > 2) If your error message below is a strict copy and paste, you have a colon > ":" in your service URL following "myserver". Could you confirm in your > mod_auth_cas or Apache configuration (very likely Apache's "ServerName" > directive) that there is no trailing colon? > > HTH, > -Matt > > Matthew J. Smith > University of Connecticut UITS > [email protected] > ________________________________________ > From: CedM [[email protected]] > Sent: Friday, April 08, 2011 5:23 AM > To: [email protected] > Subject: [cas-user] mod_auth_cas and serviceURL > > Hello. > > I am new to SSO CAS and tried to configure mod_auth_cas to protect a folder > on a CentOS server (for testing), and I have problem with ServiceURL. > The URL is http://myserver/secureCAS > > In the CAS Server, the URL http://myserver/secureCAS is declared as > authorized. > > When I first try to connect to http://myserver/secureCAS, I am redirected to > the login page, then I am redirected to http://myserver/secureCAS. Everything > OK, but when the server (=CAS client) tried to validate the ticket I get this > error : "Service not allowed to validate tickets", because the CAS Service > returned by mod_auth_cas is "CAS Service > 'http://myserver:/secureCAS/casaction=check', which is not a correct URL for > my CAS Server. > > It is a normal? Or a configuration error? > > I have a another problem, which I think related. If i request the URL like > http://myserver/secureCAS/asubfolder, I get the same error, "Service not > allowed", because mod_auth_cas send > service=http://myserver/secureCAS/asubfolder. > > The CAS server is a commercial product, and we have other services that work > great with CAS (but with PHP or ASP or Java Client). > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
