-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Are you appending the "casaction=check" yourself, either in an application or in your mod_auth_cas configuration? Could you post your Apache config, with the mod_auth_cas configuration and the configuration block for "/secureCAS" ? - -Matt On 04/11/2011 05:00 AM, xenom wrote: > Thanks for the answer. > > 1) Yes this URL http://myserver/secureCAS/* is declared. (I don't > directly use the CAS Services Management, but a commercial > solution, who respect CAS 2, and act like CAS Service Management). > But if I declare this, when I try, I got an error like this > > Validation response: <cas:serviceResponse > xmlns:cas='http://www.yale.edu/tp/cas'>\r\n\t<cas:authenticationFailure > > code='INVALID_SERVICE'>\r\n\t\tticket > 'ST-192-Ud5VfUvlaadrKng2E93E-ideosso' does not match > supplied service. The original service was > 'http://myserver/secureCAS' and the supplied service was > 'http://myserver/secureCAS?casaction=check'.\r\n\t</cas:authenticationFailure>\r\n</cas:serviceResponse> > > > The service URL for the original service and the ticket validation don't match. > > > 2) Yes, I made a mistake in the URL. The right URL is : CAS Service > 'http%3a%2f%2fmyserver%2fsecureCAS%3fcasaction%3dcheck' --> > http://myserver/secureCAS?casaction=check, so no colon and a ? > instead of / > > > > 2011/4/11 Smith, Matthew J. <[email protected]>: >> A couple things to try: >> >> 1) From the error message you receive, I will assume you are >> using the CAS Services Management. Could you confirm that you >> have an entry for "http://myserver/secureCAS/*"; (note the >> asterisk (*)) >> >> 2) If your error message below is a strict copy and paste, you >> have a colon ":" in your service URL following "myserver". Could >> you confirm in your mod_auth_cas or Apache configuration (very >> likely Apache's "ServerName" directive) that there is no trailing >> colon? >> >> HTH, -Matt >> >> Matthew J. Smith University of Connecticut UITS >> [email protected] ________________________________________ >> From: CedM [[email protected]] Sent: Friday, April 08, 2011 5:23 >> AM To: [email protected] Subject: [cas-user] mod_auth_cas >> and serviceURL >> >> Hello. >> >> I am new to SSO CAS and tried to configure mod_auth_cas to >> protect a folder on a CentOS server (for testing), and I have >> problem with ServiceURL. The URL is http://myserver/secureCAS >> >> In the CAS Server, the URL http://myserver/secureCAS is declared >> as authorized. >> >> When I first try to connect to http://myserver/secureCAS, I am >> redirected to the login page, then I am redirected to >> http://myserver/secureCAS. Everything OK, but when the server >> (=CAS client) tried to validate the ticket I get this error : >> "Service not allowed to validate tickets", because the CAS >> Service returned by mod_auth_cas is "CAS Service >> 'http://myserver:/secureCAS/casaction=check', which is not a >> correct URL for my CAS Server. >> >> It is a normal? Or a configuration error? >> >> I have a another problem, which I think related. If i request the >> URL like http://myserver/secureCAS/asubfolder, I get the same >> error, "Service not allowed", because mod_auth_cas send >> service=http://myserver/secureCAS/asubfolder. >> >> The CAS server is a commercial product, and we have other >> services that work great with CAS (but with PHP or ASP or Java >> Client). >> >> >> -- You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- You are currently subscribed to [email protected] as: >> [email protected] To unsubscribe, change settings or access >> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > - -- Matthew J. Smith University of Connecticut UITS [email protected] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2jI7cACgkQGER0Au6g8xCAYwCg2VVI/geh0tiocHdMqWHPdDNB ue0AoLRgenQTzjJU03IBpMCSD07YXSye =F4aQ -----END PGP SIGNATURE----- -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
