On Wed, Jan 18, 2012 at 1:08 PM, Ben Branch <[email protected]> wrote: > Hello everyone,**** > > ** ** > > Recently after getting our CAS test infrastructure built, I was asked to > see if it was possible for us to either replace our Luminis CAS > implementation with an external CAS or build a trust between the too. We > opted to try and build a trust between the two. **** > > ** ** > > To assist us with this, we found the following documentation:**** > > ** ** > > **1. **CAS and Luminis 4: Using External/Central CAS - > http://www.lumdev.net/node/3153**** > > **2. **Trusting another CAS Server - > http://www.usask.ca/docs/cas/trusting.html**** > > **3. **Trusted Authentication Handler - > https://wiki.jasig.org/display/CASUM/Trusted**** > > ** ** > > *Document #1* advises us how to configure the Luminis CAS portion, which > we have done and don’t appear to be having any issues.**** > > *Document #2* advises us to make a small change to the AJP 1.3 connector > in Tomcat, and then compile the mod_auth_cas Apache module. This document > also advises us how to configure apache to accept the CAS connections.**** > > *Document #3* tells us how we should configure our Central CAS to trust > other incoming CAS connections. **** > > ** ** > > Now for the problems…**** > > ** ** > > ** ** > > *PROBLEM #1: * > > ** ** > > Document #2 says that we need to compile the apache mod_auth_cas module. > Not a problem. We download it, it appears to compile fine, but when we try > to start apache with the module, I get the following error: **** > > ** ** > > *Starting httpd: httpd: Syntax error on line 208 of > /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_auth_cas.so > into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: > CRYPTO_THREADID_get_id_callback* > > * * > > I went back and recompiled the module, this time I noticed something that > I didn’t catch before.**** > > ./configure output - http://pastebin.com/3xCG6x67**** > > Make ; make install output - http://pastebin.com/DrMjgQK3**** > > ** ** > > This is what caught my eye: **** > > mod_auth_cas.c: In function âcas_post_configâ:**** > > mod_auth_cas.c:2027: warning: implicit declaration of function > âCRYPTO_THREADID_get_id_callbackâ**** > > mod_auth_cas.c:2027: warning: comparison between pointer and integer**** > > mod_auth_cas.c:2029: warning: implicit declaration of function > âCRYPTO_THREADID_set_id_callbackâ**** > > ** ** > > Reviewing the Official CAS Clients on the JASIG site ( > https://wiki.jasig.org/display/CASC/RPM+Modules ) reveals that this issue > should have been resolved by an updated version of the mod_auth_cas > module. I verified that I have downloaded this version, yet I am still > getting the error. From the CHANGELOG: **** > > %changelog > * Tue Nov 09 2011 <[email protected]> - 1.0.9.1-1 > - updated to mod_auth_cas-1.0.9.1.tar.gz > - updated build centos from openssl-1.0.0-4.el6_0.2.i686 to > openssl-1.0.0-10.el6_1.5.i688**** > > + modified src/mod_auth_cas.h because of "mod_auth_cas.so: undefined > symbol: CRYPTO_THREADID_get_id_callback" :**** > > /* https://issues.jasig.org/browse/MAS-47 */ > #define CRYPTO_THREADID_get_id_callback() CRYPTO_THREADID_get_callback() > #define CRYPTO_THREADID_set_id_callback(callback) > CRYPTO_THREADID_set_callback(callback)**** > > Here is my version of OpenSSL: **** > > ** ** > > [root@pomona lib64]# rpm -q --file /usr/lib64/libssl.so.10 **** > > *openssl-1.0.0-20.el6.x86_64* > > ** ** > > My version of Apache: **** > > [root@pomona sbin]# ./httpd -v**** > > *Server version: Apache/2.2.15 (Unix)* > > Server built: Oct 6 2011 11:06:33**** > > [root@pomona sbin]#**** > > ** >
Sorry, this fix hasn't been included in a tagged release yet. Your best bet right now will be to git clone https://github.com/Jasig/mod_auth_cas.gitand build from there. > ** > > *PROBLEM #2:* > > ** ** > > Following the official JASIG documentation (Document #3 above) we were > able to compile our war file with the cas-server-support-trusted artifact. > We tried to configure the login webflow via the > /WEB-INF/login-webflow.xml. We added the appropriate action-state as > advised in the document. We found in the document that we needed to update > 2 decision-states and 1 other action-state (gatewayRequestCheck, > renewRequestCheck, and generateServiceTicket) from viewLoginForm to > remoteAuthenticate. These 2 decision-states and the single action-state > are not in the login-webflow.xml. **** > > ** ** > > Further in the documentation we need to modify the cas-servlet.xml. It > advises us to add a bean into the authenticationManager and another one > into the authenticationHandlers. We made all of the necessary changes and > when we would try to access our login page, we would get an error stating > that the service was unavailable. Reviewing the tomcat logs showed that we > were getting Error 500 on /cas/login landing page. Additional review of > the localhost logs showed the following: **** > > ** ** > > ** ** > > SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] > threw exception [Request processing failed; nested exception is > org.springframework.webflow.definition.registry.FlowDefinitionConstructionException: > An exception occurred constructing the flow 'login'] with root cause**** > > org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was > found starting with element 'transistion'. One of '{" > http://www.springframework.org/schema/webflow":evaluate, " > http://www.springframework.org/schema/webflow":render, " > http://www.springframework.org/schema/webflow":set, " > http://www.springframework.org/schema/webflow":transition, " > http://www.springframework.org/schema/webflow":on-exit, " > http://www.springframework.org/schema/webflow":exception-handler}' is > expected.**** > > at > com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195) > **** > > at > com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318) > **** > > at > com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:417) > **** > > at > com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3182) > **** > > at > com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1806) > **** > > at > com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.emptyElement(XMLSchemaValidator.java:725) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:377) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2756) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140) > **** > > at > com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511) > **** > > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808) > **** > > at > com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) > **** > > at > com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119) > **** > > at > com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:235) > **** > > at > com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:284) > **** > > at > javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:124)**** > > at > org.springframework.webflow.engine.model.builder.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:113) > **** > > at > org.springframework.webflow.engine.model.builder.xml.XmlFlowModelBuilder.init(XmlFlowModelBuilder.java:113) > **** > > at > org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.assembleFlowModel(DefaultFlowModelHolder.java:87) > **** > > at > org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.getFlowModel(DefaultFlowModelHolder.java:61) > **** > > at > org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.doInit(FlowModelFlowBuilder.java:146) > **** > > at > org.springframework.webflow.engine.builder.support.AbstractFlowBuilder.init(AbstractFlowBuilder.java:46) > **** > > at > org.springframework.webflow.engine.builder.FlowAssembler.assembleFlow(FlowAssembler.java:90) > **** > > at > org.springframework.webflow.engine.builder.DefaultFlowHolder.assembleFlow(DefaultFlowHolder.java:109) > **** > > at > org.springframework.webflow.engine.builder.DefaultFlowHolder.getFlowDefinition(DefaultFlowHolder.java:84) > **** > > at > org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl.getFlowDefinition(FlowDefinitionRegistryImpl.java:61) > **** > > at > org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:138) > **** > > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193) > **** > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790) > **** > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719) > **** > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644) > **** > > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549) > **** > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)*** > * > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)*** > * > > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115) > **** > > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44) > **** > > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > **** > > at > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > **** > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) > **** > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > **** > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) > **** > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > **** > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) > **** > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) > **** > > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) > **** > > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > **** > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > **** > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) > **** > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) > **** > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) > **** > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) > **** > > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) > **** > > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)* > *** > > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) > **** > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) > **** > > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) > **** > > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) > **** > > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) > **** > > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) > **** > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) > **** > > at java.lang.Thread.run(Thread.java:662)**** > > ** ** > > I’m very uncertain where to go from here with this. The only way I was > able to get my CAS back in working order was to revert all of my changes > that I had made. Any help in this matter would be greatly appreciated. ** > ** > > ** ** > > ** ** > > Ben Branch > Sun Administrator**** > > University of Central Oklahoma**** > > ITIL Foundation v3, Network+ > > 100 N. University Drive, Box 122**** > > Edmond, OK 73034**** > > D: 405.974.2649 | M: 405.550.6804 | *[email protected]* | www.uco.edu**** > > **** > > “If you wish to know your past, look at your present conditions. If you > wish to know your future, look at your present actions.” - Siddhartha > Gautama**** > > ** ** > > ***Bronze+Blue=Green*** The University of Central Oklahoma is Bronze, > Blue, and Green! Please print this e-mail only if absolutely necessary! > > ***CONFIDENTIALITY*** -This e-mail (including any attachments) may > contain confidential, proprietary and privileged information. Any > unauthorized disclosure or use of this information is prohibited. > > -- > You are currently subscribed to [email protected] as: > [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
