I started with the ClearPass filter locked down, but in the course of troubleshooting I have it set to accept any proxy. Same with the services, started locked down, now running in open mode. No dice.
---------------------------------- Mark St. Laurent Web Systems Administrator Yavapai College (928) 717-7654 http://www.yc.edu -----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Tuesday, August 20, 2013 4:34 AM To: [email protected] Subject: Re: [cas-user] ClearPass on 3.5.2 > Which file(s)? I don't even know if it is in a file or not. From the full > cas.log entry it looks like it doesn't like the XML response it's getting > from ClearPass: Ah, I see. > I noticed this as well: When I try to authenticate from a ClearPass app, I > get a 403 error in the web browser with this URL: > > [HttpException (0x80004005): Error getting response from clearPass at > URL: > https://cas3.yc.edu/clearPass?ticket=ST-2-9c0fY6oKlCddkLw0V9yH-cas3.yc > .edu&service=https://cas3.yc.edu/clearPass. The remote server returned > an error: (403) Forbidden.] > > ClearPass is calling ClearPass? That doesn't look right. Indeed. My hunch is that you've got a servlet configuration problem where the /clearPass URI is not wired up correctly. Perhaps it's protected by the CAS client filter; that would explain the service parameter in the URL above and it would also explain why you're not geting a valid XML payload. I bet if you dump the XML message you get back it's an HTML error page for a 403 or similar. Maybe someone with more ClearPass experience can jump in here with other ideas or a more specific suggestion. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
