I need some help. It seems my Apache config is able to defer to our campus CAS log in service but the process looks to fail validating the ticket or user. I'll show my work. I thank anyone in advance for help -- I'm hoping I've simply missed some configuration step or value.
I've been able to clone the git for mod_auth_cas, build, and install to our Apache 2.2.15 server on RHEL6 without much fuss. Then: * Create /etc/httpd/conf.d/cas.conf containing: LoadModule auth_cas_module modules/mod_auth_cas.so CASDebug On CASCookiePath /var/cache/mod_auth_cas/ CASCertificatePath /etc/pki/tls/certs CASLoginURL https://cas.iu.edu/cas/login CASValidateURL https://cas.iu.edu/cas/serviceValidate CASProxyValidateURL https://cas.iu.edu/cas/proxyValidate * Make a place for CASCookiePath and give it a sensible SELINUX context: mkdir /var/cache/mod_auth_cas chown -R apache:apache /var/cache/mod_auth_cas chcon -R httpd_cache_t /var/cache/mod_auto_cas * Restart Apache: server httpd restart * Create a directory where I can test protecting static content and give it an .htaccess and a simple html file: .htaccess is: AuthType CAS require valid-user * Test the address. I'm prompted by our campus CAS log in page but am left with a 302 error, and a URL showing the page I want plus the ticket. The error_log shows not that much, I think this is key: Validation response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>\n <cas:authenticationFailure code='INVALID_REQUEST'>\n 'service', 'ticket' and 'casurl' parameters are all required\n </cas:authenticationFailure>\n</cas:serviceResponse>\n I've written our campus Identity Management group to verify that my address for CASValidateURL is correct, but I'm guessing that it is else I might wouldn't have this result. If it matters, there's nothing in /var/cache/mod_auth_cas. PS: I'm sorry -- I posted this to the google group without first subscribing to the list, so some may see this a second time. -- Frank Burleigh [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
