I am trying to CASify OWA 2010 in a development environment. I had this working 
for a week then something went wrong and now I am receiving a 403 forbidden 
error. 

Our environment is as follows. 

CAS + ClearPass for Authentication
F5 using passthrough to exchange 
3 Exchange 2010 server loadbalanced with F5 - for testing I have shut down 2 of 
the OWA members on the F5. 
Exchange. 

The following are logs and references to the code that is throwing the errors.



The exchange dev site is bombing out and giving me the 403 forbidden with error 
referencing line 185 and 261 in the CasOwaAuthHandler.cs file 

-------------------------------------------------------
WEB SITE ERROR

[WebException: The remote server returned an error: (403) Forbidden.]
   System.Net.WebClient.OpenRead(Uri address) +641
   CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in 
..\Documents\Visual Studio 
2010\Projects\cas-owa-2010-master\cas-owa-2010-master\CasOwaAuthHandler.cs:185

-------------------------------------------------------

CasOwaAuthHandler.cs 

Line 185 = using (StreamReader reader = new StreamReader(new 
WebClient().OpenRead(clearPassRequest)))
                    clearPassResponse = reader.ReadToEnd();
 

It appears the authentication handler is not able to read the ClearPassRequest. 
 


[HttpException (0x80004005): Error getting response from clearPass at URL: 
https://Server/cas/clearPass?ticket=ST-71-uALy9fOGCUeV0VeE7ogD-CASServer&service=https://Server/cas/clearPass.
 The remote server returned an error: (403) Forbidden.]
   CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in 
..\Documents\Visual Studio 
2010\Projects\cas-owa-2010-master\cas-owa-2010-master\CasOwaAuthHandler.cs:261
   
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 +599
   System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& 
completedSynchronously) +171

Line 261 = throw new HttpException(500, "Error getting Response from " + OwaUrl 
+ OwaAuthPath + ". " + ex.Message, ex);

--------------------------------------------------------------------

IIS Logs 

2014-09-30 19:27:11 10.146.58.132 GET /coa/auth 
proxyResponse=true&pgtIou=PGTIOU-17-IGfg5LMvzcCsapiN5Qd3-casdev3&pgtId=TGT-49-VbVvIUuLyfWipCcrFh0AlG3TldphRpGrNOlFZAKCWE7JolYCnH-casdev3
 443 - 10.146.58.129 Java/1.6.0_31 200 0 0 0
2014-09-30 19:27:11 10.146.58.132 GET /coa/auth 
ticket=ST-70-gaZvkQ5P51DlMIYWS25s-casdev3 443 UserName/ClientIP 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0 
0 93

2014-09-30 19:27:11 10.146.58.132 GET /coa/auth - 443 UserName/ClientIP 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 500 0 
0 78 <This error is  Module or ISAPI error occurred >  This could be because 
the authentication handler could not read the clearpass response.

2014-09-30 19:27:11 10.146.58.132 GET /favicon.ico - 443 - 146.201.4.108 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0 
0 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/favicon.ico - 443 - 146.201.4.108 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 401 2 
5 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/auth/logon.aspx 
url=https://Server/owa/favicon.ico&reason=0 443 - ClientIP 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 200 0 
0 0
2014-09-30 19:27:11 10.146.58.132 GET /favicon.ico - 443 - ClientIP 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0 
0 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/favicon.ico - 443 - 146.201.4.108 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 401 2 
5 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/auth/logon.aspx 
url=https://Server/owa/favicon.ico&reason=0 443 - ClientIP 
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 200 0 
0 0


 Any help would be greatly appreciated. 


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to