I am trying to CASify OWA 2010 in a development environment. I had this working
for a week then something went wrong and now I am receiving a 403 forbidden
error.
Our environment is as follows.
CAS + ClearPass for Authentication
F5 using passthrough to exchange
3 Exchange 2010 server loadbalanced with F5 - for testing I have shut down 2 of
the OWA members on the F5.
Exchange.
The following are logs and references to the code that is throwing the errors.
The exchange dev site is bombing out and giving me the 403 forbidden with error
referencing line 185 and 261 in the CasOwaAuthHandler.cs file
-------------------------------------------------------
WEB SITE ERROR
[WebException: The remote server returned an error: (403) Forbidden.]
System.Net.WebClient.OpenRead(Uri address) +641
CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in
..\Documents\Visual Studio
2010\Projects\cas-owa-2010-master\cas-owa-2010-master\CasOwaAuthHandler.cs:185
-------------------------------------------------------
CasOwaAuthHandler.cs
Line 185 = using (StreamReader reader = new StreamReader(new
WebClient().OpenRead(clearPassRequest)))
clearPassResponse = reader.ReadToEnd();
It appears the authentication handler is not able to read the ClearPassRequest.
[HttpException (0x80004005): Error getting response from clearPass at URL:
https://Server/cas/clearPass?ticket=ST-71-uALy9fOGCUeV0VeE7ogD-CASServer&service=https://Server/cas/clearPass.
The remote server returned an error: (403) Forbidden.]
CasOwa.CasOwaAuthHandler.ProcessRequest(HttpContext context) in
..\Documents\Visual Studio
2010\Projects\cas-owa-2010-master\cas-owa-2010-master\CasOwaAuthHandler.cs:261
System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
+599
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously) +171
Line 261 = throw new HttpException(500, "Error getting Response from " + OwaUrl
+ OwaAuthPath + ". " + ex.Message, ex);
--------------------------------------------------------------------
IIS Logs
2014-09-30 19:27:11 10.146.58.132 GET /coa/auth
proxyResponse=true&pgtIou=PGTIOU-17-IGfg5LMvzcCsapiN5Qd3-casdev3&pgtId=TGT-49-VbVvIUuLyfWipCcrFh0AlG3TldphRpGrNOlFZAKCWE7JolYCnH-casdev3
443 - 10.146.58.129 Java/1.6.0_31 200 0 0 0
2014-09-30 19:27:11 10.146.58.132 GET /coa/auth
ticket=ST-70-gaZvkQ5P51DlMIYWS25s-casdev3 443 UserName/ClientIP
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0
0 93
2014-09-30 19:27:11 10.146.58.132 GET /coa/auth - 443 UserName/ClientIP
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 500 0
0 78 <This error is Module or ISAPI error occurred > This could be because
the authentication handler could not read the clearpass response.
2014-09-30 19:27:11 10.146.58.132 GET /favicon.ico - 443 - 146.201.4.108
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0
0 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/favicon.ico - 443 - 146.201.4.108
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 401 2
5 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/auth/logon.aspx
url=https://Server/owa/favicon.ico&reason=0 443 - ClientIP
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 200 0
0 0
2014-09-30 19:27:11 10.146.58.132 GET /favicon.ico - 443 - ClientIP
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 302 0
0 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/favicon.ico - 443 - 146.201.4.108
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 401 2
5 0
2014-09-30 19:27:11 10.146.58.132 GET /owa/auth/logon.aspx
url=https://Server/owa/favicon.ico&reason=0 443 - ClientIP
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:32.0)+Gecko/20100101+Firefox/32.0 200 0
0 0
Any help would be greatly appreciated.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
