Hi Niva, I'm not seeing the CAS transaction in that log info. Do you possibly have the vhost's logs configured to write to a different file?
Matt On Oct 26, 2014 7:38 PM, "Niva Agmon" <[email protected]> wrote: > Thanks so much for helping me with this, Matt. Here is the error log > (there’s nothing much in the access log) > > > > # more /var/log/httpd/error_log > > [Sun Oct 26 19:28:14 2014] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > > [Sun Oct 26 19:28:14 2014] [info] Init: Seeding PRNG with 256 bytes of > entropy > > [Sun Oct 26 19:28:14 2014] [info] Init: Initializing (virtual) servers for > SSL > > [Sun Oct 26 19:28:14 2014] [info] mod_ssl/2.2.15 compiled against Server: > Apache/2.2.15, Library: OpenSSL/1.0.1e-fips > > [Sun Oct 26 19:28:14 2014] [debug] mod_auth_cas.c(1937): entering > check_vhost_config() > > [Sun Oct 26 19:28:14 2014] [notice] Digest: generating secret for digest > authentication ... > > [Sun Oct 26 19:28:14 2014] [notice] Digest: done > > [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared > Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for > > VHOST: xxxxxxxx.temple.edu > > [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared > Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for > > VHOST: xxxxxxtemple.edu > > [Sun Oct 26 19:28:14 2014] [debug] util_ldap.c(2089): LDAP merging Shared > Cache conf: shm=0x7fbe767eef38 rmm=0x7fbe767eef90 for > > VHOST: xxxxxxxx.temple.edu > > [Sun Oct 26 19:28:14 2014] [info] APR LDAP: Built with OpenLDAP LDAP SDK > > [Sun Oct 26 19:28:14 2014] [info] LDAP: SSL support available > > [Sun Oct 26 19:28:14 2014] [info] Init: Seeding PRNG with 256 bytes of > entropy > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(253): shmcb_init > allocated 512000 bytes of shared memory > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(272): for 511920 > bytes (512000 including header), recommending 32 subcache > > s, 133 indexes each > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(306): > shmcb_init_memory choices follow > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(308): subcache_num = > 32 > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(310): subcache_size > = 15992 > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(312): > subcache_data_offset = 3208 > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(314): > subcache_data_size = 12784 > > [Sun Oct 26 19:28:14 2014] [debug] ssl_scache_shmcb.c(316): index_num = 133 > > [Sun Oct 26 19:28:14 2014] [info] Shared memory session cache initialised > > [Sun Oct 26 19:28:14 2014] [info] Init: Initializing (virtual) servers for > SSL > > [Sun Oct 26 19:28:14 2014] [info] mod_ssl/2.2.15 compiled against Server: > Apache/2.2.15, Library: OpenSSL/1.0.1e-fips > > [Sun Oct 26 19:28:14 2014] [debug] mod_auth_cas.c(1937): entering > check_vhost_config() > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15914 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15914 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15913 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15913 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15915 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15915 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15916 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15916 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15912 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15912 for (*) > > [Sun Oct 26 19:28:14 2014] [notice] Apache/2.2.15 (Unix) DAV/2 > mod_ssl/2.2.15 OpenSSL/1.0.1e-fips configured -- resuming normal > > operations > > [Sun Oct 26 19:28:14 2014] [info] Server built: Aug 15 2014 03:02:07 > > [Sun Oct 26 19:28:14 2014] [debug] prefork.c(1018): AcceptMutex: sysvsem > (default: sysvsem) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15917 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15917 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15918 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15918 for (*) > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1833): proxy: grabbed > scoreboard slot 0 in child 15919 for worker proxy:reverse > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker > proxy:reverse already initialized > > [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized > single connection worker 0 in child 15919 for (*) > > [Sun Oct 26 19:29:50 2014] [info] removed PID file > /etc/httpd/run/httpd.pid (pid=15910) > > [Sun Oct 26 19:29:50 2014] [notice] caught SIGTERM, shutting down > > [Sun Oct 26 19:29:50 2014] [debug] mod_auth_cas.c(1911): entering > cas_cleanup() > > [Sun Oct 26 19:29:50 2014] [debug] mod_auth_cas.c(1926): exiting > cas_cleanup() > > > > *From:* Matt Smith [mailto:[email protected]] > *Sent:* Sunday, October 26, 2014 7:16 PM > *To:* [email protected] > *Subject:* Re: [cas-user] mod_auth_cas doesn't pass ldap credentials to > the application > > > > Hello Niva, > > > > Could you turn on debugging (CASDebug On), set your LogLevel to debug, run > the test again (without LDAP params), and send the logs? > > > > -Matt > > > > On Sun, Oct 26, 2014 at 5:56 PM, Niva Agmon <[email protected]> wrote: > > Removed the AuthLDAPurl line and left “require ldap-user xxxxx” - still > getting the same ”Authorization Required” message. > > When the “require user” statement is removed the CAS login is bypassed and > I enter the application directly. > > > > Thanks, > > Niva > > > > > > *From:* Matt Smith [mailto:[email protected]] > *Sent:* Sunday, October 26, 2014 3:10 PM > *To:* [email protected] > *Subject:* Re: [cas-user] mod_auth_cas doesn't pass ldap credentials to > the application > > > > > Can you verify if mod_auth_cas works by itself by removing the AuthLDAPurl > line and using simply "Require user xXxX" ? > > -Matt > > On Oct 26, 2014 2:13 PM, "Niva" <[email protected]> wrote: > > Hello, > > I'm trying to casify a webapp which is served by apache, but am getting > "Authorization Required" after entering the ldap credentials to the CAS > Login page. > ssl_request.log & ssl_access.log on the application server show: > TLSv1 AES128-SHA "GET /?ticket=ST-64-gJfvc1OeAtjgo2Qdx7aS-np-casxxxx > HTTP/1.1" 484 ( > > This is what's in the ssl.conf: > <Directory "/var/www/html"> > Order allow,deny > Allow from all > AuthType CAS > AuthName "TEST CAS AUTH" > AuthLDAPURL ldaps:// > ldap.example.com:636/ou=People,dc=example,dc=com?uid?one? > require ldap-user xxxxx > </Directory> > > Is there another directive/parameter that will allow authorization and not > just just authentication? > > Setup: > Red Hat Enterprise Linux Server release 6.5 (Santiago) > Apache 2.2 > mod_auth_cas-1.0.9.1 (tried mod_auth_cas-1.0.10.0 unsuccessfully) > mod_authz_ldap > > Thanks, > Niva > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > [email protected] > PGP: E2144AD8 > > > > -- > > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
