I¹ve confirmed that I can connect to the CAS server from the CI server (by doing telnet <casip> 8443 - connection established) I¹ve followed this https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self -signed-certificate.html to extract the self signed cert from tomcat hosting CAS, to pem+key files for apache hosting CI; restarted apache, CI app still loads, so I¹m assuming that takes care of adding the trusted cert store in CI apps host
I get the same ³you were not authenticated² error (even though on cas web app the login succeeds) and in error_log on CI/apache side all I see is: [Fri May 08 17:51:58 2015] [warn] RSA server certificate CommonName (CN) `10.30.3.105' does NOT match server name!? Please let me know anything obvious I have missed, or any clues how to proceed Thanks, Phil On 5/7/15, 4:48 PM, "Carlos M. Fernández" <[email protected]> wrote: >Hi, Phil, > >Check that the CI app can resolve the CAS server's hostname, that it can >connect to the CAS server, and that it trusts the CAS server's >certificate. If you still have a self-signed certificate, you will need to >add that to the trusted certificate store in the CI app's host. The error >logs from the web server running the CI app should contain a hint of the >actual cause. > >Best regards, >-- >Carlos. > >-----Original Message----- >From: Romov, Phil [mailto:[email protected]] >Sent: Thursday, 07 May, 2015 16:41 >To: [email protected] >Subject: [cas-user] authentication failed using phpCAS and CI even though >CAS is creating service tickets > >Hi all, >I¹m working with CAS for the first time, I¹ve got cas itself working and >authenticating against our user store, so I can go to through the web app >and login there and it succeeds > >Now I¹m trying to get my code igniter web app to use CAS. I¹ve started >with this example: >https://github.com/eliasdorneles/code-igniter-cas-library > >When I run it, on the cas side in cas.log I¹m seeing stuff like >(10.24.71.107 is my CI app, and 10.30.3.105 is the working cas web app) > >2015-05-07 20:32:11,390 INFO >[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket >[ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev] for service >[https://10.24.71.107/auth] for user [[email protected]] > >2015-05-07 20:32:11,390 INFO >[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >trail record BEGIN > >============================================================= > >WHO: [email protected] > >WHAT: ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev for https://10.24.71.107/auth > >ACTION: SERVICE_TICKET_CREATED > >APPLICATION: CAS > >WHEN: Thu May 07 20:32:11 UTC 2015 > >CLIENT IP ADDRESS: 10.6.1.22 > >SERVER IP ADDRESS: 10.30.3.105 > >============================================================= > >However, on my CI app (after waiting 30 seconds or so) I get back: >CAS Authentication failed! > >You were not authenticated. > >You may submit your request again by clicking >here<https://10.24.71.107/auth>. > >If the problem persists, you may contact the administrator of this >site<mailto:[no%20address%20given]>. > >________________________________ >phpCAS 1.3.3 using server >https://10.30.3.105:8443/cas-server-webapp-4.0.0/ (CAS 2.0) > >Please let me know if there is something obvious I am missing, or where I >can start looking for clues if not cas.log > >Thanks, >Phil > >-- >You are currently subscribed to [email protected] as: >[email protected] To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
