Carlos, I’ve made progress and eliminated the error. The problem was, the server hosting CAS is set up on our network to host multiple IPs. I was going after the wrong IP. So even though in the browser it was working, from the server I had to make sure to point it to the main IP. I can’t describe it in more detail at the moment, but hopefully that sheds some light on how I resolved it.
Thanks for your help! Phil On 5/8/15, 1:59 PM, "Carlos M. Fernández" <[email protected]> wrote: >"[Fri May 08 17:51:58 2015] [warn] RSA server certificate CommonName (CN) >`10.30.3.105' does NOT match server name!?" > >This means that the CN in the certificate doesn't match the hostname (or >IP address) used to connect to it. If you initiate a connection to >https://a.b.c.d/, the server must present a certificate with the CN set to >"a.b.c.d", or at least "*.d" in the case of wildcards. > >Best regards, >-- >Carlos. > > >-----Original Message----- >From: Romov, Phil [mailto:[email protected]] >Sent: Friday, 08 May, 2015 13:55 >To: [email protected] >Subject: Re: [cas-user] authentication failed using phpCAS and CI even >though CAS is creating service tickets > >I¹ve confirmed that I can connect to the CAS server from the CI server (by >doing telnet <casip> 8443 - connection established) I¹ve followed this >https://www.sslshopper.com/article-how-to-create-and-install-an-apache-sel >f >-signed-certificate.html to extract the self signed cert from tomcat >hosting CAS, to pem+key files for apache hosting CI; restarted apache, CI >app still loads, so I¹m assuming that takes care of adding the trusted >cert store in CI apps host > >I get the same ³you were not authenticated² error (even though on cas web >app the login succeeds) and in error_log on CI/apache side all I see is: >[Fri May 08 17:51:58 2015] [warn] RSA server certificate CommonName (CN) >`10.30.3.105' does NOT match server name!? > >Please let me know anything obvious I have missed, or any clues how to >proceed > > >Thanks, > >Phil > > > > >On 5/7/15, 4:48 PM, "Carlos M. Fernández" <[email protected]> wrote: > >>Hi, Phil, >> >>Check that the CI app can resolve the CAS server's hostname, that it >>can connect to the CAS server, and that it trusts the CAS server's >>certificate. If you still have a self-signed certificate, you will need >>to add that to the trusted certificate store in the CI app's host. The >>error logs from the web server running the CI app should contain a hint >>of the actual cause. >> >>Best regards, >>-- >>Carlos. >> >>-----Original Message----- >>From: Romov, Phil [mailto:[email protected]] >>Sent: Thursday, 07 May, 2015 16:41 >>To: [email protected] >>Subject: [cas-user] authentication failed using phpCAS and CI even >>though CAS is creating service tickets >> >>Hi all, >>I¹m working with CAS for the first time, I¹ve got cas itself working >>and authenticating against our user store, so I can go to through the >>web app and login there and it succeeds >> >>Now I¹m trying to get my code igniter web app to use CAS. I¹ve started >>with this example: >>https://github.com/eliasdorneles/code-igniter-cas-library >> >>When I run it, on the cas side in cas.log I¹m seeing stuff like >>(10.24.71.107 is my CI app, and 10.30.3.105 is the working cas web app) >> >>2015-05-07 20:32:11,390 INFO >>[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service >>ticket [ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev] for service >>[https://10.24.71.107/auth] for user [[email protected]] >> >>2015-05-07 20:32:11,390 INFO >>[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - >>Audit trail record BEGIN >> >>============================================================= >> >>WHO: [email protected] >> >>WHAT: ST-5-15WSI4vQZVjP62A2hqFO-cas.bigdev for >>https://10.24.71.107/auth >> >>ACTION: SERVICE_TICKET_CREATED >> >>APPLICATION: CAS >> >>WHEN: Thu May 07 20:32:11 UTC 2015 >> >>CLIENT IP ADDRESS: 10.6.1.22 >> >>SERVER IP ADDRESS: 10.30.3.105 >> >>============================================================= >> >>However, on my CI app (after waiting 30 seconds or so) I get back: >>CAS Authentication failed! >> >>You were not authenticated. >> >>You may submit your request again by clicking >>here<https://10.24.71.107/auth>. >> >>If the problem persists, you may contact the administrator of this >>site<mailto:[no%20address%20given]>. >> >>________________________________ >>phpCAS 1.3.3 using server >>https://10.30.3.105:8443/cas-server-webapp-4.0.0/ (CAS 2.0) >> >>Please let me know if there is something obvious I am missing, or where >>I can start looking for clues if not cas.log >> >>Thanks, >>Phil >> >>-- >>You are currently subscribed to [email protected] as: >>[email protected] To unsubscribe, change settings or access archives, >>see http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >>-- >>You are currently subscribed to [email protected] as: >>[email protected] >>To unsubscribe, change settings or access archives, see >>http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > >-- >You are currently subscribed to [email protected] as: >[email protected] To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > > >-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
