Everything is working fine, my O/S is fedora core 5, so apache 2.2 running on
Fedora core 5
Steps I did
1) Got the certificate from the CAS server ( from JDK_HOME/./././cacerts) to
the other machine where the auth perl module resides
Remeber : when we use keytool to generate certificates it is JKS encoded not
PEM
2) Converted the JKS encoded certificate to the PEM encoded certificate and
updated the apache keystore,
Let me know if some one want to know how to do this convertion (what is
the openssl command for that).
Thats all...
I have one for question, You may have done this already
What is the best way to define a filter/redirect to the target validation
so that it will always go through this cas validation with those two
parameters. What httpd configuration should we do.
We are bit new to perl also to mod_perl, Should this always be a CGI script
like sampleCasClient.pl, What additional settings should I do. Cant we do a
forwarding/redirect using mod_perl
Basically If the target application is http://targetApp/index.html and if
someone request this url How to ensure it goes through the Auth perl module
with casUrl , CAFile parameters.
Chris-343 wrote:
>
>
> You do not need to add the certificat to openssl certificate store.
>
> All what you need to do is point the CAFile => 'c:\mypath\mycert.crt',
>
> If you have a .keystore file you need to create a certificate from that
> and
> place it in the c:\mypath directory
>
> How to create a certificate :
> http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
>
>
>
>> [Original Message]
>> From: Tracy12 <[EMAIL PROTECTED]>
>> To: <[email protected]>
>> Date: 1/4/2007 8:26:54 AM
>> Subject: RE: Auth CAS (perl) confusion
>>
>>
>> Chris,
>>
>> Which certificate are you refering to?
>>
>> In my case sampleCasClient.pl(running on apache) and CAS server running
>> on
>> two seperate machines.
>>
>> I thought certifcate from the cas machine needs to be imported to the
>> openssl certificate store (basically append the /x/x/x/x/ca-bundle.crt).
>> This is to make sure the trust relationship.
>>
>> Unfortunate the certificate from cas is generated using java keytool.
>>
>> Am I doing doing something fundamentally wrong.
>>
>> the first couple of lines in my sampleCasClient.pl looks as follows
>>
>> #!/usr/bin/perl
>>
>> use warnings;
>> use strict;
>> use AuthCAS;
>>
>> my $cas = new AuthCAS(casUrl => 'https://test_cas_server:8443/cas',
>> CAFile => '/etc/pki/tls/certs/ca-bundle.crt',
>> );
>> my $app_url = 'http://localhost/sampleCasClient.pl';
>> ......
>> ....
>>
>> I followed the steps and executed the script, in apache logs it shows the
>> following
>>
>> [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1] Error: error
>> IO::Socket::INET configuration
> failederror:00000000:lib(0):func(0):reason(0)
>> unable to connect https://test_cas_server:8443/
>> [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1]
>> [Thu Jan 04 16:08:28 2007] [error] [client 127.0.0.1] Use of
>> uninitialized
>> value in printf at /var/www/html/sampleCasClient.pl line 28.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Chris-343 wrote:
>> >
>> > There is no need for that .... all what you need to do is tell Perl
> where
>> > to look for the crt.
>> >
>> > Example from: http://www.ust.hk/itsc/cas/sampleCasClient.pl
>> >
>> > my $cas = new AuthCAS(casUrl => 'https://yourhost:8443/cas',
>> > CAFile => '/xxx_somepath_xxx/your.crt',
>> > );
>> >
>> > If you have a Java kestore file you can create a crt file with the
>> > keytool.
>> >
>> >
>> >> [Original Message]
>> >> From: Tracy12 <[EMAIL PROTECTED]>
>> >> To: <[email protected]>
>> >> Date: 1/4/2007 12:32:38 AM
>> >> Subject: RE: Auth CAS (perl) confusion
>> >>
>> >>
>> >> Yes I understand,
>> >>
>> >> I just wanted to know how can I import a certificate created using
>> java
>> >> keytool(CAS server certificate) to the apache key store (using open
> ssl),
>> >> basically the issue is they got two different formats,
>> >>
>> >>
>> >> Which tool used to create the HKUST?
>> >>
>> >>
>> >> Chris-343 wrote:
>> >> >
>> >> > The link I sent you includes http://sourcesup.cru.fr/perlcas/.
>> >> >
>> >> > It also includes sample code in Perl for a CAS client.
>> >> >
>> >> > The HKUST CA is just an example. Use your own ( it shows how to do
> that
>> > in
>> >> > http://www.ust.hk/itsc/cas/sampleCasClient.pl)
>> >> >
>> >> >
>> >> >
>> >> >> [Original Message]
>> >> >> From: Tracy12 <[EMAIL PROTECTED]>
>> >> >> To: <[email protected]>
>> >> >> Date: 1/3/2007 6:09:28 AM
>> >> >> Subject: RE: Auth CAS (perl) confusion
>> >> >>
>> >> >>
>> >> >>
>> >> >> I believe I have to follow the item no 1 which is
>> >> >>
>> >> >> CAS Perl Library (http://sourcesup.cru.fr/perlcas/)
>> >> >>
>> >> >> This is one of the urls I posted earlier,
>> >> >>
>> >> >> Thanks, but I got following questions
>> >> >>
>> >> >> 1) Development we have certificate generate using java keytool for
> CAS
>> >> >> serve) (Currentlly development CAS server is running on tomcat).
>> >> >>
>> >> >> 2) How can I have this certificate and put it under apache 2.x,
> where
>> >> >> perl
>> >> >> code is running. So that the handshake between this machine and CAS
>> > works
>> >> >> fine. Basically how can I update openssl certificate store,
>> >> >>
>> >> >> Let me know how to setup this SSL thing, as currently I have to use
>> > OPEN
>> >> > SSL
>> >> >> for certificates generated by keytool
>> >> >>
>> >> >>
>> >> >> In addition, in the url u sent what is the use of Sample HKUST Root
> CA
>> >> >> certificate file how can I set up a one for me.
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >>
>> >> >> Chris-343 wrote:
>> >> >> >
>> >> >> > No more Perl confusion .. I just CASified my Perl application and
> it
>> >> > works
>> >> >> > like a champ !
>> >> >> >
>> >> >> > Look at this link : http://www.ust.hk/itsc/cas/clientlib.html
>> >> >> >
>> >> >> > Chris
>> >> >> >
>> >> >> >
>> >> >> >> [Original Message]
>> >> >> >> From: Tracy12 <[EMAIL PROTECTED]>
>> >> >> >> To: <[email protected]>
>> >> >> >> Date: 1/3/2007 2:05:52 AM
>> >> >> >> Subject: Auth CAS (perl) confusion
>> >> >> >>
>> >> >> >>
>> >> >> >> Hi,
>> >> >> >>
>> >> >> >> I find similar functionalities in following urls
>> >> >> >>
>> >> >> >>
>> >> >> >> http://search.cpan.org/~dcastro/Apache-AuthCAS-0.4/
>> >> >> >>
>> >> >> >> http://sourcesup.cru.fr/perlcas/
>> >> >> >>
>> >> >> >> my intention is to write a perl client that would execute
>> >> >> >> cas/serviceValidate and get the xml
>> >> >> >> and check for one of the attributes in the xml.
>> >> >> >>
>> >> >> >> I do not want to use proxy tickets at the moment.
>> >> >> >>
>> >> >> >>
>> >> >> >> basically user enters credentials on CAS login page and should
>> >> >> redirect
>> >> >> >> to
>> >> >> >> some other application via this perl script.
>> >> >> >>
>> >> >> >> Well ... can someone let us know which source should we use.
> (which
>> >> >> url
>> >> >> >> should I refer )
>> >> >> >>
>> >> >> >> If there any other documentation pls let us know.
>> >> >> >>
>> >> >> >> Thanks,
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >> >> --
>> >> >> >> View this message in context:
>> >> >> >
>> >> >
>> >
> http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8133264
>> >> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >> >>
>> >> >> >> _______________________________________________
>> >> >> >> Yale CAS mailing list
>> >> >> >> [email protected]
>> >> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >
>> >> >> >
>> >> >> > _______________________________________________
>> >> >> > Yale CAS mailing list
>> >> >> > [email protected]
>> >> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >> >
>> >> >> >
>> >> >>
>> >> >> --
>> >> >> View this message in context:
>> >> >
>> >
> http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8135603
>> >> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >> >>
>> >> >> _______________________________________________
>> >> >> Yale CAS mailing list
>> >> >> [email protected]
>> >> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >
>> >> >
>> >> > _______________________________________________
>> >> > Yale CAS mailing list
>> >> > [email protected]
>> >> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >> >
>> >> >
>> >>
>> >> --
>> >> View this message in context:
>> >
> http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8150045
>> >> Sent from the CAS Users mailing list archive at Nabble.com.
>> >>
>> >> _______________________________________________
>> >> Yale CAS mailing list
>> >> [email protected]
>> >> http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> >
>> > _______________________________________________
>> > Yale CAS mailing list
>> > [email protected]
>> > http://tp.its.yale.edu/mailman/listinfo/cas
>> >
>> >
>>
>> --
>> View this message in context:
> http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8154299
>> Sent from the CAS Users mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
View this message in context:
http://www.nabble.com/Auth-CAS--%28perl%29-confusion-tf2910908.html#a8172670
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
