How difficult is it to set up the Apache mod_auth_cas connector? Our client is running HTTPS up to Apache. Then, they have Tomcat servers running on an internal insecure network running HTTP.
We set everything up using Tomcat. What would it take to switch over to doing the CAS authentication in Apache? Will the Apache mod_auth_cas connector talk to the CAS application running on Tomcat? Would authentication in Apache even work? Right now, we use the <filter-mapping> tags in the web.xml to specify the directories that are to be protected by CAS. Is there a similar type of mechanism in Apache mod_auth_cas? Or would everything behind Apache be protected by CAS? ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Battaglia Sent: Wednesday, November 07, 2007 12:14 PM To: Yale CAS mailing list Subject: Re: CAS - HTTPS Error Cliff, I'm pretty sure you can't use the IP address as the CN name for the certificate. I believe it actually needs to be the host name. -Scott On Nov 7, 2007 11:30 AM, Clifford Bryant < [EMAIL PROTECTED]> wrote: Hello, We are trying to setup CAS with Tomcat and Apache. The Tomcat SSL port has been opened for CAS. We are trying to use the IP addresses of the Tomcat servers on the internal network. Normally, the SSL port is not open to the outside world. The IP address of the Tomcat server was used in the SSL certificate. Here is the error. Any help would be greatly appreciated! The IP addresses is the same, so not sure why I am getting this error message? 2007-11-07 15:31:42,523 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-WIU6g7n6WlJHeTlOnJWm6NtKyiyZDSv3HrH-20] for service [ https://192.168.254.70:8443 <https://192.168.254.70:8443/terms/rs_timesheet.css> /terms/rs_timesheet.css <https://192.168.254.70:8443/terms/rs_timesheet.css> ] for user [Admin100]> 24131 [http-8443-Processor25] ERROR [/terms].[default] - Servlet.service() for servlet default threw exception java.io.IOException : HTTPS hostname wrong: should be <192.168.254.70> at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing (HttpsClient.java:493) at sun.net.www.protocol.https.HttpsClient.afterConnect (HttpsClient.java:418) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab stractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream (HttpURLConnection.java:913) at com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.ge tInputStream(HttpsURLConnectionOldImpl.java:204) at edu.yale.its.tp.cas.util.SecureURL.retrieve (SecureURL.java:70) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket Validator.java:212) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt er.java :219) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :127) at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java :151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87 4) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection(Http11BaseProtocol.java :665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java :81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:689) at java.lang.Thread.run(Thread.java:595) starting Apache....... Clifford Bryant, Senior Developer Edgewater Technology, Inc. ------------------------------------------------------------- 20 Harvard Mill Square Wakefield, MA 01880 Direct *: 781.213.9885 Cell (: 617.417.6704 Fax 6 : 781.246.5903 *: cbryant @edgewater.com <mailto:[EMAIL PROTECTED]> *: www.edgewater.com <http://www.edgewater.com/> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain information that is protected from disclosure by applicable law. If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain information that is protected from disclosure by applicable law. If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
