Having setup one CAS server for testing with a minimum of issues; I now
seem to be running into a well when attempting to get CAS + mod_auth_cas
(1.0.4) working properly on a second server. The issue is that after
the user logs in (via CAS) the redirect back to the service url is sent,
but then the browser sits there for a long time (1 or 2 minutes) before
the protected service page loads. The Apache logs seem to indicate that
after the ticket is verified nothing happens for the time of the pause,
and then as if out of no where mod_auth_cas creates a cookie and the
page loads.
My problematic setup:
Ubuntu Server 7.10
Apache 2.2.4 (standard)
mod_jk (shipped w/ ubuntu, version 1.2.23)
Sun Java 1.6.0_03 (from apt repo)
Tomcat 6.0.14
Apache 'Error' Log showing pause:
[Tue Dec 18 10:48:14 2007] [info] [client 192.168.5.151] Connection
closed to child 2 with standard shutdown (server test.server.com:443)
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(449): [client
192.168.5.151] Modified r->args (old
'ticket=ST-1-VofHoIblIwBO3ePjHixJ1hLlK5EFZdECa4T-20', new '')
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(386): [client
192.168.5.151] CAS Service 'http%3a%2f%2ftest.server.com%2fprotected%2f'
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(1133): [client
192.168.5.151] Validation request: GET
/cas/serviceValidate?service=http%3a%2f%2ftest.server.com%2fprotected%2f&ticket=ST-1-VofHoIblIwBO3ePjHixJ1hLlK5EFZdECa4T-20
HTTP/1.1\nHost: localhost\nConnection: close\n\n
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(1140): [client
192.168.5.151] Request successfully transmitted
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(1148): [client
192.168.5.151] Received 373 bytes of response
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(1148): [client
192.168.5.151] Received 0 bytes of response
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(1154): [client
192.168.5.151] Validation response: HTTP/1.1 200 OK\r\nServer:
Apache-Coyote/1.1\r\nContent-Type:
text/html;charset=ISO-8859-1\r\nContent-Language:
en-US\r\nContent-Length: 181\r\nDate: Tue, 18 Dec 2007 16:48:14
GMT\r\nConnection: close\r\n\r\n<cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>\r\n\t<cas:authenticationSuccess>\r\n\t\t<cas:user>test_user</cas:user>\r\n\r\n\r\n\t</cas:authenticationSuccess>\r\n</cas:serviceResponse>
[Tue Dec 18 10:48:14 2007] [debug] mod_auth_cas.c(738): [client
192.168.5.151] Insufficient time elapsed since last cache clean
[Tue Dec 18 10:48:29 2007] [debug] ssl_engine_io.c(1786): OpenSSL:
I/O error, 5 bytes expected to read on BIO#8390c38 [mem: 837ec38]
[Tue Dec 18 10:48:29 2007] [info] [client 192.168.5.151] (70007)The
timeout specified has expired: SSL input filter read failed.
[Tue Dec 18 10:48:29 2007] [debug] ssl_engine_kernel.c(1770):
OpenSSL: Write: SSL negotiation finished successfully
[Tue Dec 18 10:48:29 2007] [info] [client 192.168.5.151] Connection
closed to child 1 with standard shutdown (server test.server.com:443)
[Tue Dec 18 10:49:48 2007] [debug] mod_auth_cas.c(826): [client
192.168.5.151] Cookie 'c0e1f3fb6531c7c002cdd9aacf19704e' created for
user 'test_user'
[Tue Dec 18 10:49:48 2007] [debug] mod_auth_cas.c(280): [client
192.168.5.151] Determining CAS scope (path: /protected/, CASScope:
(null), CASRenew: (null), CASGateway: (null))
[Tue Dec 18 10:49:48 2007] [debug] mod_auth_cas.c(555): [client
192.168.5.151] Adding outgoing header: Set-Cookie:
MOD_AUTH_CAS=c0e1f3fb6531c7c002cdd9aacf19704e;Path=/protected/
Any ideas?
Thanks,
--
Robert r. Sanders
Chief Technologist
iPOV
(334) 821-5412
www.ipov.net
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
