Hi guys,
I'm having a really hard time trying to integrate these two pieces into
my apache 2.2 server. I was able to get to the CAS login screen, login
successfully but then get booted to a "401 Authorization Required" page.
The last two lines of the log indicates that CAS was able to
authenticate me correctly. However, during the authorization phrase, the
username that's logged in was not passed into mod_authnz_ldap.
Any insights would be appreciated.
httpd.conf:
<Directory "/usr/local/apache2/htdocs/private/*">
AllowOverride AuthConfig
Order allow,deny
Allow from all
AuthType CAS
AuthName "CAS Authentication"
AuthLDAPUrl ldap://ldapServer:389/ou=people,o=myOrg
AuthLDAPBindDN uid=admin,ou=system
AuthLDAPBindPassword ******
require ldap-group cn=publisher,ou=groups,o=myOrg
</Directory>
# Load mod_auth_cas
LoadModule auth_cas_module modules/mod_auth_cas.so
<IfModule mod_auth_cas.c>
CASDebug On
CASCookiePath /tmp/cas/
CASLoginURL https://eagle:8443/cas/login
CASValidateURL https://eagle:8443/cas/serviceValidate
CASCertificatePath /usr/local/share/certs/ca/ca.crt
CASValidateServer On
log:
[Fri Jul 18 17:39:20 2008] [debug] mod_auth_cas.c(481): [client
192.168.1.98] CAS Service
'http%3a%2f%2feagle.myOrg.com%2fprivate%2findex.html'
[Fri Jul 18 17:39:20 2008] [debug] mod_auth_cas.c(506): [client
192.168.1.98] Adding outgoing header: Location:
https://eagle:8443/cas/login?service=http%3a%2f%2feagle.myOrg.com%2fprivate%2findex.html
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(550): [client
192.168.1.98] Modified r->args (old
'ticket=ST-15-tJkGmzdzSsZIEAnLTurQ-cas', new '')
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(481): [client
192.168.1.98] CAS Service 'http%3a%2f%2feagle.my.com%2fprivate%2findex.html'
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(1450): [client
192.168.1.98] Validation request: GET
/cas/serviceValidate?service=http%3a%2f%2feagle.myOrg.com%2fprivate%2findex.html&ticket=ST-15-tJkGmzdzSsZIEAnLTurQ-cas
HTTP/1.1\nHost: eagle\nConnection: close\n\n
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(1458): [client
192.168.1.98] Request successfully transmitted
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(1466): [client
192.168.1.98] Received 373 bytes of response
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(1466): [client
192.168.1.98] Received 0 bytes of response
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(1472): [client
192.168.1.98] Validation response: HTTP/1.1 200 OK\r\nServer:
Apache-Coyote/1.1\r\nContent-Type:
text/html;charset=ISO-8859-1\r\nContent-Language:
en-US\r\nContent-Length: 181\r\nDate: Fri, 18 Jul 2008 21:39:21
GMT\r\nConnection: close\r\n\r\n<cas:serviceResponse
xmlns:cas='http://www.yale.edu/tp/cas'>\n\t<cas:authenticationSuccess>\n\t\t<cas:user>TestPublisher</cas:user>\n\n\n\t</cas:authenticationSuccess>\n</cas:serviceResponse>
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(851): [client
192.168.1.98] Insufficient time elapsed since last cache clean
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(994): [client
192.168.1.98] Cookie '08ac2935866a9673fb9a883b2f1e4324' created for user
'TestPublisher'
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(363): [client
192.168.1.98] Determining CAS scope (path: /private/, CASScope: (null),
CASRenew: (null), CASGateway: (null))
[Fri Jul 18 17:39:21 2008] [debug] mod_auth_cas.c(643): [client
192.168.1.98] Adding outgoing header: Set-Cookie:
MOD_AUTH_CAS=08ac2935866a9673fb9a883b2f1e4324;Path=/private/
[Fri Jul 18 17:39:21 2008] [debug] mod_authnz_ldap.c(582): [client
192.168.1.98] ldap authorize: Creating LDAP req structure
[Fri Jul 18 17:39:21 2008] [debug] mod_authnz_ldap.c(594): [client
192.168.1.98] auth_ldap authorise: User DN not found, User not found
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
