Thank you for your time. I checked my configuration, there is no space ,it’s must be a typo, I replaced my domain name for security reason. Below is my real configuration: #******************************CAS client integration************** LoadModule auth_cas_module modules/mod_auth_cas.so CASCookiePath /tmp/cas/ CASloginURL https://sp.permis.pku.edu.cn/cas/login CASValidateURL https://sp.permis.pku.edu.cn/cas/serviceValidate CASCertificatePath /home/ncpku/common/httpd-2.0.59/conf/sp.permis.pku.edu.cn.crt <Location "/casprotect/"> AuthType CAS Require valid-user </Location> #*******************************************************************
I turned debug level of apache to DEBUG and modified my log4j.properties like below log4j.logger.org.jasig.cas.web.flow=DEBUG log4j.logger.org.jasig.cas.authentication=DEBUG log4j.logger.org.jasig.cas.web.flow.TicketGrantingTicketCheckAction=DEBUG log4j.logger.org.jasig.cas.services.DefaultServiceRegistry=DEBUG log4j.logger.org.jasig.cas.services=DEBUG and here is my log: httpd error_log: [Wed Oct 22 14:25:19 2008] [error] [client 162.105.67.102] MOD_AUTH_CAS: Could not perform SSL handshake with sp.permis.pku.edu.cn (check CASCertificatePath), referer: https://sp.permis.pku.edu.cn/cas/login?service=https%3a%2f%2fsp.permis.pku.e du.cn%2fcasprotect%2f cas.log: (also in attchment) 2008-10-22 14:25:10,088 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution 2008-10-22 14:25:10,091 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas 2008-10-22 14:25:10,099 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Placing service in FlowScope: https://sp.permis.pku.edu.cn/casprotect/ 2008-10-22 14:25:10,100 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success' 2008-10-22 14:25:10,132 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2008-10-22 14:25:10,135 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm 2008-10-22 14:25:10,136 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials' 2008-10-22 14:25:10,136 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] 2008-10-22 14:25:10,137 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials' 2008-10-22 14:25:10,137 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials' 2008-10-22 14:25:10,148 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2008-10-22 14:25:10,152 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2008-10-22 14:25:10,153 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2008-10-22 14:25:10,153 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2008-10-22 14:25:10,153 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2008-10-22 14:25:18,436 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2008-10-22 14:25:18,437 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing bind 2008-10-22 14:25:18,437 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow 2008-10-22 14:25:18,437 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register 2008-10-22 14:25:18,442 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding allowed request parameters in map['lt' -> '_c3E31A0C0-C329-DA8A-DDD2-9DB286EBDE0E_k20927939-E9B9-269E-9619-CE6C38036F8 7', 'service' -> 'https://sp.permis.pku.edu.cn/casprotect/', '_eventId' -> 'submit', 'password' -> '12345', 'submit' -> '??????', 'username' -> 'roey'] to form object with name 'credentials', pre-bind formObject toString = [username: null] 2008-10-22 14:25:18,443 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - (Any field is allowed) 2008-10-22 14:25:18,447 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Binding completed for form object with name 'credentials', post-bind formObject toString = [username: roey] 2008-10-22 14:25:18,448 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, details: [] 2008-10-22 14:25:18,448 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing validation 2008-10-22 14:25:18,448 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Invoking validator [EMAIL PROTECTED] 2008-10-22 14:25:18,451 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Validation completed for form object 2008-10-22 14:25:18,451 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - There are [0] errors, details: [] 2008-10-22 14:25:18,451 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash 2008-10-22 14:25:18,451 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2008-10-22 14:25:18,451 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution 2008-10-22 14:25:18,452 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Found existing form object with name 'credentials' of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow 2008-10-22 14:25:19,270 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.jdbc.QueryDatabaseAuthenticationHandler successfully authenticated the user which provided the following credentials: [username: roey] 2008-10-22 14:25:19,271 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip alResolver] - Attempting to resolve a principal... 2008-10-22 14:25:19,271 DEBUG [org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincip alResolver] - Creating SimplePrincipal for [roey] 2008-10-22 14:25:19,283 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success' 2008-10-22 14:25:19,283 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action 'SendTicketGrantingTicketAction' beginning execution 2008-10-22 14:25:19,284 DEBUG [org.jasig.cas.web.flow.SendTicketGrantingTicketAction] - Action 'SendTicketGrantingTicketAction' completed execution; result is 'success' 2008-10-22 14:25:19,284 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action 'GenerateServiceTicketAction' beginning execution 2008-10-22 14:25:19,286 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-ZDZ5aL4YpjVdRxWJenD3-cas] for service [https://sp.permis.pku.edu.cn/casprotect/] for user [roey] 2008-10-22 14:25:19,287 DEBUG [org.jasig.cas.web.flow.GenerateServiceTicketAction] - Action 'GenerateServiceTicketAction' completed execution; result is 'success' -----邮件原件----- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代 表 Smith, Matthew J. 发送时间: 2008年10月21日 20:27 收件人: Yale CAS mailing list 主题: Re: MOD_AUTH_CAS: Could not perform SSL handshake -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Perhaps it is simply the copy & paste into the email, but I notice a few spaces in the paths of your config. Could you verify that those are not in your real configuration? Is mydomain.crt the signing CA for your CAS server's certificate? Is mydomain.crt readable by the user the Apache daemon is running as? Could you enable CAS debugging and Apache debugging, and send the extra debugging information here? - -Matt lobatt wrote: > Dear list: > > I have deployed a testing CAS server to protect a httpd > Location, I can login in CAS server successfully, but after being > automatically redirected to the protect location, it always return a 401 > error page to me. > > > > I checked my log: > > In http log: > > - - [21/Oct/2008:14:07:40 +0800] "GET > /casprotect/?ticket=ST-24-L3WtJybA9GIJNa4ASyYJ-cas HTTP/1.1" 401 564 > > In cas log: > > 2008-10-21 14:07:40,151 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service > ticket [ST-24-L3WtJybA9GIJNa4 > > ASyYJ-cas] for service [https://sp.permis.pku.edu.cn/casprotect/] for > user [Roey] > > 2008-10-21 14:22:08,272 INFO > [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - > Starting cleaning of expi > > red tickets from ticket registry at [Tue Oct 21 14:22:08 CST 2008] > > > > my mod_auth_cas configuration: > > LoadModule auth_cas_module modules/mod_auth_cas.so > > CASCookiePath /tmp/cas/ > > CASloginURL https://mydomain /cas/login > > CASValidateURL https:// mydomain /cas/serviceValidate > > CASCertificatePath /home/ncpku/common/httpd-2.0.59/conf/ mydomain.crt > > <Location "/casprotect/"> > > AuthType CAS > > Require valid-user > > </Location> > > > > I checked my CertificatePath, and I am sure that is right. > > Is there any other possibility? > > > > Best regards, > > Li Cheng > > > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas - -- Matthew J. Smith University of Connecticut ITS [EMAIL PROTECTED] PGP KeyID: 0xE9C5244E -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFI/cqmGP63pOnFJE4RApgoAKCvr6dwN9JJ9UoB6Kswyz46G04ptwCfchdd kISrC2dQDweyubCquluMLLU= =VZuH -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
cas.log
Description: Binary data
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
