Dave,
Are you trying to get everything working on one box? It should be
possible, though this is not how I have gotten it to work. You have
two different hostnames: "owa" and "apache." Can I assume that they
are both one and the same box? Using this method, the browser should
only be connecting to the host "apache" on port 444 and access to CAS
and OWA should go through Apache proxy. I see that CAS has issued a
service ticket for /exchweb. Is that an artifact of your testing
method or is some service expected to actually validate that ticket?
Since this method does not really use CAS protocol to authenticate to
OWA, it's a stretch to call this "CASifying." But that's the type of
extremes that you have to resort to when dealing with closed
applications like OWA.
Adam
dev hetbaken wrote:
Dear CAS community,
First of all, thanks for the good documentation. Setting up CAS with
ldap and spnego authentication was a piece of cake. I only needed
a couple of days (except spnego, that's not working when you use the
browser on the same computer where cas is installed).
But I have problems with OWA. I'm using the manual Casifying OWA 2.
http://www.ja-sig.org/wiki/display/CAS/CASifying+Outlook+Web+Access+2
I combined the information on version 5 and the current version (the
patch didn't work very well).
It looks like CAS isn't able to connect to owaauth.dll. When I'm
authenticated and try OWA, then CAS is sending unlimited Service
Tickets.
the cas.log says: IOException when trying to connect to OWA Server
I have the feeling that some very important information is missing on
the manual. Like IIS configuration or something.
- I'm almost sure that the owa client.jar is the same as the patch
should create.
- The xml files are changed as described (I looked at the patch to make
sure the files changed correctly)
- I configured the apache Virtual hosts. When I go to cas, the IP is
changing correctly to 127.0.0.2:444
- The default website in IIS is redirected to 127.0.0.2:444
This is my architecture:
- Windows Server 2003 (domain controller)
- CAS 3.3.1 with LDAP & SSL (port 8443)
- Clean installation of IIS with Exchange 2003, Form Based
Authentication (FBA) and SSL (port 443)
- Apache 2.2 with SSL (port 444)
The CAS.log file:
2009-01-07 16:36:12,189 INFO
[org.jasig.cas.support.owa.SendOwaTicketAction] - FormObjectClass not
set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2009-01-07 16:36:14,793 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass
not set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2009-01-07 16:36:28,934 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Starting cleaning of expired tickets from ticket registry at [Wed Jan
07 16:36:28 CET 2009]
2009-01-07 16:36:28,944 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
0 found to be removed. Removing now.
2009-01-07 16:36:28,944 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Finished cleaning of expired tickets from ticket registry at [Wed Jan
07 16:36:28 CET 2009]
2009-01-07 16:37:08,078 INFO
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for
cookies to: /cas
2009-01-07 16:37:25,063 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials:
[username: administrator]
2009-01-07 16:37:25,093 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Action
'SendOwaTicketAction' beginning execution
2009-01-07 16:37:25,093 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Found existing form
object with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in
scope Flow
2009-01-07 16:37:25,474 DEBUG [org.jasig.cas.support.owa.OwaConnector]
- Connecting to OWA Service (https://owa.hetbaken.lokaal/ExchWeb/bin/auth/owaauth.dll)
2009-01-07 16:37:25,844 DEBUG [org.jasig.cas.support.owa.OwaConnector]
- IOException when trying to connect to OWA Server
2009-01-07 16:37:25,844 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Action
'SendOwaTicketAction' completed execution; result is 'success'
2009-01-07 16:37:25,854 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service
ticket [ST-1-taXzKczagqEJYF1M2gfA-cas] for service
[https://apache.hetbaken.lokaal:444/exchweb/] for user [administrator]
I hope someone can help me.
Regards,
Dave
Plan je feest, nodig mensen uit en deel je foto's met Windows
Live Events
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
|
begin:vcard
fn:Adam Rybicki
n:Rybicki;Adam
org:Unicon, Inc.;Professional Services
adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States
email;internet:[email protected]
tel;work:+1-480-558-2400
tel;home:+1-310-265-8286
tel;cell:+1-310-980-2758
x-mozilla-html:FALSE
url:http://www.unicon.net/
version:2.1
end:vcard
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
