Adam,
Thanks for your reply.
1. Are you trying to get everything working on one box?
- Yes, they want me to do everything on 1 computer (without enough ram for
multiple virtual machines). I'm not happy with it, but it's just for testing
purposes.
2.CAS and OWA should go through Apache proxy
- I have 3 hosts. cas and owa are going through apache proxy.
3. I see that CAS has issued a service ticket for /exchweb
- Indeed, Cas issued a service ticket for /exchweb. I think it was the last try
in my brute force method to get it to work. It's coming from the rewrite rule
in the apache config file. I also tried /exchange, /exchange/, /exchweb/,
****owaauth.dll, etc, etc.
I have some questions:
- I used 2 different manuals. The one with the patch (current) and the previous
one. The configuration in the xml files is slightly different, so its a little
confusing. I tried with a brute force method all/most possible combinations.
On the end of this mail you find the way thats the most logical to me (Only the
parts where it can go wrong). Is it correct?
- Do I need some specific settings in IIS, or is redirecting to apache enough?
- I'm using different certificates for each webserver, can that be a problem?
- The manual says "In the DNS system I had a CNAME entry : www.domain.com
pointing to cas.domain.com" Do I really need this? I only configured Hosts
The files:
Apache Config File
RewriteCond %{QUERY_STRING} logoffRewriteRule ^/exchange/.+
https://apache.hetbaken.lokaal:444/cas/logout?service=https://apache.hetbaken.lokaal:444/cas
[R]RewriteRule ^/exchweb/bin/auth/owalogon.asp
https://apache.hetbaken.lokaal:444/cas/login?service=https://apache.hetbaken.lokaal:444/exchange
[R]
Cas-servlet.xml
<bean id="OWAConnection" class="org.jasig.cas.support.owa.OwaConnector"
p:host="owa.hetbaken.lokaal" p:port="443" p:scheme="https"
p:owaauth="ExchWeb/bin/auth/owaauth.dll"
p:owalogon="ExchWeb/bin/auth/owalogon.asp" p:destination="/exchange/" />
OWASession/CAdataCookieGenerator.xml
p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="cadata"
p:cookieDomain="hetbaken.lokaal" p:cookiePath="/" />
OWARealSession/CAdataCookieGenerator.xml
p:cookieSecure="true" p:cookieMaxAge="-1" p:cookieName="cadata"
p:cookieDomain="apache.hetbaken.lokaal" p:cookiePath="/" />
Regards,
Dave
Date: Thu, 8 Jan 2009 15:43:50 -0800From: [email protected]:
[email protected]: Re: Casifying OWA 2Dave,Are you trying to get
everything working on one box? It should be possible, though this is not how I
have gotten it to work. You have two different hostnames: "owa" and "apache."
Can I assume that they are both one and the same box? Using this method, the
browser should only be connecting to the host "apache" on port 444 and access
to CAS and OWA should go through Apache proxy. I see that CAS has issued a
service ticket for /exchweb. Is that an artifact of your testing method or is
some service expected to actually validate that ticket?Since this method does
not really use CAS protocol to authenticate to OWA, it's a stretch to call this
"CASifying." But that's the type of extremes that you have to resort to when
dealing with closed applications like OWA.Adamdev hetbaken wrote:
Dear CAS community, First of all, thanks for the good documentation. Setting up
CAS with ldap and spnego authentication was a piece of cake. I only needed a
couple of days (except spnego, that's not working when you use the browser on
the same computer where cas is installed). But I have problems with OWA. I'm
using the manual Casifying OWA
2.http://www.ja-sig.org/wiki/display/CAS/CASifying+Outlook+Web+Access+2I
combined the information on version 5 and the current version (the patch didn't
work very well).It looks like CAS isn't able to connect to owaauth.dll. When
I'm authenticated and try OWA, then CAS is sending unlimited Service
Tickets.the cas.log says: IOException when trying to connect to OWA Server I
have the feeling that some very important information is missing on the manual.
Like IIS configuration or something.- I'm almost sure that the owa client.jar
is the same as the patch should create.- The xml files are changed as described
(I looked at the patch to make sure the files changed correctly)- I configured
the apache Virtual hosts. When I go to cas, the IP is changing correctly to
127.0.0.2:444- The default website in IIS is redirected to 127.0.0.2:444 This
is my architecture: - Windows Server 2003 (domain controller)- CAS 3.3.1 with
LDAP & SSL (port 8443)- Clean installation of IIS with Exchange 2003, Form
Based Authentication (FBA) and SSL (port 443)- Apache 2.2 with SSL (port 444)
The CAS.log file:2009-01-07 16:36:12,189 INFO
[org.jasig.cas.support.owa.SendOwaTicketAction] - FormObjectClass not set.
Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.2009-01-07
16:36:14,793 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] -
FormObjectClass not set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.2009-01-07
16:36:28,934 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Starting
cleaning of expired tickets from ticket registry at [Wed Jan 07 16:36:28 CET
2009]2009-01-07 16:36:28,944 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0 found
to be removed. Removing now.2009-01-07 16:36:28,944 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Finished
cleaning of expired tickets from ticket registry at [Wed Jan 07 16:36:28 CET
2009]2009-01-07 16:37:08,078 INFO
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to:
/cas2009-01-07 16:37:25,063 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
AuthenticationHandler:
org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully
authenticated the user which provided the following credentials: [username:
administrator]2009-01-07 16:37:25,093 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Action 'SendOwaTicketAction'
beginning execution2009-01-07 16:37:25,093 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Found existing form object
with name 'credentials' of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow2009-01-07 16:37:25,474 DEBUG [org.jasig.cas.support.owa.OwaConnector] -
Connecting to OWA Service
(https://owa.hetbaken.lokaal/ExchWeb/bin/auth/owaauth.dll)2009-01-07
16:37:25,844 DEBUG [org.jasig.cas.support.owa.OwaConnector] - IOException when
trying to connect to OWA Server2009-01-07 16:37:25,844 DEBUG
[org.jasig.cas.support.owa.SendOwaTicketAction] - Action 'SendOwaTicketAction'
completed execution; result is 'success'2009-01-07 16:37:25,854 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket
[ST-1-taXzKczagqEJYF1M2gfA-cas] for service
[https://apache.hetbaken.lokaal:444/exchweb/] for user [administrator]I hope
someone can help me.Regards, Dave
Plan je feest, nodig mensen uit en deel je foto's met Windows Live Events
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_________________________________________________________________
Blijf altijd op de hoogte van wat jouw vrienden doen
http://home.live.com
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
