subject:"\[cas\-user\] mod_auth

Re: [cas-user] mod_auth_cas 1.1

2016-12-15 Thread David Hawes

I see no mod_auth_cas configuration here.

On 13 December 2016 at 18:44, Chris Cheltenham
<cchelten...@swaintechs.com> wrote:
> David,
>
> Again I appreciate your help.
>
>
>
> -Original Message-
> From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David 
> Hawes
> Sent: Tuesday, December 13, 2016 10:52 AM
> To: CAS Community
> Subject: Re: [cas-user] mod_auth_cas 1.1
>
> On 12 December 2016 at 17:57, Chris Cheltenham <cchelten...@swaintechs.com> 
> wrote:
>> David,
>>
>> He mod_auth_cas is attached.
>
> Can you post your Apache config?
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wD4aDf-BD4gi9Hh%3D1yexiUy6W9R5XXaOdZ8UUfwooQVCA%40mail.gmail.com.
>
> --
> - CAS gitter chatroom: https://gitter.im/apereo/cas
> - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
> - CAS documentation website: https://apereo.github.io/cas
> - CAS project website: https://github.com/apereo/cas
> ---
> You received this message because you are subscribed to the Google Groups 
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit 
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB121344956B0FE8DF4F160582C49B0%40MWHPR17MB1213.namprd17.prod.outlook.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wDSqEY98VALi8N4Q-iq%2B1F4TsKG3Fo8K2ng7qjNja%3Dsqw%40mail.gmail.com.

RE: [cas-user] mod_auth_cas 1.1

2016-12-14 Thread Chris Cheltenham

David,

You can actually see whats happening as this is a public site.

Goto:

https://test.dcis.hhs.gov/


you will see the correct url as you hover over the big blue button.

 Click the big blue button and cas picks up with this url
https://test.dcis.hhs.gov/cas/login?service=https%3a%2f%2ftest.dcis.hhs.gov%2fmain.php

that is all right.

When you authenticate, through LDAP ( which we verified through an LDAP browser)
The CAS server returns the ticket onto the url

https://test.dcis.hhs.gov/main.php?ticket=ST-4-DCNLqLHl5fzKUahu9Jdx-test-ba.dcis.hhs.gov

The ticket is also created on the CAS server.



-Original Message-
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Hawes
Sent: Tuesday, December 13, 2016 10:52 AM
To: CAS Community
Subject: Re: [cas-user] mod_auth_cas 1.1

On 12 December 2016 at 17:57, Chris Cheltenham <cchelten...@swaintechs.com> 
wrote:
> David,
>
> He mod_auth_cas is attached.

Can you post your Apache config?

--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wD4aDf-BD4gi9Hh%3D1yexiUy6W9R5XXaOdZ8UUfwooQVCA%40mail.gmail.com.

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB121373A6953F7BF65BF8582BC49A0%40MWHPR17MB1213.namprd17.prod.outlook.com.

Re: [cas-user] mod_auth_cas 1.1

2016-12-13 Thread David Hawes

On 12 December 2016 at 17:57, Chris Cheltenham
 wrote:
> David,
>
> He mod_auth_cas is attached.

Can you post your Apache config?

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wD4aDf-BD4gi9Hh%3D1yexiUy6W9R5XXaOdZ8UUfwooQVCA%40mail.gmail.com.

RE: [cas-user] mod_auth_cas 1.1

2016-12-12 Thread Chris Cheltenham

David,

He mod_auth_cas is attached.

We are on debug mode.

That is all the information we get back in logs.



-Original Message-
From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of David Hawes
Sent: Monday, December 12, 2016 5:39 PM
To: CAS Community
Subject: Re: [cas-user] mod_auth_cas 1.1

Please post your mod_auth_cas configuration.

Next, set your LogLevel to debug and CASDebug on. Do you see anything useful in 
the error log?

On 10 December 2016 at 11:41, Chris Cheltenham <cchelten...@swaintechs.com> 
wrote:
> Hello everyone,
>
>
>
> We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and 
> mod_auth_cas 1.1
>
>
>
> We are getting this error once we log into CAS.
>
>
>
> Unauthorized
>
>
>
> This server could not verify that you are authorized to access the 
> document requested. Either you supplied the wrong credentials (e.g., 
> bad password), or your browser doesn't understand how to supply the 
> credentials required.
>
>
>
> The URL has the ticket I there when we proxy to the CAS server.
>
>
>
>
>
> https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-t
> est-ba.dcis.hhs.gov
>
>
>
> On other RHEL5 apache servers that work we see this in the URL
>
>
>
> https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fma
> in.php
>
>
>
>
>
> The install seems to go well.
>
> See below
>
>
>
> See any operating system documentation about shared libraries for
>
> more information, such as the ld(1) and ld.so(8) manual pages.
>
> --
>
> chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
>
> Making install in tests
>
> make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
>
> make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
>
> make[2]: Nothing to be done for `install-exec-am'.
>
> make[2]: Nothing to be done for `install-data-am'.
>
> make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
>
> make[1]: Entering directory `/tmp/mod_auth_cas-master'
>
> make[2]: Entering directory `/tmp/mod_auth_cas-master'
>
> make[2]: Nothing to be done for `install-exec-am'.
>
> make[2]: Nothing to be done for `install-data-am'.
>
> make[2]: Leaving directory `/tmp/mod_auth_cas-master'
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master'
>
> root@test-web:/tmp/mod_auth_cas-master > ls -l
>
> total 1684
>
> -rw-r--r--. 1 root root  42423 Oct 11 18:39 aclocal.m4
>
> -rwxr-xr-x. 1 root root   7333 Oct 11 18:39 compile
>
> -rwxr-xr-x. 1 root root  42938 Oct 11 18:39 config.guess
>
> -rw-r--r--. 1 root root   5958 Dec 10 11:33 config.h
>
> -rw-r--r--. 1 root root   5576 Oct 11 18:39 config.h.in
>
> -rw-r--r--. 1 root root  60120 Dec 10 11:33 config.log
>
> -rwxr-xr-x. 1 root root  60916 Dec 10 11:33 config.status
>
> -rwxr-xr-x. 1 root root  36006 Oct 11 18:39 config.sub
>
> -rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
>
> -rw-r--r--. 1 root root   5083 Oct 11 18:39 configure.ac
>
> -rwxr-xr-x. 1 root root  23566 Oct 11 18:39 depcomp
>
> -rwxr-xr-x. 1 root root  14675 Oct 11 18:39 install-sh
>
> -rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
>
> -rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
>
> drwxr-xr-x. 2 root root   4096 Oct 11 18:39 m4
>
> -rw-r--r--. 1 root root  27298 Dec 10 11:33 Makefile
>
> -rw-r--r--. 1 root root961 Oct 11 18:39 Makefile.am
>
> -rw-r--r--. 1 root root  27090 Oct 11 18:39 Makefile.in
>
> -rwxr-xr-x. 1 root root   6872 Oct 11 18:39 missing
>
> -rw-r--r--. 1 root root801 Oct 11 18:39 NOTES
>
> -rw-r--r--. 1 root root  17243 Oct 11 18:39 README
>
> -rw-r--r--. 1 root root   3327 Oct 11 18:39 README.win32
>
> drwxr-xr-x. 4 root root   4096 Dec 10 11:33 src
>
> -rw-r--r--. 1 root root 23 Dec 10 11:33 stamp-h1
>
> -rwxr-xr-x. 1 root root   4640 Oct 11 18:39 test-driver
>
> drwxr-xr-x. 3 root root   4096 Dec 10 11:33 tests
>
> root@test-web:/tmp/mod_auth_cas-master > ls -l 
> /usr/lib64/httpd/modules/mod_auth_cas.so
>
> -rwxr-xr-x. 1 root root 245800 Dec 10 11:33 
> /usr/lib64/httpd/modules/mod_auth_cas.so
>
> root@test-web:/tmp/mod_auth_cas-master > service httpd start
>
> Redirecting to /bin/systemctl start  httpd.service
>
> root@test-web:/tmp/mod_auth_cas-master > systemctl httpd status
>
> Unknown operation 'httpd'.
>
> root@test-web:/tmp/mod_auth_cas-master > systemctl status httpd
>
> ● httpd.se

Re: [cas-user] mod_auth_cas 1.1

2016-12-12 Thread David Hawes

Please post your mod_auth_cas configuration.

Next, set your LogLevel to debug and CASDebug on. Do you see anything
useful in the error log?

On 10 December 2016 at 11:41, Chris Cheltenham
 wrote:
> Hello everyone,
>
>
>
> We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1
>
>
>
> We are getting this error once we log into CAS.
>
>
>
> Unauthorized
>
>
>
> This server could not verify that you are authorized to access the document
> requested. Either you supplied the wrong credentials (e.g., bad password),
> or your browser doesn't understand how to supply the credentials required.
>
>
>
> The URL has the ticket I there when we proxy to the CAS server.
>
>
>
>
>
> https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov
>
>
>
> On other RHEL5 apache servers that work we see this in the URL
>
>
>
> https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php
>
>
>
>
>
> The install seems to go well.
>
> See below
>
>
>
> See any operating system documentation about shared libraries for
>
> more information, such as the ld(1) and ld.so(8) manual pages.
>
> --
>
> chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
>
> Making install in tests
>
> make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
>
> make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
>
> make[2]: Nothing to be done for `install-exec-am'.
>
> make[2]: Nothing to be done for `install-data-am'.
>
> make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
>
> make[1]: Entering directory `/tmp/mod_auth_cas-master'
>
> make[2]: Entering directory `/tmp/mod_auth_cas-master'
>
> make[2]: Nothing to be done for `install-exec-am'.
>
> make[2]: Nothing to be done for `install-data-am'.
>
> make[2]: Leaving directory `/tmp/mod_auth_cas-master'
>
> make[1]: Leaving directory `/tmp/mod_auth_cas-master'
>
> root@test-web:/tmp/mod_auth_cas-master > ls -l
>
> total 1684
>
> -rw-r--r--. 1 root root  42423 Oct 11 18:39 aclocal.m4
>
> -rwxr-xr-x. 1 root root   7333 Oct 11 18:39 compile
>
> -rwxr-xr-x. 1 root root  42938 Oct 11 18:39 config.guess
>
> -rw-r--r--. 1 root root   5958 Dec 10 11:33 config.h
>
> -rw-r--r--. 1 root root   5576 Oct 11 18:39 config.h.in
>
> -rw-r--r--. 1 root root  60120 Dec 10 11:33 config.log
>
> -rwxr-xr-x. 1 root root  60916 Dec 10 11:33 config.status
>
> -rwxr-xr-x. 1 root root  36006 Oct 11 18:39 config.sub
>
> -rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
>
> -rw-r--r--. 1 root root   5083 Oct 11 18:39 configure.ac
>
> -rwxr-xr-x. 1 root root  23566 Oct 11 18:39 depcomp
>
> -rwxr-xr-x. 1 root root  14675 Oct 11 18:39 install-sh
>
> -rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
>
> -rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
>
> drwxr-xr-x. 2 root root   4096 Oct 11 18:39 m4
>
> -rw-r--r--. 1 root root  27298 Dec 10 11:33 Makefile
>
> -rw-r--r--. 1 root root961 Oct 11 18:39 Makefile.am
>
> -rw-r--r--. 1 root root  27090 Oct 11 18:39 Makefile.in
>
> -rwxr-xr-x. 1 root root   6872 Oct 11 18:39 missing
>
> -rw-r--r--. 1 root root801 Oct 11 18:39 NOTES
>
> -rw-r--r--. 1 root root  17243 Oct 11 18:39 README
>
> -rw-r--r--. 1 root root   3327 Oct 11 18:39 README.win32
>
> drwxr-xr-x. 4 root root   4096 Dec 10 11:33 src
>
> -rw-r--r--. 1 root root 23 Dec 10 11:33 stamp-h1
>
> -rwxr-xr-x. 1 root root   4640 Oct 11 18:39 test-driver
>
> drwxr-xr-x. 3 root root   4096 Dec 10 11:33 tests
>
> root@test-web:/tmp/mod_auth_cas-master > ls -l
> /usr/lib64/httpd/modules/mod_auth_cas.so
>
> -rwxr-xr-x. 1 root root 245800 Dec 10 11:33
> /usr/lib64/httpd/modules/mod_auth_cas.so
>
> root@test-web:/tmp/mod_auth_cas-master > service httpd start
>
> Redirecting to /bin/systemctl start  httpd.service
>
> root@test-web:/tmp/mod_auth_cas-master > systemctl httpd status
>
> Unknown operation 'httpd'.
>
> root@test-web:/tmp/mod_auth_cas-master > systemctl status httpd
>
> ● httpd.service - The Apache HTTP Server
>
>Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor
> preset: disabled)
>
>Active: active (running) since Sat 2016-12-10 11:34:34 EST; 17s ago
>
>  Docs: man:httpd(8)
>
>man:apachectl(8)
>
>   Process: 10235 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited,
> status=0/SUCCESS)
>
>   Process: 29467 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
> (code=exited, status=0/SUCCESS)
>
> Main PID: 13258 (httpd)
>
>Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0
> B/sec"
>
>CGroup: /system.slice/httpd.service
>
>├─13258 /usr/sbin/httpd -DFOREGROUND
>
>├─13260 /usr/sbin/httpd -DFOREGROUND
>
>├─13262 /usr/sbin/httpd -DFOREGROUND
>
>├─13263 /usr/sbin/httpd -DFOREGROUND
>
>

RE: [cas-user] mod_auth_cas 1.1

2016-12-10 Thread Chris Cheltenham

Uxio,

Just for some more details.

The httpd log says this:
[Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] 
ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] 
AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in 
browser?!]
[Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client 
10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive shutdown 
(server test.dcis.hhs.gov:443)

The mod_auth_cas 1.1  READ ME says this which worries me.


KNOWN LIMITATIONS

These limitations are known to exists in this release of the software:

* CAS Proxy Validation is not implemented in this version.

From: Uxío Prego [mailto:upr...@madiva.com]
Sent: Saturday, December 10, 2016 1:02 PM
To: CAS Community
Cc: David Lawson; Pathe Sow; Chris Cheltenham
Subject: Re: [cas-user] mod_auth_cas 1.1

Have you discarded a misconfigured database problem?

Have you tried to `tailf` both the catalina.out log, the CAS runtime log/s, and 
the web server's error and SSL error logs when reproducing this to try to find 
more facts?

There is also the possibility to turn on hibernate SQL logging and increasing 
the verbosity of the CAS runtime logs if at first sight you see nothing 
interesting. If you can not repackage the web application archive, this should 
be feasible with package manipulation techniques too.

Regards,

Uxío Prego

Madiva Soluciones
Cl / Serrano Galvache 56 E Abedul 4
28033 Madrid

917 56 84 94
www.madiva.com<http://www.madiva.com>

The activity of email inboxes can be systematically tracked by colleagues, 
business partners and third parties. Turn off automatic loading of images to 
hamper it.

2016-12-10 17:41 GMT+01:00 Chris Cheltenham 
<cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com>>:
Hello everyone,

We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1

We are getting this error once we log into CAS.

Unauthorized

This server could not verify that you are authorized to access the document 
requested. Either you supplied the wrong credentials (e.g., bad password), or 
your browser doesn't understand how to supply the credentials required.

The URL has the ticket I there when we proxy to the CAS server.


https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov

On other RHEL5 apache servers that work we see this in the URL

https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php


The install seems to go well.
See below

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
--
chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
Making install in tests
make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master'
make[1]: Leaving directory `/tmp/mod_auth_cas-master'
root@test-web:/tmp/mod_auth_cas-master > ls -l
total 1684
-rw-r--r--. 1 root root  42423 Oct 11 18:39 aclocal.m4
-rwxr-xr-x. 1 root root   7333 Oct 11 18:39 compile
-rwxr-xr-x. 1 root root  42938 Oct 11 18:39 config.guess
-rw-r--r--. 1 root root   5958 Dec 10 11:33 config.h
-rw-r--r--. 1 root root   5576 Oct 11 18:39 config.h.in<http://config.h.in>
-rw-r--r--. 1 root root  60120 Dec 10 11:33 config.log
-rwxr-xr-x. 1 root root  60916 Dec 10 11:33 config.status
-rwxr-xr-x. 1 root root  36006 Oct 11 18:39 config.sub
-rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
-rw-r--r--. 1 root root   5083 Oct 11 18:39 configure.ac<http://configure.ac>
-rwxr-xr-x. 1 root root  23566 Oct 11 18:39 depcomp
-rwxr-xr-x. 1 root root  14675 Oct 11 18:39 install-sh
-rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
-rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
drwxr-xr-x. 2 root root   4096 Oct 11 18:39 m4
-rw-r--r--. 1 root root  27298 Dec 10 11:33 Makefile
-rw-r--r--. 1 root root961 Oct 11 18:39 Makefile.am
-rw-r--r--. 1 root root  27090 Oct 11 18:39 Makefile.in
-rwxr-xr-x. 1 root root   6872 Oct 11 18:39 missing
-rw-r--r--. 1 root root801 Oct 11 18:39 NOTES
-rw-r--r--. 1 root root  17243 Oct 11 18:39 README
-rw-r--r--. 1 root root   3327 Oct 11 18:39 README.win32
drwxr-xr-x

RE: [cas-user] mod_auth_cas 1.1

2016-12-10 Thread Chris Cheltenham

Thanks for responding Uxio.

There is no Database in this scenario.
I do not understand this part of you answer: “turn on hibernate SQL logging”

Tailf of Catalina logs produce the following at the bottom, so it creates a 
ticket ok.

I greatly appreciate your help.



root@test-ba:/var/log/tomcat6 > tailf catalina.out
2016-12-10 13:04:45,612 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - 
https://test.dcis.hhs.gov/main.php] for user [ccheltenham]>
2016-12-10 13:04:45,612 INFO 
[com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - https://test.dcis.hhs.gov/main.php
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Dec 10 13:04:45 EST 2016
CLIENT IP ADDRESS: 10.153.111.228
SERVER IP ADDRESS: 10.153.111.217
=

>

From: Uxío Prego [mailto:upr...@madiva.com]
Sent: Saturday, December 10, 2016 1:02 PM
To: CAS Community
Cc: David Lawson; Pathe Sow; Chris Cheltenham
Subject: Re: [cas-user] mod_auth_cas 1.1

Have you discarded a misconfigured database problem?

Have you tried to `tailf` both the catalina.out log, the CAS runtime log/s, and 
the web server's error and SSL error logs when reproducing this to try to find 
more facts?

There is also the possibility to turn on hibernate SQL logging and increasing 
the verbosity of the CAS runtime logs if at first sight you see nothing 
interesting. If you can not repackage the web application archive, this should 
be feasible with package manipulation techniques too.

Regards,

Uxío Prego

Madiva Soluciones
Cl / Serrano Galvache 56 E Abedul 4
28033 Madrid

917 56 84 94
www.madiva.com<http://www.madiva.com>

The activity of email inboxes can be systematically tracked by colleagues, 
business partners and third parties. Turn off automatic loading of images to 
hamper it.

2016-12-10 17:41 GMT+01:00 Chris Cheltenham 
<cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com>>:
Hello everyone,

We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1

We are getting this error once we log into CAS.

Unauthorized

This server could not verify that you are authorized to access the document 
requested. Either you supplied the wrong credentials (e.g., bad password), or 
your browser doesn't understand how to supply the credentials required.

The URL has the ticket I there when we proxy to the CAS server.


https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov

On other RHEL5 apache servers that work we see this in the URL

https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php


The install seems to go well.
See below

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
--
chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
Making install in tests
make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master'
make[1]: Leaving directory `/tmp/mod_auth_cas-master'
root@test-web:/tmp/mod_auth_cas-master > ls -l
total 1684
-rw-r--r--. 1 root root  42423 Oct 11 18:39 aclocal.m4
-rwxr-xr-x. 1 root root   7333 Oct 11 18:39 compile
-rwxr-xr-x. 1 root root  42938 Oct 11 18:39 config.guess
-rw-r--r--. 1 root root   5958 Dec 10 11:33 config.h
-rw-r--r--. 1 root root   5576 Oct 11 18:39 config.h.in<http://config.h.in>
-rw-r--r--. 1 root root  60120 Dec 10 11:33 config.log
-rwxr-xr-x. 1 root root  60916 Dec 10 11:33 config.status
-rwxr-xr-x. 1 root root  36006 Oct 11 18:39 config.sub
-rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
-rw-r--r--. 1 root root   5083 Oct 11 18:39 configure.ac<http://configure.ac>
-rwxr-xr-x. 1 root root  23566 Oct 11 18:39 depcomp
-rwxr-xr-x. 1 root root  14675 Oct 11 18:39 install-sh
-rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
-rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
drwxr-xr-x. 2 root root   4096 Oct 11 18:39 m4
-rw-r--r--. 1 root root  27298 Dec 10 11:33 Makefile
-rw-r--r--. 1 root root961 Oct 11 18:39 Makefile.am
-rw-r--r--. 1 root root  27090 Oct 11 18:39 Makefile.in
-rwxr-xr-x. 1 root root   6872 Oct 11 18:39 missing
-rw-r--r--. 1 root root801 Oct 11 18:39 NOTES
-rw-r--r--. 1 root root  17243 Oct 11 18:39 README
-rw-r--r--. 1 root root   3327 Oct 11 18:39 README.win32
drwxr

Re: [cas-user] mod_auth_cas 1.1

2016-12-10 Thread Uxío Prego

I’m sorry am noob and not yet used to think abstracted of our CAS deployments 
that use database ticket registries.

I do not know which part of the README says “this”.

"AH01998 connection closed to child i with abortive shutdown” reads like a 
pretty standard message, searching it jumps to 
http://stackoverflow.com/questions/683149/apache-ssl-error-336027900 and from 
there to https://wiki.apache.org/httpd/InternalDummyConnection, which makes a 
hint on the web server configuration, have you tried that?

Sideways, yours is a pretty old *unsupported* CAS server dated from March 2014 
not receiving security updates anymore, so you if you have not yet, you should 
consider urging your product owner, scrum master and the backing development 
team to migrate your customers’ installations to CAS 4 or 5.

Hope that helped. Regards,

> On 10 Dec 2016, at 19:10, Chris Cheltenham <cchelten...@swaintechs.com> wrote:
> 
> Uxio,
>  
> Just for some more details.
>  
> The httpd log says this:
> [Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] 
> ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] 
> AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in 
> browser?!]
> [Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client 
> 10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive 
> shutdown (server test.dcis.hhs.gov:443 <http://test.dcis.hhs.gov:443/>)
>  
> The mod_auth_cas 1.1  READ ME says this which worries me.
>  
> 
> KNOWN LIMITATIONS
> 
> These limitations are known to exists in this release of the software:
>  
> * CAS Proxy Validation is not implemented in this version.
>  
> From: Uxío Prego [mailto:upr...@madiva.com] 
> Sent: Saturday, December 10, 2016 1:02 PM
> To: CAS Community
> Cc: David Lawson; Pathe Sow; Chris Cheltenham
> Subject: Re: [cas-user] mod_auth_cas 1.1
>  
> Have you discarded a misconfigured database problem?
>  
> Have you tried to `tailf` both the catalina.out log, the CAS runtime log/s, 
> and the web server's error and SSL error logs when reproducing this to try to 
> find more facts?
>  
> There is also the possibility to turn on hibernate SQL logging and increasing 
> the verbosity of the CAS runtime logs if at first sight you see nothing 
> interesting. If you can not repackage the web application archive, this 
> should be feasible with package manipulation techniques too.
>  
> Regards,
> 
> Uxío Prego
> 
> Madiva Soluciones
> Cl / Serrano Galvache 56 E Abedul 4
> 28033 Madrid
> 
> 917 56 84 94
> www.madiva.com <http://www.madiva.com/>
> 
> The activity of email inboxes can be systematically tracked by colleagues, 
> business partners and third parties. Turn off automatic loading of images to 
> hamper it.
>  
> 2016-12-10 17:41 GMT+01:00 Chris Cheltenham <cchelten...@swaintechs.com 
> <mailto:cchelten...@swaintechs.com>>:
> Hello everyone,
>  
> We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1
>  
> We are getting this error once we log into CAS.
>  
> Unauthorized
>  
> This server could not verify that you are authorized to access the document 
> requested. Either you supplied the wrong credentials (e.g., bad password), or 
> your browser doesn't understand how to supply the credentials required.
>  
> The URL has the ticket I there when we proxy to the CAS server.
>  
>  
> https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov
>  
> <https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov>
>  
> On other RHEL5 apache servers that work we see this in the URL
>  
> https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php 
> <https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php>
>  
>  
> The install seems to go well.
> See below
>  
> See any operating system documentation about shared libraries for
> more information, such as the ld(1) and ld.so(8) manual pages.
> --
> chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
> make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
> Making install in tests
> make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
> make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
> make[2]: Nothing to be done for `install-exec-am'.
> make[2]: Nothing to be done for `install-data-am'.
> make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
> make[1]: Leav

[cas-user] mod_auth_cas 1.1

2016-12-10 Thread Chris Cheltenham

Hello everyone,

We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1

We are getting this error once we log into CAS.

Unauthorized

This server could not verify that you are authorized to access the document 
requested. Either you supplied the wrong credentials (e.g., bad password), or 
your browser doesn't understand how to supply the credentials required.

The URL has the ticket I there when we proxy to the CAS server.


https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov

On other RHEL5 apache servers that work we see this in the URL

https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php


The install seems to go well.
See below

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
--
chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
Making install in tests
make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master'
make[1]: Leaving directory `/tmp/mod_auth_cas-master'
root@test-web:/tmp/mod_auth_cas-master > ls -l
total 1684
-rw-r--r--. 1 root root  42423 Oct 11 18:39 aclocal.m4
-rwxr-xr-x. 1 root root   7333 Oct 11 18:39 compile
-rwxr-xr-x. 1 root root  42938 Oct 11 18:39 config.guess
-rw-r--r--. 1 root root   5958 Dec 10 11:33 config.h
-rw-r--r--. 1 root root   5576 Oct 11 18:39 config.h.in
-rw-r--r--. 1 root root  60120 Dec 10 11:33 config.log
-rwxr-xr-x. 1 root root  60916 Dec 10 11:33 config.status
-rwxr-xr-x. 1 root root  36006 Oct 11 18:39 config.sub
-rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
-rw-r--r--. 1 root root   5083 Oct 11 18:39 configure.ac
-rwxr-xr-x. 1 root root  23566 Oct 11 18:39 depcomp
-rwxr-xr-x. 1 root root  14675 Oct 11 18:39 install-sh
-rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
-rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
drwxr-xr-x. 2 root root   4096 Oct 11 18:39 m4
-rw-r--r--. 1 root root  27298 Dec 10 11:33 Makefile
-rw-r--r--. 1 root root961 Oct 11 18:39 Makefile.am
-rw-r--r--. 1 root root  27090 Oct 11 18:39 Makefile.in
-rwxr-xr-x. 1 root root   6872 Oct 11 18:39 missing
-rw-r--r--. 1 root root801 Oct 11 18:39 NOTES
-rw-r--r--. 1 root root  17243 Oct 11 18:39 README
-rw-r--r--. 1 root root   3327 Oct 11 18:39 README.win32
drwxr-xr-x. 4 root root   4096 Dec 10 11:33 src
-rw-r--r--. 1 root root 23 Dec 10 11:33 stamp-h1
-rwxr-xr-x. 1 root root   4640 Oct 11 18:39 test-driver
drwxr-xr-x. 3 root root   4096 Dec 10 11:33 tests
root@test-web:/tmp/mod_auth_cas-master > ls -l 
/usr/lib64/httpd/modules/mod_auth_cas.so
-rwxr-xr-x. 1 root root 245800 Dec 10 11:33 
/usr/lib64/httpd/modules/mod_auth_cas.so
root@test-web:/tmp/mod_auth_cas-master > service httpd start
Redirecting to /bin/systemctl start  httpd.service
root@test-web:/tmp/mod_auth_cas-master > systemctl httpd status
Unknown operation 'httpd'.
root@test-web:/tmp/mod_auth_cas-master > systemctl status httpd
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor 
preset: disabled)
   Active: active (running) since Sat 2016-12-10 11:34:34 EST; 17s ago
 Docs: man:httpd(8)
   man:apachectl(8)
  Process: 10235 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, 
status=0/SUCCESS)
  Process: 29467 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, 
status=0/SUCCESS)
Main PID: 13258 (httpd)
   Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 
B/sec"
   CGroup: /system.slice/httpd.service
   ├─13258 /usr/sbin/httpd -DFOREGROUND
   ├─13260 /usr/sbin/httpd -DFOREGROUND
   ├─13262 /usr/sbin/httpd -DFOREGROUND
   ├─13263 /usr/sbin/httpd -DFOREGROUND
   ├─13264 /usr/sbin/httpd -DFOREGROUND
   ├─13265 /usr/sbin/httpd -DFOREGROUND
   └─13266 /usr/sbin/httpd -DFOREGROUND

Dec 10 11:34:34 test-web.dcis.hhs.gov systemd[1]: Starting The Apache HTTP 
Server...
Dec 10 11:34:34 test-web.dcis.hhs.gov systemd[1]: Started The Apache HTTP 
Server.
root@test-web:/tmp/mod_auth_cas-master >

Thank You;

Chris Cheltenham
cchelten...@swaintechs.com
SwainTechs
10 Walnut Grove Rd
Suite 110
Horsham, PA

484-502-4943


-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list

RE: [cas-user] mod_auth_cas 1.1-RC1

2015-12-20 Thread Chris Cheltenham

Matt,

I appreciate the RC1 update. However, I am slightly confused.
David Hawes puts put a version of mod_auth_cas 1.1 for apache 2.4 as well as 
others.

Are these all the same updates?
Are we supposed to spawn an allegiance with one particular version as opposed 
to another?
Maybe you are just putting out there for feedback and your package is 
independent from the rest?

Thanks

From: cas-user@apereo.org [mailto:cas-user@apereo.org] On Behalf Of Matt Smith
Sent: Saturday, December 19, 2015 2:58 PM
To: cas-user@apereo.org
Subject: [cas-user] mod_auth_cas 1.1-RC1

All,

I have just pushed and tagged Release Candidate 1 of mod_auth_cas v1.1 to the 
master branch of the mod_auth_cas project at 
https://github.com/jasig/mod_auth_cas .

This release includes support for Apache httpd 2.4 and several other bugfixes 
that have been used by many organizations for some time now.

We plan to release 1.1 shortly, but would love to get some testing and feedback 
(positive or negative) of the RC.  If you have the opportunity to do so, please 
open any issues you find on the GitHub site.

Thank you all,
-Matt

--
m...@forsetti.com<mailto:m...@forsetti.com>
PGP: E2144AD8
--
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org<mailto:cas-user+unsubscr...@apereo.org>.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] mod_auth_cas 1.1-RC1

2015-12-20 Thread Matt Smith

Hi Chris,

Good questions, and sorry for the confusion.  David Hawes is a member of
the mod_auth_cas team, and has supplied a significant majority of the
update and testing effort for the 1.1 release.  He and I (and others) do
most of our in-flight work in our private repositories (dhawes and
forsetti), and merge between ourselves before moving the code to the
official Jasig repository.  This RC1 is simply merging the code into the
authoritative Jasig repository for upcoming release.

https://github.com/Jasig/mod_auth_cas

-Matt


On Sun, Dec 20, 2015 at 8:55 AM, Chris Cheltenham <
cchelten...@swaintechs.com> wrote:

> Matt,
>
>
>
> I appreciate the RC1 update. However, I am slightly confused.
>
> David Hawes puts put a version of mod_auth_cas 1.1 for apache 2.4 as well
> as others.
>
>
>
> Are these all the same updates?
>
> Are we supposed to spawn an allegiance with one particular version as
> opposed to another?
>
> Maybe you are just putting out there for feedback and your package is
> independent from the rest?
>
>
>
> Thanks
>
>
>
> *From:* cas-user@apereo.org [mailto:cas-user@apereo.org] *On Behalf Of *Matt
> Smith
> *Sent:* Saturday, December 19, 2015 2:58 PM
> *To:* cas-user@apereo.org
> *Subject:* [cas-user] mod_auth_cas 1.1-RC1
>
>
>
> All,
>
>
>
> I have just pushed and tagged Release Candidate 1 of mod_auth_cas v1.1 to
> the master branch of the mod_auth_cas project at
> https://github.com/jasig/mod_auth_cas .
>
>
>
> This release includes support for Apache httpd 2.4 and several other
> bugfixes that have been used by many organizations for some time now.
>
>
>
> We plan to release 1.1 shortly, but would love to get some testing and
> feedback (positive or negative) of the RC.  If you have the opportunity to
> do so, please open any issues you find on the GitHub site.
>
>
>
> Thank you all,
>
> -Matt
>
>
>
> --
>
> m...@forsetti.com
> PGP: E2144AD8
>
> --
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
> .
>



-- 
m...@forsetti.com
PGP: E2144AD8

-- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.

Re: [cas-user] mod_auth_cas 1.1

RE: [cas-user] mod_auth_cas 1.1

Re: [cas-user] mod_auth_cas 1.1

RE: [cas-user] mod_auth_cas 1.1

Re: [cas-user] mod_auth_cas 1.1

RE: [cas-user] mod_auth_cas 1.1

RE: [cas-user] mod_auth_cas 1.1

Re: [cas-user] mod_auth_cas 1.1

[cas-user] mod_auth_cas 1.1

RE: [cas-user] mod_auth_cas 1.1-RC1

Re: [cas-user] mod_auth_cas 1.1-RC1

11 matches

Site Navigation

Mail list logo

Footer information