Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Mukunthini Jeyakumar
Hi, I'm getting the error only if I turn on CASValidateSAML and using the CASValidateURL with samilValidate endpoint. Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), o

RE: [cas-user] Cas - Unauthorized

2018-02-08 Thread SCHILENS, JEREMIAH
, 2018 6:16 AM To: cas-user@apereo.org Subject: Re: [cas-user] Cas - Unauthorized Hello Man H, I am planning to use NGINX Load balancer over https. The load balancer takes care of redirecting to CAS Server and CAS client in http. Do you recommend this approach? If yes then how do I enable SSO over

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H
You could do that in previous versions < 4.1 o 4.2 I am not sure El jueves, 8 de febrero de 2018, Ramakrishna G escribió: > Hello Man H, > > I am planning to use NGINX Load balancer over https. The load balancer > takes care of redirecting to CAS Server and CAS client in *http*. Do you > recomme

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H
Its not possible CA's won't work in SSO if it's over http El jueves, 8 de febrero de 2018, Ramakrishna G escribió: > Hello Man H, > > I am planning to use NGINX Load balancer over https. The load balancer > takes care of redirecting to CAS Server and CAS client in *http*. Do you > recommend thi

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Ramakrishna G
Hello Man H, I am planning to use NGINX Load balancer over https. The load balancer takes care of redirecting to CAS Server and CAS client in *http*. Do you recommend this approach? If yes then how do I enable SSO over http? For outside world it would be https but internally I am planning to comm

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H
You will have to install it in both but this is not a CA's issue you will find more information in stack overflow etc about SSL tomcat apache configuration. If you install self signed certificate browser will challenge user to accept that as insecure. El jueves, 8 de febrero de 2018, Ramakrishna

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Ramakrishna G
Hello, I am using CAS on development server and soon I'll be shifting to production. I am using mod_auth_cas as client and I am running CAS server and CAS Client in same machine. Should I create certificates for both tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine? In m

Re: [cas-user] Cas - Unauthorized

2018-02-06 Thread Ramakrishna G
Yes. I am just using at my development server. When releasing to production I'll get a valid SSL Certificate. Thanks Ramakrishna G On Tue, Feb 6, 2018 at 6:36 PM, Man H wrote: > There is a potential security risk in doing this . > CA's needs SSL in order to function safely with SSO. > > > El ma

Re: [cas-user] Cas - Unauthorized

2018-02-06 Thread Man H
There is a potential security risk in doing this . CA's needs SSL in order to function safely with SSO. El martes, 6 de febrero de 2018, Ramakrishna G escribió: > Hi Mukunthini Jeyakumar, > > To resolve this error you need have a valid SSL certificate signed by CA. > If you don't have you can ju

Re: [cas-user] Cas - Unauthorized

2018-02-05 Thread Ramakrishna G
Hi Mukunthini Jeyakumar, To resolve this error you need have a valid SSL certificate signed by CA. If you don't have you can just disable SSL in cas.properties file. server.ssl.enabled= false cas.serviceRegistry.initFromJson=true cas.serviceRegistry.config.location: file:/etc/cas/services in som

Re: [cas-user] Cas - Unauthorized

2018-02-05 Thread Mukunthini Jeyakumar
Hi Ramakrishna, have you find the way to resolve the issue? I'm having the same Thanks Thini Other recipients: Ramakrishna, Perhaps there is something not right with your client application config? Is it running on https://192.168.111.118:8443 or is that CAS? Multiple service tickets in the

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ray Bon
Ramakrishna, Perhaps there is something not right with your client application config? Is it running on https://192.168.111.118:8443 or is that CAS? Multiple service tickets in the URL suggests that the request is being redirected to CAS multiple times. Ray On Fri, 2018-01-26 at 16:49 +0530,

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread David Hawes
It looks like you're using a serviceValidate endpoint with SAML validation. Comment out the CASValidateSAML lines and try again. Alternatively, keep the setting on and use a samlValidate endpoint. On Fri, Jan 26, 2018 at 6:19 AM, Ramakrishna G wrote: > Hi , > > Now I think I resolved certificate

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G
Hi David, As suggested I enabled Debug Mode. Error what I got to.. [Thu Jan 25 17:53:01.512443 2018] [ssl:info] [pid 28180] SSL Library Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking HTTP to HTTPS port!? [Thu Jan 25 17:53:01.940036 2018] [ssl:info] [pid 28181

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G
Hi , Now I think I resolved certificate issue. But I am getting this error [Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878] mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626: authorization result of Require valid-user : denied (no authenticated user yet) [Fri Jan 26 1

Re: [cas-user] Cas - Unauthorized

2018-01-25 Thread David Hawes
On 23 January 2018 at 08:52, Ramakrishna G wrote: > Unauthorized > > This server could not verify that you are authorized to access the document > requested. Either you supplied the wrong credentials (e.g., bad password), > or your browser doesn't understand how to supply the credentials required.