Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Mukunthini Jeyakumar 

Hi,

I'm getting the error only if I turn on CASValidateSAML and using the 
CASValidateURL with samilValidate endpoint.
Authorization Required

This server could not verify that you are authorized to access the document 
requested. Either you supplied the wrong credentials (e.g., bad password), 
or your browser doesn't understand how to supply the credentials required.

Thanks
Thini


>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/950eaed6-3748-4dd2-bcbc-8b5faf7c2b98%40apereo.org.

RE: [cas-user] Cas - Unauthorized

2018-02-08 Thread SCHILENS, JEREMIAH 
Hello,

I have a similar setup, though I’m using an F5 load balancer for ssl offload 
and using my own tomcat install instead of the embedded to serve the war file. 
These are the options I’ve found I needed, your mileage may vary:
cas.server.http.secure=ture
cas.server.httpProxy.enabled=true
cas.server.httpProxy.secure=true
cas.server.httpProxy.protocol=HTTP/1.1
cas.server.httpProxy.scheme=https
server.contextPath=/cas
server.port=8080
server.ssl.enabled=false

Jeremiah

From: ramakris...@teligenz.in [mailto:ramakris...@teligenz.in] On Behalf Of 
Ramakrishna G
Sent: Thursday, February 8, 2018 6:16 AM
To: cas-user@apereo.org
Subject: Re: [cas-user] Cas - Unauthorized

Hello Man H,

I am planning to use NGINX Load balancer over https. The load balancer takes 
care of redirecting to CAS Server and CAS client in http. Do you recommend this 
approach? If yes then how do I enable SSO over http?

For outside world it would be https but internally I am planning to communicate 
in http.

Thanks
Ramakrishna G

On Thu, Feb 8, 2018 at 4:35 PM, Man H 
mailto:info.ings...@gmail.com>> wrote:
You will have to install it in both but this is not a CA's issue you will find 
more information in stack overflow etc about SSL tomcat apache configuration.

If you install self signed certificate browser will challenge user to accept 
that as insecure.


El jueves, 8 de febrero de 2018, Ramakrishna G 
mailto:r...@tts.in>> escribió:
Hello,

I am using CAS on development server and soon I'll be shifting to production. I 
am using mod_auth_cas as client and I am running CAS server and CAS Client in 
same machine. Should I create certificates for both tomcat(CAS Server) and 
apache(CAS Client) or only tomcat(keystore) is fine?

In mod_auth_cas which certificates does this CASCertificatePath refer to?

How do I create self signed certificates for both CAS Server and CAS Client?

It would be helpful if someone clarify me on this.



On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G mailto:r...@tts.in>> 
wrote:
Yes. I am just using at my development server. When releasing to production 
I'll get a valid SSL Certificate.

Thanks
Ramakrishna G

On Tue, Feb 6, 2018 at 6:36 PM, Man H 
mailto:info.ings...@gmail.com>> wrote:
There is a potential security risk in doing this .
CA's needs SSL in order to function safely with SSO.


El martes, 6 de febrero de 2018, Ramakrishna G 
mailto:r...@tts.in>> escribió:
Hi Mukunthini Jeyakumar,

To resolve this error you need have a valid SSL certificate signed by CA. If 
you don't have you can just disable SSL in cas.properties file.


server.ssl.enabled= false
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location: file:/etc/cas/services

in somename.json inside /etc/cas/services folder

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(http|https|imaps)://.*",
  "name": "HTTPS/IMAPS wildcard",
  "id": 20170905111650,
  "evaluationOrder": 9
}
and enable http in services. Also comment all CASValidateSAML in client side. 
Now you are good to access over http which will solve the problem.

Thanks
Ramakrishna

On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar 
mailto:mukunth...@gmail.com>> wrote:

Hi Ramakrishna,

have you find the way to resolve the issue? I'm having the same

Thanks
Thini
Other recipients:
Ramakrishna, Perhaps there is something not right with your client application 
config? Is it running on 
https://192.168.111.118:8443<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2F192.168.111.118%3A8443&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=n%2BQJqHbkrT4msqsTnZg3nwZnZACHz1wiGz53MR3uorI%3D&reserved=0>
 or is that CAS? Multiple service tickets in the URL suggests that the request 
is being redirected to CAS multiple
[  ]
--
- Website: 
https://apereo.github.io/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=a4gqZQIOIVOCiryMeIpJHAmVgVEirBkjAZm1sx24das%3D&reserved=0>
- Gitter Chatroom: 
https://gitter.im/apereo/cas<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitter.im%2Fapereo%2Fcas&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=YSBNxacKJpsiI33nnk7OAUdBoALMUXWP3AEa2sshDN0%3D&reserved=0>
- List Guidelines: 
https://goo.gl/1VRrw7<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=01%7C01%7Cjschilen%40kent.edu%7Cb86de13e0f084c9efc8a08d56ee55668%7C51e321d7b5984fe6bee48ebebf844409%7C1&sdata=QnMaxlS54XcF%2BGGryIxx3rdIAFrVcI%2BOrniE6vBniOU%3D&reserved=0>
- Contribut

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H 
You could do that in previous versions < 4.1 o 4.2 I am not sure

El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:

> Hello Man H,
>
> I am planning to use NGINX Load balancer over https. The load balancer
> takes care of redirecting to CAS Server and CAS client in *http*. Do you
> recommend this approach? If yes then how do I enable SSO over http?
>
> For outside world it would be https but internally I am planning to
> communicate in http.
>
> Thanks
> Ramakrishna G
>
> On Thu, Feb 8, 2018 at 4:35 PM, Man H  wrote:
>
>> You will have to install it in both but this is not a CA's issue you will
>> find more information in stack overflow etc about SSL tomcat apache
>> configuration.
>>
>> If you install self signed certificate browser will challenge user to
>> accept that as insecure.
>>
>>
>> El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:
>>
>>> Hello,
>>>
>>> I am using CAS on development server and soon I'll be shifting to
>>> production. I am using mod_auth_cas as client and I am running CAS server
>>> and CAS Client in same machine. Should I create certificates for both
>>> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?
>>>
>>> In mod_auth_cas which certificates does this *CASCertificatePath* refer
>>> to?
>>>
>>> How do I create self signed certificates for both CAS Server and CAS
>>> Client?
>>>
>>> It would be helpful if someone clarify me on this.
>>>
>>>
>>>
>>> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G  wrote:
>>>
 Yes. I am just using at my development server. When releasing to
 production I'll get a valid SSL Certificate.

 Thanks
 Ramakrishna G

 On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:

> There is a potential security risk in doing this .
> CA's needs SSL in order to function safely with SSO.
>
>
> El martes, 6 de febrero de 2018, Ramakrishna G  escribió:
>
>> Hi Mukunthini Jeyakumar,
>>
>> To resolve this error you need have a valid SSL certificate signed by
>> CA. If you don't have you can just disable SSL in cas.properties file.
>>
>> server.ssl.enabled= false
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.config.location: file:/etc/cas/services
>>
>> in somename.json inside /etc/cas/services folder
>>
>> {
>>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId": "^(*http|*https|imaps)://.*",
>>   "name": "HTTPS/IMAPS wildcard",
>>   "id": 20170905111650,
>>   "evaluationOrder": 9
>> }
>> and enable http in services. Also comment all CASValidateSAML in
>> client side. Now you are good to access over http which will solve the
>> problem.
>>
>> Thanks
>> Ramakrishna
>>
>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
>> mukunth...@gmail.com> wrote:
>>
>>> Hi Ramakrishna,
>>>
>>> have you find the way to resolve the issue? I'm having the same
>>>
>>> Thanks
>>> Thini
>>> Other recipients:
>>> Ramakrishna, Perhaps there is something not right with your client
>>> application config? Is it running on https://192.168.111.118:8443
>>> or is that CAS? Multiple service tickets in the URL suggests that the
>>> request is being redirected to CAS multiple
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f
>>> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org
>>> 
>>> .
>>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGS
>> T5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
>> 
>> .
>

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H 
Its not possible CA's won't work in SSO if it's over http


El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:

> Hello Man H,
>
> I am planning to use NGINX Load balancer over https. The load balancer
> takes care of redirecting to CAS Server and CAS client in *http*. Do you
> recommend this approach? If yes then how do I enable SSO over http?
>
> For outside world it would be https but internally I am planning to
> communicate in http.
>
> Thanks
> Ramakrishna G
>
> On Thu, Feb 8, 2018 at 4:35 PM, Man H  wrote:
>
>> You will have to install it in both but this is not a CA's issue you will
>> find more information in stack overflow etc about SSL tomcat apache
>> configuration.
>>
>> If you install self signed certificate browser will challenge user to
>> accept that as insecure.
>>
>>
>> El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:
>>
>>> Hello,
>>>
>>> I am using CAS on development server and soon I'll be shifting to
>>> production. I am using mod_auth_cas as client and I am running CAS server
>>> and CAS Client in same machine. Should I create certificates for both
>>> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?
>>>
>>> In mod_auth_cas which certificates does this *CASCertificatePath* refer
>>> to?
>>>
>>> How do I create self signed certificates for both CAS Server and CAS
>>> Client?
>>>
>>> It would be helpful if someone clarify me on this.
>>>
>>>
>>>
>>> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G  wrote:
>>>
 Yes. I am just using at my development server. When releasing to
 production I'll get a valid SSL Certificate.

 Thanks
 Ramakrishna G

 On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:

> There is a potential security risk in doing this .
> CA's needs SSL in order to function safely with SSO.
>
>
> El martes, 6 de febrero de 2018, Ramakrishna G  escribió:
>
>> Hi Mukunthini Jeyakumar,
>>
>> To resolve this error you need have a valid SSL certificate signed by
>> CA. If you don't have you can just disable SSL in cas.properties file.
>>
>> server.ssl.enabled= false
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.config.location: file:/etc/cas/services
>>
>> in somename.json inside /etc/cas/services folder
>>
>> {
>>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId": "^(*http|*https|imaps)://.*",
>>   "name": "HTTPS/IMAPS wildcard",
>>   "id": 20170905111650,
>>   "evaluationOrder": 9
>> }
>> and enable http in services. Also comment all CASValidateSAML in
>> client side. Now you are good to access over http which will solve the
>> problem.
>>
>> Thanks
>> Ramakrishna
>>
>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
>> mukunth...@gmail.com> wrote:
>>
>>> Hi Ramakrishna,
>>>
>>> have you find the way to resolve the issue? I'm having the same
>>>
>>> Thanks
>>> Thini
>>> Other recipients:
>>> Ramakrishna, Perhaps there is something not right with your client
>>> application config? Is it running on https://192.168.111.118:8443
>>> or is that CAS? Multiple service tickets in the URL suggests that the
>>> request is being redirected to CAS multiple
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it,
>>> send an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f
>>> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org
>>> 
>>> .
>>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGS
>> T5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
>> 
>> .
>>

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Ramakrishna G 
Hello Man H,

I am planning to use NGINX Load balancer over https. The load balancer
takes care of redirecting to CAS Server and CAS client in *http*. Do you
recommend this approach? If yes then how do I enable SSO over http?

For outside world it would be https but internally I am planning to
communicate in http.

Thanks
Ramakrishna G

On Thu, Feb 8, 2018 at 4:35 PM, Man H  wrote:

> You will have to install it in both but this is not a CA's issue you will
> find more information in stack overflow etc about SSL tomcat apache
> configuration.
>
> If you install self signed certificate browser will challenge user to
> accept that as insecure.
>
>
> El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:
>
>> Hello,
>>
>> I am using CAS on development server and soon I'll be shifting to
>> production. I am using mod_auth_cas as client and I am running CAS server
>> and CAS Client in same machine. Should I create certificates for both
>> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?
>>
>> In mod_auth_cas which certificates does this *CASCertificatePath* refer
>> to?
>>
>> How do I create self signed certificates for both CAS Server and CAS
>> Client?
>>
>> It would be helpful if someone clarify me on this.
>>
>>
>>
>> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G  wrote:
>>
>>> Yes. I am just using at my development server. When releasing to
>>> production I'll get a valid SSL Certificate.
>>>
>>> Thanks
>>> Ramakrishna G
>>>
>>> On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:
>>>
 There is a potential security risk in doing this .
 CA's needs SSL in order to function safely with SSO.


 El martes, 6 de febrero de 2018, Ramakrishna G  escribió:

> Hi Mukunthini Jeyakumar,
>
> To resolve this error you need have a valid SSL certificate signed by
> CA. If you don't have you can just disable SSL in cas.properties file.
>
> server.ssl.enabled= false
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.config.location: file:/etc/cas/services
>
> in somename.json inside /etc/cas/services folder
>
> {
>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId": "^(*http|*https|imaps)://.*",
>   "name": "HTTPS/IMAPS wildcard",
>   "id": 20170905111650,
>   "evaluationOrder": 9
> }
> and enable http in services. Also comment all CASValidateSAML in
> client side. Now you are good to access over http which will solve the
> problem.
>
> Thanks
> Ramakrishna
>
> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
> mukunth...@gmail.com> wrote:
>
>> Hi Ramakrishna,
>>
>> have you find the way to resolve the issue? I'm having the same
>>
>> Thanks
>> Thini
>> Other recipients:
>> Ramakrishna, Perhaps there is something not right with your client
>> application config? Is it running on https://192.168.111.118:8443 or
>> is that CAS? Multiple service tickets in the URL suggests that the 
>> request
>> is being redirected to CAS multiple
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google
>> Groups "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it,
>> send an email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f
>> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org
>> 
>> .
>>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGS
> T5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
> 
> .
>
 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you ar

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Man H 
You will have to install it in both but this is not a CA's issue you will
find more information in stack overflow etc about SSL tomcat apache
configuration.

If you install self signed certificate browser will challenge user to
accept that as insecure.

El jueves, 8 de febrero de 2018, Ramakrishna G  escribió:

> Hello,
>
> I am using CAS on development server and soon I'll be shifting to
> production. I am using mod_auth_cas as client and I am running CAS server
> and CAS Client in same machine. Should I create certificates for both
> tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?
>
> In mod_auth_cas which certificates does this *CASCertificatePath* refer
> to?
>
> How do I create self signed certificates for both CAS Server and CAS
> Client?
>
> It would be helpful if someone clarify me on this.
>
>
>
> On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G  wrote:
>
>> Yes. I am just using at my development server. When releasing to
>> production I'll get a valid SSL Certificate.
>>
>> Thanks
>> Ramakrishna G
>>
>> On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:
>>
>>> There is a potential security risk in doing this .
>>> CA's needs SSL in order to function safely with SSO.
>>>
>>>
>>> El martes, 6 de febrero de 2018, Ramakrishna G  escribió:
>>>
 Hi Mukunthini Jeyakumar,

 To resolve this error you need have a valid SSL certificate signed by
 CA. If you don't have you can just disable SSL in cas.properties file.

 server.ssl.enabled= false
 cas.serviceRegistry.initFromJson=true
 cas.serviceRegistry.config.location: file:/etc/cas/services

 in somename.json inside /etc/cas/services folder

 {
   "@class": "org.apereo.cas.services.RegexRegisteredService",
   "serviceId": "^(*http|*https|imaps)://.*",
   "name": "HTTPS/IMAPS wildcard",
   "id": 20170905111650,
   "evaluationOrder": 9
 }
 and enable http in services. Also comment all CASValidateSAML in
 client side. Now you are good to access over http which will solve the
 problem.

 Thanks
 Ramakrishna

 On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
 mukunth...@gmail.com> wrote:

> Hi Ramakrishna,
>
> have you find the way to resolve the issue? I'm having the same
>
> Thanks
> Thini
> Other recipients:
> Ramakrishna, Perhaps there is something not right with your client
> application config? Is it running on https://192.168.111.118:8443 or
> is that CAS? Multiple service tickets in the URL suggests that the request
> is being redirected to CAS multiple
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google
> Groups "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f
> 4046-95d5-40a1-870e-492fca9db3fd%40apereo.org
> 
> .
>

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/ap
 ereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyF
 i5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
 
 .

>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S
>>> 0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com
>>>

Re: [cas-user] Cas - Unauthorized

2018-02-08 Thread Ramakrishna G 
Hello,

I am using CAS on development server and soon I'll be shifting to
production. I am using mod_auth_cas as client and I am running CAS server
and CAS Client in same machine. Should I create certificates for both
tomcat(CAS Server) and apache(CAS Client) or only tomcat(keystore) is fine?

In mod_auth_cas which certificates does this *CASCertificatePath* refer to?

How do I create self signed certificates for both CAS Server and CAS Client?

It would be helpful if someone clarify me on this.



On Tue, Feb 6, 2018 at 7:21 PM, Ramakrishna G  wrote:

> Yes. I am just using at my development server. When releasing to
> production I'll get a valid SSL Certificate.
>
> Thanks
> Ramakrishna G
>
> On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:
>
>> There is a potential security risk in doing this .
>> CA's needs SSL in order to function safely with SSO.
>>
>>
>> El martes, 6 de febrero de 2018, Ramakrishna G  escribió:
>>
>>> Hi Mukunthini Jeyakumar,
>>>
>>> To resolve this error you need have a valid SSL certificate signed by
>>> CA. If you don't have you can just disable SSL in cas.properties file.
>>>
>>> server.ssl.enabled= false
>>> cas.serviceRegistry.initFromJson=true
>>> cas.serviceRegistry.config.location: file:/etc/cas/services
>>>
>>> in somename.json inside /etc/cas/services folder
>>>
>>> {
>>>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>>>   "serviceId": "^(*http|*https|imaps)://.*",
>>>   "name": "HTTPS/IMAPS wildcard",
>>>   "id": 20170905111650,
>>>   "evaluationOrder": 9
>>> }
>>> and enable http in services. Also comment all CASValidateSAML in client
>>> side. Now you are good to access over http which will solve the problem.
>>>
>>> Thanks
>>> Ramakrishna
>>>
>>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
>>> mukunth...@gmail.com> wrote:
>>>
 Hi Ramakrishna,

 have you find the way to resolve the issue? I'm having the same

 Thanks
 Thini
 Other recipients:
 Ramakrishna, Perhaps there is something not right with your client
 application config? Is it running on https://192.168.111.118:8443 or
 is that CAS? Multiple service tickets in the URL suggests that the request
 is being redirected to CAS multiple

 --
 - Website: https://apereo.github.io/cas
 - Gitter Chatroom: https://gitter.im/apereo/cas
 - List Guidelines: https://goo.gl/1VRrw7
 - Contributions: https://goo.gl/mh7qDG
 ---
 You received this message because you are subscribed to the Google
 Groups "CAS Community" group.
 To unsubscribe from this group and stop receiving emails from it, send
 an email to cas-user+unsubscr...@apereo.org.
 To view this discussion on the web visit https://groups.google.com/a/ap
 ereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3
 fd%40apereo.org
 
 .

>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyF
>>> i5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
>>> 
>>> .
>>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S
>> 0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com
>> 
>> .
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on

Re: [cas-user] Cas - Unauthorized

2018-02-06 Thread Ramakrishna G 
Yes. I am just using at my development server. When releasing to production
I'll get a valid SSL Certificate.

Thanks
Ramakrishna G

On Tue, Feb 6, 2018 at 6:36 PM, Man H  wrote:

> There is a potential security risk in doing this .
> CA's needs SSL in order to function safely with SSO.
>
>
> El martes, 6 de febrero de 2018, Ramakrishna G  escribió:
>
>> Hi Mukunthini Jeyakumar,
>>
>> To resolve this error you need have a valid SSL certificate signed by CA.
>> If you don't have you can just disable SSL in cas.properties file.
>>
>> server.ssl.enabled= false
>> cas.serviceRegistry.initFromJson=true
>> cas.serviceRegistry.config.location: file:/etc/cas/services
>>
>> in somename.json inside /etc/cas/services folder
>>
>> {
>>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>>   "serviceId": "^(*http|*https|imaps)://.*",
>>   "name": "HTTPS/IMAPS wildcard",
>>   "id": 20170905111650,
>>   "evaluationOrder": 9
>> }
>> and enable http in services. Also comment all CASValidateSAML in client
>> side. Now you are good to access over http which will solve the problem.
>>
>> Thanks
>> Ramakrishna
>>
>> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
>> mukunth...@gmail.com> wrote:
>>
>>> Hi Ramakrishna,
>>>
>>> have you find the way to resolve the issue? I'm having the same
>>>
>>> Thanks
>>> Thini
>>> Other recipients:
>>> Ramakrishna, Perhaps there is something not right with your client
>>> application config? Is it running on https://192.168.111.118:8443 or is
>>> that CAS? Multiple service tickets in the URL suggests that the request is
>>> being redirected to CAS multiple
>>>
>>> --
>>> - Website: https://apereo.github.io/cas
>>> - Gitter Chatroom: https://gitter.im/apereo/cas
>>> - List Guidelines: https://goo.gl/1VRrw7
>>> - Contributions: https://goo.gl/mh7qDG
>>> ---
>>> You received this message because you are subscribed to the Google
>>> Groups "CAS Community" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to cas-user+unsubscr...@apereo.org.
>>> To view this discussion on the web visit https://groups.google.com/a/ap
>>> ereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3
>>> fd%40apereo.org
>>> 
>>> .
>>>
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyF
>> i5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
>> 
>> .
>>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--
> cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P_n_nXfgGXGasouJmc7GJ1OAGsF7QGVR1T5tZrcoj9Wug%40mail.gmail.com.

Re: [cas-user] Cas - Unauthorized

2018-02-06 Thread Man H 
There is a potential security risk in doing this .
CA's needs SSL in order to function safely with SSO.

El martes, 6 de febrero de 2018, Ramakrishna G  escribió:

> Hi Mukunthini Jeyakumar,
>
> To resolve this error you need have a valid SSL certificate signed by CA.
> If you don't have you can just disable SSL in cas.properties file.
>
> server.ssl.enabled= false
> cas.serviceRegistry.initFromJson=true
> cas.serviceRegistry.config.location: file:/etc/cas/services
>
> in somename.json inside /etc/cas/services folder
>
> {
>   "@class": "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId": "^(*http|*https|imaps)://.*",
>   "name": "HTTPS/IMAPS wildcard",
>   "id": 20170905111650,
>   "evaluationOrder": 9
> }
> and enable http in services. Also comment all CASValidateSAML in client
> side. Now you are good to access over http which will solve the problem.
>
> Thanks
> Ramakrishna
>
> On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar <
> mukunth...@gmail.com> wrote:
>
>> Hi Ramakrishna,
>>
>> have you find the way to resolve the issue? I'm having the same
>>
>> Thanks
>> Thini
>> Other recipients:
>> Ramakrishna, Perhaps there is something not right with your client
>> application config? Is it running on https://192.168.111.118:8443 or is
>> that CAS? Multiple service tickets in the URL suggests that the request is
>> being redirected to CAS multiple
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to cas-user+unsubscr...@apereo.org.
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3
>> fd%40apereo.org
>> 
>> .
>>
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%
> 2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAMY5mid7QwWxyMyxH-i2veHJx--cCL71S0fNt-%3DVkdkv%2BRF3nw%40mail.gmail.com.

Re: [cas-user] Cas - Unauthorized

2018-02-05 Thread Ramakrishna G 
Hi Mukunthini Jeyakumar,

To resolve this error you need have a valid SSL certificate signed by CA.
If you don't have you can just disable SSL in cas.properties file.

server.ssl.enabled= false
cas.serviceRegistry.initFromJson=true
cas.serviceRegistry.config.location: file:/etc/cas/services

in somename.json inside /etc/cas/services folder

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(*http|*https|imaps)://.*",
  "name": "HTTPS/IMAPS wildcard",
  "id": 20170905111650,
  "evaluationOrder": 9
}
and enable http in services. Also comment all CASValidateSAML in client
side. Now you are good to access over http which will solve the problem.

Thanks
Ramakrishna

On Tue, Feb 6, 2018 at 12:21 AM, Mukunthini Jeyakumar 
wrote:

> Hi Ramakrishna,
>
> have you find the way to resolve the issue? I'm having the same
>
> Thanks
> Thini
> Other recipients:
> Ramakrishna, Perhaps there is something not right with your client
> application config? Is it running on https://192.168.111.118:8443 or is
> that CAS? Multiple service tickets in the URL suggests that the request is
> being redirected to CAS multiple
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-
> 492fca9db3fd%40apereo.org
> 
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P89Z-F6U161br1ymQ79_V%2BbvyFi5fkSKLx1R%3DX9yOLe1g%40mail.gmail.com.

Re: [cas-user] Cas - Unauthorized

2018-02-05 Thread Mukunthini Jeyakumar 


Hi Ramakrishna,

have you find the way to resolve the issue? I'm having the same

Thanks
Thini
Other recipients: 
Ramakrishna, Perhaps there is something not right with your client 
application config? Is it running on https://192.168.111.118:8443 or is 
that CAS? Multiple service tickets in the URL suggests that the request is 
being redirected to CAS multiple 

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf0f4046-95d5-40a1-870e-492fca9db3fd%40apereo.org.

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ray Bon 
Ramakrishna,

Perhaps there is something not right with your client application config? Is it 
running on https://192.168.111.118:8443 or is that CAS?

Multiple service tickets in the URL suggests that the request is being 
redirected to CAS multiple times.

Ray

On Fri, 2018-01-26 at 16:49 +0530, Ramakrishna G wrote:
Hi ,

Now I think I resolved certificate issue. But I am getting this error


[Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878] 
mod_authz_core.c(809): [client 
192.168.111.118:62974] AH01626: authorization 
result of Require valid-user : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878] 
mod_authz_core.c(809): [client 
192.168.111.118:62974] AH01626: authorization 
result of : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(2076): [client 
192.168.111.118:62974] Entering cas_authenticate()

[Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(656): [client 
192.168.111.118:62974] Modified r->args (now 
'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')

[Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1779): [client 
192.168.111.118:62974] entering 
getResponseFromServer()

[Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(584): [client 
192.168.111.118:62974] CAS Service 
'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'

[Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1856): [client 
192.168.111.118:62974] Validation response: 
HTTP Status 406 \xe2\x80\x93 Not 
Acceptableh1 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
 h2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
 h3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
 body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} 
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
 a {color:black;} a.name<http://a.name> {color:black;} .line 
{height:1px;background-color:#525D76;border:none;}HTTP 
Status 406 \xe2\x80\x93 Not AcceptableType 
Status ReportDescription The target resource does not have a 
current representation that would be acceptable to the user agent, according to 
the proactive negotiation header fields received in the request, and the server 
is unwilling to supply a default representation.Apache Tomcat/8.5.24

[Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1440): [client 
192.168.111.118:62974] entering isValidCASTicket()

[Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878] 
mod_auth_cas.c(1446): [client 
192.168.111.118:62974] MOD_AUTH_CAS: response = 
HTTP Status 406 \xe2\x80\x93 Not 
Acceptableh1 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
 h2 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
 h3 
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
 body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} 
b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p 
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
 a {color:black;} a.name<http://a.name> {color:black;} .line 
{height:1px;background-color:#525D76;border:none;}HTTP 
Status 406 \xe2\x80\x93 Not AcceptableType 
Status ReportDescription The target resource does not have a 
current representation that would be acceptable to the user agent, according to 
the proactive negotiation header fields received in the request, and the server 
is unwilling to supply a default representation.Apache Tomcat/8.5.24

[Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client 
192.168.111.118:62974] MOD_AUTH_CAS: error 
parsing CASv2 response: XML parser error code: syntax error (2)

[Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205] 
mod_authz_core.c(809): [client 
192.168.111.118:62976] AH01626: authorization 
result of Require valid-user : denied (no authenticated user yet), referer: 
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMe

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread David Hawes 
It looks like you're using a serviceValidate endpoint with SAML
validation. Comment out the CASValidateSAML lines and try again.

Alternatively, keep the setting on and use a samlValidate endpoint.

On Fri, Jan 26, 2018 at 6:19 AM, Ramakrishna G  wrote:
> Hi ,
>
> Now I think I resolved certificate issue. But I am getting this error
>
> [Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878]
> mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet)
>
> [Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878]
> mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626: authorization
> result of : denied (no authenticated user yet)
>
> [Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(2076): [client 192.168.111.118:62974] Entering
> cas_authenticate()
>
> [Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(656): [client 192.168.111.118:62974] Modified r->args (now
> 'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')
>
> [Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1779): [client 192.168.111.118:62974] entering
> getResponseFromServer()
>
> [Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(584): [client 192.168.111.118:62974] CAS Service
> 'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'
>
> [Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1856): [client 192.168.111.118:62974] Validation response:
> HTTP Status 406 \xe2\x80\x93 Not
> Acceptableh1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> h2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> h3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> body
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> p
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
> a {color:black;} a.name {color:black;} .line
> {height:1px;background-color:#525D76;border:none;}HTTP
> Status 406 \xe2\x80\x93 Not AcceptableType
> Status ReportDescription The target resource does not have a
> current representation that would be acceptable to the user agent, according
> to the proactive negotiation header fields received in the request, and the
> server is unwilling to supply a default representation. />Apache Tomcat/8.5.24
>
> [Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1440): [client 192.168.111.118:62974] entering
> isValidCASTicket()
>
> [Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878]
> mod_auth_cas.c(1446): [client 192.168.111.118:62974] MOD_AUTH_CAS: response
> = HTTP Status 406 \xe2\x80\x93
> Not Acceptableh1
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
> h2
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
> h3
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
> body
> {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
> {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
> p
> {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
> a {color:black;} a.name {color:black;} .line
> {height:1px;background-color:#525D76;border:none;}HTTP
> Status 406 \xe2\x80\x93 Not AcceptableType
> Status ReportDescription The target resource does not have a
> current representation that would be acceptable to the user agent, according
> to the proactive negotiation header fields received in the request, and the
> server is unwilling to supply a default representation. />Apache Tomcat/8.5.24
>
> [Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client
> 192.168.111.118:62974] MOD_AUTH_CAS: error parsing CASv2 response: XML
> parser error code: syntax error (2)
>
> [Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205]
> mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626: authorization
> result of Require valid-user : denied (no authenticated user yet), referer:
> https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client
>
> [Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205]
> mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626: authorization
> result of : denied (no authenticated user yet), referer:
> https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3Da

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G 
Hi David,

As suggested I enabled Debug Mode. Error what I got to..


[Thu Jan 25 17:53:01.512443 2018] [ssl:info] [pid 28180] SSL Library Error:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking
HTTP to HTTPS port!?

[Thu Jan 25 17:53:01.940036 2018] [ssl:info] [pid 28181] [client
192.168.111.84:62057] AH01964: Connection to child 1 established (server
192.168.111.12:443)

[Thu Jan 25 17:53:01.940406 2018] [ssl:info] [pid 28181] [client
192.168.111.84:62057] AH01996: SSL handshake failed: HTTP spoken on HTTPS
port; trying to send HTML error page

[Thu Jan 25 17:53:01.940458 2018] [ssl:info] [pid 28181] SSL Library Error:
error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request -- speaking
HTTP to HTTPS port!?

[Thu Jan 25 17:53:13.796431 2018] [ssl:info] [pid 28182] [client
192.168.111.84:62058] AH01964: Connection to child 2 established (server
192.168.111.12:443)

[Thu Jan 25 17:53:13.796782 2018] [ssl:debug] [pid 28182]
ssl_engine_io.c(1202): (70014)End of file found: [client
192.168.111.84:62058] AH02007: SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]

[Thu Jan 25 17:53:13.796815 2018] [ssl:info] [pid 28182] [client
192.168.111.84:62058] AH01998: Connection closed to child 2 with abortive
shutdown (server 192.168.111.12:443)

~


LoadModule auth_cas_module modules/mod_auth_cas.so

CASCookiePath /var/cache/mod_auth_cas/

CASCertificatePath  /etc/ssl/certs/

CASLoginURL https://192.168.111.12:9443/cas/login

CASRootProxiedAs https://192.168.111.12

CASValidateURL https://192.168.111.12:9443/cas/serviceValidate

#CASProxyValidateURL https://192.168.111.12:9443/cas/proxyValidate

CASDebug On

LogLevel debug

CASValidateSAML On

CASVersion 2

#CASValidateServer off

#CASAllowWildcardCert off

CASTimeout 86400

CASIdleTimeout 7200

CASSSOEnabled On

#LogLevel debug




DocumentRoot "/var/www/html/"

ServerName 192.168.111.12

CASValidateSAML On

LogLevel debug

ErrorLog /var/log/cas_error_log

CustomLog /var/log/cas_access_log combined

# Other directives here

#AuthType CAS

#require valid-user






 AllowOverride

 Order allow,deny

 Allow from all

 Authtype CAS

 require valid-user

 Allow from env=no_cas_use

 #Satisfy Any

   # require cas-attribute edupersonaffiliation:staff




What am I missing?


Thankyou

Ramakrishna



On Thu, Jan 25, 2018 at 10:45 PM, David Hawes  wrote:

> On 23 January 2018 at 08:52, Ramakrishna G 
> wrote:
> > Unauthorized
> >
> > This server could not verify that you are authorized to access the
> document
> > requested. Either you supplied the wrong credentials (e.g., bad
> password),
> > or your browser doesn't understand how to supply the credentials
> required.
> >
> >
> > Ticket is generated but says the above error. I am using mod_auth_cas in
> > Apache server.
>
> Set:
>
> LogLevel debug
> CASDebug On
>
> and check your error logs. You should have information as to why you
> get this error.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/CAAgu-wCcoYC-Sg4V3dE6hOxi-
> 0QqiaJWm44xo9PuDhAt%2Br8wxA%40mail.gmail.com.
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P8tnG9M%2BJH%2B3UJpMYmpTNMK11qyBs_tb9crh_-76jpZ8A%40mail.gmail.com.

Re: [cas-user] Cas - Unauthorized

2018-01-30 Thread Ramakrishna G 
Hi ,

Now I think I resolved certificate issue. But I am getting this error

[Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet)

[Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of : denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(2076): [client 192.168.111.118:62974] Entering
cas_authenticate()

[Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(656): [client 192.168.111.118:62974] Modified r->args (now
'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')

[Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1779): [client 192.168.111.118:62974] entering
getResponseFromServer()

[Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(584): [client 192.168.111.118:62974] CAS Service
'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'

[Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1856): [client 192.168.111.118:62974] Validation response:
HTTP Status 406 \xe2\x80\x93
Not Acceptableh1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 406 \xe2\x80\x93 Not AcceptableType Status ReportDescription The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.Apache
Tomcat/8.5.24

[Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1440): [client 192.168.111.118:62974] entering
isValidCASTicket()

[Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1446): [client 192.168.111.118:62974] MOD_AUTH_CAS: response
= HTTP Status 406 \xe2\x80\x93
Not Acceptableh1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}HTTP
Status 406 \xe2\x80\x93 Not AcceptableType Status ReportDescription The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.Apache
Tomcat/8.5.24

[Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client
192.168.111.118:62974] MOD_AUTH_CAS: error parsing CASv2 response: XML
parser error code: syntax error (2)

[Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of : denied (no authenticated user yet),
referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524022 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(2076): [client 192.168.111.118:62976] Entering
cas_authenticate(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22

Re: [cas-user] Cas - Unauthorized

2018-01-25 Thread David Hawes 
On 23 January 2018 at 08:52, Ramakrishna G  wrote:
> Unauthorized
>
> This server could not verify that you are authorized to access the document
> requested. Either you supplied the wrong credentials (e.g., bad password),
> or your browser doesn't understand how to supply the credentials required.
>
>
> Ticket is generated but says the above error. I am using mod_auth_cas in
> Apache server.

Set:

LogLevel debug
CASDebug On

and check your error logs. You should have information as to why you
get this error.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wCcoYC-Sg4V3dE6hOxi-0QqiaJWm44xo9PuDhAt%2Br8wxA%40mail.gmail.com.