failed to connect my Apereo CAS 6.4 to Moodle this app is not authorize to use CAS
326 views
Skip to first unread message
Baba Ndiaye
Nov 3, 2021, 7:00:06 AM11/3/21
to CAS Community
Hi
i finally success to configure CAS with LDAP authentication but when i try to use it with moodle i always have this message.
Ray Bon
Nov 3, 2021, 12:14:31 PM11/3/21
to cas-...@apereo.org
Baba,
That message means that the service sent to cas/login does not match one in the service registry.
Check that your service regex will match including parameters in the service url.
Ray
On Wed, 2021-11-03 at 04:00 -0700, Baba Ndiaye wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
Hii finally success to configure CAS with LDAP authentication but when i try to use it with moodle i always have this message.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | rb...@uvic.ca
I acknowledge and respect the lək̓ʷəŋən peoples on whose traditional territory the university stands, and the Songhees, Esquimalt and WSÁNEĆ peoples whose historical relationships with the land continue to this day.
Baba Ndiaye
Nov 3, 2021, 12:30:57 PM11/3/21
to cas-...@apereo.org
Hi Ray
I add support-json-service-registry and rebuid build.gradle
I also uncomment cas.service-registry.json.location=/etc/cas/services
I add the folder
I also create a file moodle-id.json
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https)://*",
"name" : "Moodle",
"id" : id
"evolutionOrder": 99999
}
id=date+%s
But it's not work
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/097f1bc6fd5ff01bc01e7085ff7cd0815a50a3b5.camel%40uvic.ca.
Felix Schumacher
Nov 3, 2021, 12:44:34 PM11/3/21
to cas-...@apereo.org
Hi Baba,
Your service definition is for all http*s* URLs. Your screenshot shows a service parameter of http:// which is not matching your definition,
Regards
Felix
Am 03.11.21 um 17:30 schrieb Baba
Ndiaye:
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAFu1ZRuMuHWdpNxKdpzyFErh4GJi-JMyDtf8As7x6H2vLOFqKw%40mail.gmail.com.
Ray Bon
Nov 3, 2021, 12:46:42 PM11/3/21
to cas-...@apereo.org
Baba,
In the image, the service= parameter is an http url. Change your service definition to, ^(https?)://.*
Ray
Baba Ndiaye
Nov 3, 2021, 1:58:25 PM11/3/21
to cas-...@apereo.org
Hi Ray
i change the config and now i use https for all applications but i always have the same error but in the url is https now
and in my app-id.json i have this
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https?)://*",
"name" : "Moodle",
"id" : 1635948950,
"evaluationOrder" : 99999
}
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId" : "^(https?)://*",
"name" : "Moodle",
"id" : 1635948950,
"evaluationOrder" : 99999
}
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cddd375cb9cb9635841b6d116e005daea86bf59f.camel%40uvic.ca.
Felix Schumacher
Nov 3, 2021, 3:47:05 PM11/3/21
to cas-...@apereo.org
Hi Baba,
the regex is not correct.
It should be ending with //.* and not //*
Regards
Felix
the regex is not correct.
It should be ending with //.* and not //*
Regards
Felix
Baba Ndiaye
Nov 3, 2021, 7:36:19 PM11/3/21
to cas-...@apereo.org
Thank Felix i changed it but i have the same error so i want to know if i must configure a another files like cas properties ????
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8BEA2A48-3FD5-412A-BCFE-5754FB3F32D2%40internetallee.de.
Baba Ndiaye
Nov 4, 2021, 7:47:22 AM11/4/21
to cas-...@apereo.org
i follow this tutorial but it's dont work yet
Baba Ndiaye
Nov 4, 2021, 8:33:22 AM11/4/21
to cas-...@apereo.org
root@srv-cas:~# tail -20 /var/log/nginx/tomcat-error.log
2021/11/04 02:12:23 [crit] 112503#112503: *77 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:443
2021/11/04 03:55:14 [crit] 112503#112503: *113 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:443
2021/11/04 02:12:23 [crit] 112503#112503: *77 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:443
2021/11/04 03:55:14 [crit] 112503#112503: *113 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: x.x.x.x, server: 0.0.0.0:443
Ray Bon
Nov 4, 2021, 12:06:28 PM11/4/21
to cas-...@apereo.org
Baba,
Did you create a self signed certificate for your application?
If so, you would have to add it to the java keystore.
You do not need to start with an https url for your application, just use http://...
Once things are running, you can add a certificate. See https://apereo.github.io/cas/6.4.x/installation/Troubleshooting-Guide.html#ssl--certificates
Ray
Baba Ndiaye
Nov 5, 2021, 8:37:35 AM11/5/21
to cas-...@apereo.org
Hi Ray
when i build the cas.war i execute this command ./gradlew createKeystore the location folder /etc/cas/thekeystore but i never use it so i also have a good certif (not autosigned) and i use it for my nginx (tomcat redirection) and my moodle.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/745a18707accf120c961ea1c688d68cbc7338e3e.camel%40uvic.ca.
Baba Ndiaye
Nov 5, 2021, 12:33:07 PM11/5/21
to cas-...@apereo.org
i have this message in my catalina.log
root@srv-cas:~# tail -20 /var/log/tomcat9/catalina.2021-11-05.log
05-Nov-2021 03:35:58.254 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 06:55:27.264 INFOS [http-nio-8080-exec-8] org.apache.coyote.http11.Http11Processor.service Erreur lors de l'analyse d'un en-tête de requête HTTP Note: toutes les occurrences suivantes d'erreurs d'analyse des requêtes HTTP seront enregistrées au niveau DEBUG
java.lang.IllegalArgumentException: Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:469)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
05-Nov-2021 06:55:42.969 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 10:21:22.130 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 15:53:07.885 AVERTISSEMENT [http-nio-8080-exec-8] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
root@srv-cas:~#
05-Nov-2021 03:35:58.254 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 06:55:27.264 INFOS [http-nio-8080-exec-8] org.apache.coyote.http11.Http11Processor.service Erreur lors de l'analyse d'un en-tête de requête HTTP Note: toutes les occurrences suivantes d'erreurs d'analyse des requêtes HTTP seront enregistrées au niveau DEBUG
java.lang.IllegalArgumentException: Un caractère invalide a été trouvé dans la cible de la requête, les caractères valides sont définis dans RFC 7230 et RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:469)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:260)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1639)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:829)
05-Nov-2021 06:55:42.969 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 10:21:22.130 AVERTISSEMENT [http-nio-8080-exec-2] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
05-Nov-2021 15:53:07.885 AVERTISSEMENT [http-nio-8080-exec-8] javax.persistence.spi.PersistenceProviderResolverHolder$DefaultPersistenceProviderResolver.log javax.persistence.spi::No valid providers found.
root@srv-cas:~#
Ray Bon
Nov 5, 2021, 12:38:44 PM11/5/21
to cas-...@apereo.org
Baba,
In your first image, the application looks to be on a different server (192.168.1.5) from cas (192.168.1.4).
If your application is accessed with https://192.168.1.5/..., you will need to add its certificate to the java keystore where you put the one you made with createKeystore (in $JAVA_HOME/lib/security/cacerts). You will
also have to put the cas certificate to your application's certs (where nginx will look for it).
Getting self signed certs set up correctly can be tricky. That is why it is easier to start with an application that is on http instead of https.
Ray
Ray Bon
Nov 5, 2021, 2:26:08 PM11/5/21
to cas-...@apereo.org
Baba,
This looks like tomcat errors and not cas errors. Is that correct?
What is your tomcat setup? Is it fronted by apache or nginx?
If this is a different issue, you should create a new question.
Ray
Baba Ndiaye
Nov 5, 2021, 2:49:08 PM11/5/21
to cas-...@apereo.org
Ray
i use nginx for the redirection my server.com:8080/cas to my https://server.com it's work well i my ldap users can connect to the CAS correctly.
in my server.xml (tomcat9) i dont do anything
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/95e25ecb479b29dd4e6ba5b2e995c08043de8378.camel%40uvic.ca.
He Vincent
Nov 11, 2021, 3:13:57 AM11/11/21
to CAS Community, mrbaba...@gmail.com
1. If you use https, then please use a DNS name for the URL, do not use IP address. So please change your both CAS and Moodle to use DNS name.
2. For the certificates, please use well-known certificates if you are not familiar with self-signed certicates and how to add them to Java Key Store.
3. Please use the URL of Nginx, if you use nginx as a reverse proxy of tomcat.
Baba Ndiaye
Nov 11, 2021, 3:45:43 AM11/11/21
to He Vincent, CAS Community
Thank you Vincent !!!
Reply all
Reply to author
Forward
0 new messages