mod_auth_cas v1.2 curl_easy_perform fails
30 views
Skip to first unread message
CJ Keist
Oct 15, 2022, 1:43:37 AM10/15/22
to CAS Community
Hello,
I'm in process of trying to install Open OnDemand 2.0 with CAS authentication. Following documentation of install mod_auth_cas. After I access the ondemand server it redirects my browser to our CAS server, which then authenticates me via DUO. After DUO succeeds, CAS server then redirects my browser back to the ondemand server with the ticket. At this point mod_auth_cas fails on the curl_easy_perform function. From the Apache logs with debug turned on for both Apache and mod_auth_cas, this is what I see in the logs:
921): [client 10.197.140.94:50583] MOD_AUTH_CAS: curl_easy_perform() failed (), referer: https://login.oregonstate.edu/
As you can see, the failed error code is null. So not getting any help as to why mod_auth_cas is failing to validate the ticket?
Also confirmed with tcpdump that the ondemand server didn't contact the CAS server.
Apache: 2.4.37
OS: RockyLinux 8
created file 01-cas.conf in /etc/httpd/conf.modules.d with:
LoadModule auth_cas_module /usr/lib64/httpd/modules/mod_auth_cas.so
created file auth_cas.conf in /etc/httpd/conf.d with:
CASDebug on
CASTimeout 43200
CASIdleTimeout 7200
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASCertificatePath /etc/pki/tls/certs/incommon.interm-sha2.crt
CASLoginURL https://server.oregonstate.edu/idp/profile/cas/login
CASValidateURL https://server.oregonstate.edu/idp/profile/cas/serviceValidate
CASTimeout 43200
CASIdleTimeout 7200
CASCookiePath /var/cache/httpd/mod_auth_cas/
CASCertificatePath /etc/pki/tls/certs/incommon.interm-sha2.crt
CASLoginURL https://server.oregonstate.edu/idp/profile/cas/login
CASValidateURL https://server.oregonstate.edu/idp/profile/cas/serviceValidate
In OOD conf file I have:
AuthType CAS
Require valid-user
Require valid-user
Ray Bon
Oct 17, 2022, 11:58:12 AM10/17/22
to cas-...@apereo.org
CJ,
Java will silently drop requests with an invalid cert.
Should CASCertificatePath point to the OnDemand host cert?
You could try running the curl command from the command line.
Ray
On Fri, 2022-10-14 at 08:41 -0700, CJ Keist wrote:
Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.
CJ Keist
Oct 17, 2022, 3:08:28 PM10/17/22
to CAS Community, Ray Bon
Ray, thank you for the response.
I did run the curl from the command line and it worked, specifying the cert to use. I then installed OOD and CAS on CentOS7 and it worked just fine. So I thought I had it down to an issue with the libcurl version. So this morning I compiled an older version of libcurl on RockyLinux 8 and compiled mod_auth_cas against that and it worked! I then went to see what the latest version of libcurl I could use before it breaks. The only problem, I made it all the way to the latest release of libcurl and it is still working! Reboots of the server and still works. I then went back and compiled it against the standard libcurl with Rocky and it still works.
Have no idea what changed over the weekend but it looks to be working now without any issues.
Very confused, but moving on.
Reply all
Reply to author
Forward
0 new messages