mod_auth_cas and reverse proxy

[Rick Baril]

Hi all,

Having a problem configuring mod_auth_cas. We're using apache as a proxy to several tomcat wars and also a separate iSeries site. Can anybody see the problem in this log file? It looks like CAS is not the issue, but everything was working before we added the module. I've also included the relevant config info.

From the apache conf:

        CASCookiePath /var/cache/apache2/mod_auth_cas/

        CASLoginUrl https://staging-secure.traf.mb.ca/cas/login

        CASValidateURL https://staging-secure.traf.mb.ca/cas/serviceValidate

        CASCertificatePath /etc/ssl/

        CASDebug on

        <Location /profoundui >

                Authtype CAS

                Require valid-user

        </Location>

Log from apache:

Apache-Error: [file "ssl_engine_kernel.c"] [line 383] [level 7] AH02034: Initial (No.1) HTTPS request received for child 5 (server staging-secure.traf.mb.ca:443)

Apache-Error: [file "mod_authz_core.c"] [line 809] [level 7] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

Apache-Error: [file "mod_authz_core.c"] [line 809] [level 7] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

Apache-Error: [file "mod_auth_cas.c"] [line 2058] [level 7] Entering cas_authenticate()

Apache-Error: [file "mod_auth_cas.c"] [line 1655] [level 7] entering isValidCASCookie()

Apache-Error: [file "mod_auth_cas.c"] [line 892] [level 7] entering readCASCacheFile()

Apache-Error: [file "mod_auth_cas.c"] [line 1180] [level 7] entering writeCASCacheEntry()

Apache-Error: [file "mod_authz_core.c"] [line 809] [level 7] AH01626: authorization result of Require valid-user : granted

Apache-Error: [file "mod_authz_core.c"] [line 809] [level 7] AH01626: authorization result of <RequireAny>: granted

Apache-Error: [file "mod_proxy.c"] [line 1229] [level 7] AH01143: Running scheme https handler (attempt 0)

Apache-Error: [file "mod_proxy_ajp.c"] [line 738] [level 7] AH00894: declining URL https://tdev.traf.mb.ca:8443/profoundui/genie

Apache-Error: [file "proxy_util.c"] [line 2244] [level 7] AH00944: connecting https://tdev.traf.mb.ca:8443/profoundui/genie to tdev.traf.mb.ca:8443

Apache-Error: [file "proxy_util.c"] [line 2453] [level 7] AH00947: connected /profoundui/genie to tdev.traf.mb.ca:8443

Apache-Error: [file "mod_proxy_http.c"] [line 1262] [level 3] [status 103] AH01102: error reading status line from remote server tdev.traf.mb.ca:8443

Apache-Error: [file "mod_proxy_http.c"] [line 1324] [level 7] AH01105: NOT Closing connection to client although reading from backend server tdev.traf.mb.ca:8443 failed.

Apache-Error: [file "proxy_util.c"] [line 378] [level 3] AH00898: Error reading from remote server returned by /profoundui/genie

Any help or advice welcome.

Regards,

Rick

[Rick Baril]

Sorry to bother y'all.... It was a firewall issue (as usual ;).

Regards,

Rick