Problem with CAS authentication

[BenDDD]

Hi everyone,

I'm testing the Apache Guacamole solution and i want to set CAS authentication. I have installed the CAS extension in the Guacamole app in Tomcat.

When i reach https://guacamole.ourdomain.fr/guacamole, i am correctly redirected to https://cas.ourdomain.fr/cas/login. I enter my username and password and got redirected again to https://guacamole.ourdomain.fr/guacamole/#/?ticket=ST-290-5oZgIyiJ6wKl11IB13TW-cas.ourdomain.fr but the web page shows an error message.

Here is the CAS server Tomcat logs.

And the Guacamole server Tomcat logs.

Thank you in advance for your help.

BenDDD

[Ray Bon]

Ben,

I do not know about guacamole. Does it need to be a proxy? If not, configure it as a regular service.

During the proxy validation process, CAS makes a call to the services proxy callback endpoint (this is defined in the service definition). This looks to be working correctly, because of the remaining logs you posted.

It looks to me like the proxy callback is protected by login. Thus when CAS calls proxy callback guacamole redirects to log in with the ST. The log in page is returned and this is shows in the tomcat log as an xml error with the img tag.

Turn up CAS logging to debug or add this to log4j2.xml

        <!-- DEBUG Response code from server matched [###] may be useful for debugging proxy

                   Created HTTP post message payload [POST URL] on logout -->

        <AsyncLogger name="org.apereo.cas.util.http.SimpleHttpClient" level="error" />

Ray

-- 

Ray Bon

Programmer Analyst

Development Services, University Systems

2507218831 | CLE 019 | rb...@uvic.ca

I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations.