mod_auth_cas 1.1
Chris Cheltenham
Hello everyone,
We are using RHEL 7.3 with apache 2.4.6 and CAS 3.5.2.1 and mod_auth_cas 1.1
We are getting this error once we log into CAS.
Unauthorized
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
The URL has the ticket I there when we proxy to the CAS server.
https://test.dcis.hhs.gov/main.php?ticket=ST-42-aEak6uBsvai99PLq06Ad-test-ba.dcis.hhs.gov
On other RHEL5 apache servers that work we see this in the URL
https://dcis.hhs.gov/cas/login?service=https%3a%2f%2fdcis.hhs.gov%2fmain.php
The install seems to go well.
See below
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_auth_cas.so
make[1]: Leaving directory `/tmp/mod_auth_cas-master/src'
Making install in tests
make[1]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Entering directory `/tmp/mod_auth_cas-master/tests'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Leaving directory `/tmp/mod_auth_cas-master/tests'
make[1]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Entering directory `/tmp/mod_auth_cas-master'
make[2]: Nothing to be done for `install-exec-am'.
make[2]: Nothing to be done for `install-data-am'.
make[2]: Leaving directory `/tmp/mod_auth_cas-master'
make[1]: Leaving directory `/tmp/mod_auth_cas-master'
root@test-web:/tmp/mod_auth_cas-master > ls -l
total 1684
-rw-r--r--. 1 root root 42423 Oct 11 18:39 aclocal.m4
-rwxr-xr-x. 1 root root 7333 Oct 11 18:39 compile
-rwxr-xr-x. 1 root root 42938 Oct 11 18:39 config.guess
-rw-r--r--. 1 root root 5958 Dec 10 11:33 config.h
-rw-r--r--. 1 root root 5576 Oct 11 18:39 config.h.in
-rw-r--r--. 1 root root 60120 Dec 10 11:33 config.log
-rwxr-xr-x. 1 root root 60916 Dec 10 11:33 config.status
-rwxr-xr-x. 1 root root 36006 Oct 11 18:39 config.sub
-rwxr-xr-x. 1 root root 491031 Oct 11 18:39 configure
-rw-r--r--. 1 root root 5083 Oct 11 18:39 configure.ac
-rwxr-xr-x. 1 root root 23566 Oct 11 18:39 depcomp
-rwxr-xr-x. 1 root root 14675 Oct 11 18:39 install-sh
-rwxr-xr-x. 1 root root 339483 Dec 10 11:33 libtool
-rw-r--r--. 1 root root 324089 Oct 11 18:39 ltmain.sh
drwxr-xr-x. 2 root root 4096 Oct 11 18:39 m4
-rw-r--r--. 1 root root 27298 Dec 10 11:33 Makefile
-rw-r--r--. 1 root root 961 Oct 11 18:39 Makefile.am
-rw-r--r--. 1 root root 27090 Oct 11 18:39 Makefile.in
-rwxr-xr-x. 1 root root 6872 Oct 11 18:39 missing
-rw-r--r--. 1 root root 801 Oct 11 18:39 NOTES
-rw-r--r--. 1 root root 17243 Oct 11 18:39 README
-rw-r--r--. 1 root root 3327 Oct 11 18:39 README.win32
drwxr-xr-x. 4 root root 4096 Dec 10 11:33 src
-rw-r--r--. 1 root root 23 Dec 10 11:33 stamp-h1
-rwxr-xr-x. 1 root root 4640 Oct 11 18:39 test-driver
drwxr-xr-x. 3 root root 4096 Dec 10 11:33 tests
root@test-web:/tmp/mod_auth_cas-master > ls -l /usr/lib64/httpd/modules/mod_auth_cas.so
-rwxr-xr-x. 1 root root 245800 Dec 10 11:33 /usr/lib64/httpd/modules/mod_auth_cas.so
root@test-web:/tmp/mod_auth_cas-master > service httpd start
Redirecting to /bin/systemctl start httpd.service
root@test-web:/tmp/mod_auth_cas-master > systemctl httpd status
Unknown operation 'httpd'.
root@test-web:/tmp/mod_auth_cas-master > systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2016-12-10 11:34:34 EST; 17s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 10235 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Process: 29467 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Main PID: 13258 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─13258 /usr/sbin/httpd -DFOREGROUND
├─13260 /usr/sbin/httpd -DFOREGROUND
├─13262 /usr/sbin/httpd -DFOREGROUND
├─13263 /usr/sbin/httpd -DFOREGROUND
├─13264 /usr/sbin/httpd -DFOREGROUND
├─13265 /usr/sbin/httpd -DFOREGROUND
└─13266 /usr/sbin/httpd -DFOREGROUND
Dec 10 11:34:34 test-web.dcis.hhs.gov systemd[1]: Starting The Apache HTTP Server...
Dec 10 11:34:34 test-web.dcis.hhs.gov systemd[1]: Started The Apache HTTP Server.
root@test-web:/tmp/mod_auth_cas-master >
Thank You;
Chris Cheltenham
SwainTechs
10 Walnut Grove Rd
Suite 110
Horsham, PA
Uxío Prego
Madiva Soluciones
Cl / Serrano Galvache 56 E Abedul 4
28033 Madrid
917 56 84 94
www.madiva.com
The activity of email inboxes can be systematically tracked by colleagues, business partners and third parties. Turn off automatic loading of images to hamper it.
--
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscribe@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/MWHPR17MB12137CB786190C5AFED56C7AC4860%40MWHPR17MB1213.namprd17.prod.outlook.com.
Uxío Prego
On 10 Dec 2016, at 19:10, Chris Cheltenham <cchel...@swaintechs.com> wrote:Uxio,Just for some more details.The httpd log says this:[Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!][Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client 10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive shutdown (server test.dcis.hhs.gov:443)The mod_auth_cas 1.1 READ ME says this which worries me.========================================================================KNOWN LIMITATIONS========================================================================These limitations are known to exists in this release of the software:* CAS Proxy Validation is not implemented in this version.
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Chris Cheltenham
Uxio,
Just for some more details.
The httpd log says this:
[Sat Dec 10 13:08:40.488691 2016] [ssl:debug] [pid 16011] ssl_engine_io.c(1201): (70014)End of file found: [client 10.153.2.8:30517] AH02007: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Sat Dec 10 13:08:40.488703 2016] [ssl:info] [pid 16011] [client 10.153.2.8:30517] AH01998: Connection closed to child 3 with abortive shutdown (server test.dcis.hhs.gov:443)
The mod_auth_cas 1.1 READ ME says this which worries me.
========================================================================
KNOWN LIMITATIONS
========================================================================
These limitations are known to exists in this release of the software:
* CAS Proxy Validation is not implemented in this version.
From: Uxío Prego [mailto:upr...@madiva.com]
Sent: Saturday, December 10, 2016 1:02 PM
To: CAS Community
Cc: David Lawson; Pathe Sow; Chris Cheltenham
Subject: Re: [cas-user] mod_auth_cas 1.1
Have you discarded a misconfigured database problem?
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Chris Cheltenham
Thanks for responding Uxio.
There is no Database in this scenario.
I do not understand this part of you answer: “turn on hibernate SQL logging”
Tailf of Catalina logs produce the following at the bottom, so it creates a ticket ok.
I greatly appreciate your help.
root@test-ba:/var/log/tomcat6 > tailf catalina.out
2016-12-10 13:04:45,612 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-57-JfMkujBiuFIdrxPHM1Po-test-ba.dcis.hhs.gov] for service [https://test.dcis.hhs.gov/main.php] for user [ccheltenham]>
2016-12-10 13:04:45,612 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: ccheltenham
WHAT: ST-57-JfMkujBiuFIdrxPHM1Po-test-ba.dcis.hhs.gov for https://test.dcis.hhs.gov/main.php
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Dec 10 13:04:45 EST 2016
CLIENT IP ADDRESS: 10.153.111.228
SERVER IP ADDRESS: 10.153.111.217
=============================================================
>
From: Uxío Prego [mailto:upr...@madiva.com]
Sent: Saturday, December 10, 2016 1:02 PM
To: CAS Community
Cc: David Lawson; Pathe Sow; Chris Cheltenham
Subject: Re: [cas-user] mod_auth_cas 1.1
Have you discarded a misconfigured database problem?
--
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
David Hawes
Next, set your LogLevel to debug and CASDebug on. Do you see anything
useful in the error log?
On 10 December 2016 at 11:41, Chris Cheltenham
Chris Cheltenham
He mod_auth_cas is attached.
We are on debug mode.
That is all the information we get back in logs.
-----Original Message-----
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Hawes
Sent: Monday, December 12, 2016 5:39 PM
To: CAS Community
Subject: Re: [cas-user] mod_auth_cas 1.1
Chris Cheltenham
-----Original Message-----
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Hawes
Sent: Monday, December 12, 2016 5:39 PM
To: CAS Community
Subject: Re: [cas-user] mod_auth_cas 1.1
David Hawes
Can you post your Apache config?
Chris Cheltenham
Again I appreciate your help.
-----Original Message-----
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Hawes
Sent: Tuesday, December 13, 2016 10:52 AM
To: CAS Community
Subject: Re: [cas-user] mod_auth_cas 1.1
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
Chris Cheltenham
You can actually see whats happening as this is a public site.
Goto:
https://test.dcis.hhs.gov/
you will see the correct url as you hover over the big blue button.
Click the big blue button and cas picks up with this url
https://test.dcis.hhs.gov/cas/login?service=https%3a%2f%2ftest.dcis.hhs.gov%2fmain.php
that is all right.
When you authenticate, through LDAP ( which we verified through an LDAP browser)
The CAS server returns the ticket onto the url
https://test.dcis.hhs.gov/main.php?ticket=ST-4-DCNLqLHl5fzKUahu9Jdx-test-ba.dcis.hhs.gov
The ticket is also created on the CAS server.
-----Original Message-----
From: cas-...@apereo.org [mailto:cas-...@apereo.org] On Behalf Of David Hawes
Subject: Re: [cas-user] mod_auth_cas 1.1
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
David Hawes
On 13 December 2016 at 18:44, Chris Cheltenham