AuthKit 0.4.5 and CAS 2.0 protocol.

3 views
Skip to first unread message

tetsuo

unread,
Jan 19, 2010, 7:55:55 PM1/19/10
to AuthKit
Hi,

I've tried using the SSO CAS 2.0 protocol with the authkit and must
admit that it works quite nice!
One thing that is puzzling me is that, each time a request is made
from a browser (link clicked) authkit does the following (debug log
sample)


01:44:31,150 DEBUG [authkit.authenticate.multi] Status: '401 Not
Authenticated', Headers: [('Content-Type', 'text/html;
charset=UTF-8'), ('Content-Length', '374')]
01:44:31,150 DEBUG [authkit.authenticate.multi] Status checker
recieved status '401 Not Authenticated', headers [('Content-Type',
'text/html; charset=UTF-8'), ('Content-Length', '374')], intecept
['401']
01:44:31,150 DEBUG [authkit.authenticate.multi] Status checker returns
True
01:44:31,150 DEBUG [authkit.authenticate.multi] MultiMiddleware
self.checker check() returning
<authkit.authenticate.sso.cas.AuthCASHandler object at 0x9499dac>
01:44:31,151 DEBUG [authkit.authenticate.sso.api] Sending redirect to
https://auth.domain.com/auth/login?service=https%3A%2F%2Fmywebapp.domain.com%2Fsigner%3Ftype%3Dcas
01:44:31,152 DEBUG [authkit.authenticate.multi] Matched binding
returns status: '303 See Other', headers: [('location', 'https://
auth.domain.com/auth/login?service=https%3A%2F%2Fmywebapp.domain.com
%2Fsigner%3Ftype%3Dcas'), ('content-type', 'text/html')], exc_info:
None
2010-01-20 01:44:31 : GET /signer
01:44:31,448 INFO [scgi-wsgi] GET /signer
01:44:31,449 DEBUG [authkit.authenticate.sso.api] Found /signer in
protection paths. No REMOTE_USER set, running auth verify.
01:44:31,449 DEBUG [authkit.authenticate.sso.cas] Validating using CAS
2.0
01:44:31,541 DEBUG [authkit.authenticate.sso.cas] Raw response of auth
verification:
<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
<cas:authenticationSuccess>
<cas:user>s000000</cas:user>
<norEduPerson xmlns="">
<eduPersonPrimaryAffiliation>student</
eduPersonPrimaryAffiliation>
<mail>te...@test.com</mail>
<gn>FirstName LastName</gn>
<sn>LastName</sn>
<cn>FirstName MiddleName LastName</cn>
<preferredLanguage>en-GB</preferredLanguage>
<eduPersonTargetedID>0066-31222</eduPersonTargetedID>
<OrganizationName>Your Organization</OrganizationName>
<IdentityProvider>ORG</IdentityProvider>
<eduPersonPrincipalName>te...@test.com</eduPersonPrincipalName>
</norEduPerson>
</cas:authenticationSuccess>
</cas:serviceResponse>
01:44:31,542 DEBUG [authkit.authenticate.sso.cas] Successfully
authenticated
01:44:31,542 DEBUG [authkit.authenticate.sso.cas] Authentication
success, calling app.
87.54.59.222 - s060025 [20/Jan/2010:01:44:31 +0200] "GET /signer?
type=cas&ticket=ST-540231-42ce869b9c98600638d7 HTTP/1.1" 200 5000
01:44:31,556 DEBUG [authkit.authenticate.multi] Status: '200 OK',
Headers: [('Content-Type', 'text/html; charset=utf-8'), ('Pragma', 'no-
cache'), ('Cache-Control', 'no-cache'), ('Content-Length', '5000')]
01:44:31,556 DEBUG [authkit.authenticate.multi] Status checker
recieved status '200 OK', headers [('Content-Type', 'text/html;
charset=utf-8'), ('Pragma', 'no-cache'), ('Cache-Control', 'no-
cache'), ('Content-Length', '5000')], intecept ['401']
01:44:31,556 DEBUG [authkit.authenticate.multi] Status checker returns
False
01:44:31,557 DEBUG [authkit.authenticate.multi] Multi: No binding was
found for the check


Now, I'm wondering why each time the verification procedure needs to
be repeated?
Why do I get a 401 status with each request?
Does it have anything to do with the "[authkit.authenticate.sso.api]
Found /signer in protection paths. No REMOTE_USER set, running auth
verify." message?

Relevant authkit development.ini vars:
authkit.cas.authority = https://auth.mydomain.com/auth/
authkit.cas.protect = /signer, /user_manager, /
feedback
authkit.cas.use_cas2 =
True
authkit.intercept = 401, 403

Let me know if you need any other data.

Reply all
Reply to author
Forward
0 new messages