casshib and zimbra (error: Cas is Unavailable)
74 views
Skip to first unread message
andy204
Jul 19, 2010, 1:11:30 PM7/19/10
to casshib
hello all,
we are currently trying to implement casshib with zimbra. we are doing
quite well and after authenticating against shibboleth idp we get
redirected to casshib. we see in the log files that a ticket is issued
and then we are redirected to zimbra. zimbra then tries to check if
the ticket is good and there we hang.
zimbra says: Caused by: java.io.FileNotFoundException:
http://cas.webop.net/casshib/serviceValidate?ticket=ST-2-IqZoouitR7DZS5ce13eV-cas&service=http%3A%2F%2Fvm00.webop.net%3A7072%2Fzimbra%2Fpublic%2Fpreauth.jsp%3Bjsessionid%3Ddsky2n1hwaqh
this is not the right url, since zimbra can only work with cas server.
so if we manually try check for the ticket:
http://cas.webop.net/casshib/shib/zimbra/serviceValidate?ticket=ST-2-IqZoouitR7DZS5ce13eV-cas&service=http%3A%2F%2Fvm00.webop.net%3A7072%2Fzimbra%2Fpublic%2Fpreauth.jsp%3Bjsessionid%3Ddsky2n1hwaqh
we just get a website with: "CAS is Unavailable".
any ideas? we are not using SSL (we just did a fast trial and error),
can this be the issue?
thanks for any help!
-andy
we are currently trying to implement casshib with zimbra. we are doing
quite well and after authenticating against shibboleth idp we get
redirected to casshib. we see in the log files that a ticket is issued
and then we are redirected to zimbra. zimbra then tries to check if
the ticket is good and there we hang.
zimbra says: Caused by: java.io.FileNotFoundException:
http://cas.webop.net/casshib/serviceValidate?ticket=ST-2-IqZoouitR7DZS5ce13eV-cas&service=http%3A%2F%2Fvm00.webop.net%3A7072%2Fzimbra%2Fpublic%2Fpreauth.jsp%3Bjsessionid%3Ddsky2n1hwaqh
this is not the right url, since zimbra can only work with cas server.
so if we manually try check for the ticket:
http://cas.webop.net/casshib/shib/zimbra/serviceValidate?ticket=ST-2-IqZoouitR7DZS5ce13eV-cas&service=http%3A%2F%2Fvm00.webop.net%3A7072%2Fzimbra%2Fpublic%2Fpreauth.jsp%3Bjsessionid%3Ddsky2n1hwaqh
we just get a website with: "CAS is Unavailable".
any ideas? we are not using SSL (we just did a fast trial and error),
can this be the issue?
thanks for any help!
-andy
bkoehm
Jul 19, 2010, 3:00:51 PM7/19/10
to casshib
The first problem looks like Zimbra just needs to be configured to use
the right ticket validation URL.
Regarding the "CAS is Unavailable" message, I think this message is
displayed when exceptions are being thrown on CAS server side. Check
the CAS server log to see if there are exceptions in there. If so,
those backtraces should yield more clues.
On Jul 19, 10:11 am, andy204 <andreas.sart...@gmail.com> wrote:
> hello all,
>
> we are currently trying to implement casshib with zimbra. we are doing
> quite well and after authenticating against shibboleth idp we get
> redirected to casshib. we see in the log files that a ticket is issued
> and then we are redirected to zimbra. zimbra then tries to check if
> the ticket is good and there we hang.
>
> zimbra says: Caused by: java.io.FileNotFoundException:http://cas.webop.net/casshib/serviceValidate?ticket=ST-2-IqZoouitR7DZ...
the right ticket validation URL.
Regarding the "CAS is Unavailable" message, I think this message is
displayed when exceptions are being thrown on CAS server side. Check
the CAS server log to see if there are exceptions in there. If so,
those backtraces should yield more clues.
On Jul 19, 10:11 am, andy204 <andreas.sart...@gmail.com> wrote:
> hello all,
>
> we are currently trying to implement casshib with zimbra. we are doing
> quite well and after authenticating against shibboleth idp we get
> redirected to casshib. we see in the log files that a ticket is issued
> and then we are redirected to zimbra. zimbra then tries to check if
> the ticket is good and there we hang.
>
>
> this is not the right url, since zimbra can only work with cas server.
> so if we manually try check for the ticket:http://cas.webop.net/casshib/shib/zimbra/serviceValidate?ticket=ST-2-...
> this is not the right url, since zimbra can only work with cas server.
andy204
Jul 19, 2010, 3:04:43 PM7/19/10
to casshib
hey,
thanks for responding!
the right url should be: http://cas.webop.net/casshib/shib/zimbra/serviceValidate?t.....
?
we did not pay alot of attention to the zimbra installation in the
first way, thats why we had this error in the config (fixed now).
with cas serverside you mean the casshib, right? form my understanding
we dont need a standalone cas server?
i will post the logs tomorrow, since i am home and have no access to
the vm where casshib is running.
kind regards
-andy
thanks for responding!
the right url should be: http://cas.webop.net/casshib/shib/zimbra/serviceValidate?t.....
?
we did not pay alot of attention to the zimbra installation in the
first way, thats why we had this error in the config (fixed now).
with cas serverside you mean the casshib, right? form my understanding
we dont need a standalone cas server?
i will post the logs tomorrow, since i am home and have no access to
the vm where casshib is running.
kind regards
-andy
Brian Koehmstedt
Jul 19, 2010, 3:20:49 PM7/19/10
to cas...@googlegroups.com
That's the right url if 'zimbra' is the passcode you set up in
casshib-service-registrations.xml.
casshib-service-registrations.xml.
Yes, I meant the casshib server (which is really just a modified CAS
server). No, you don't need a standalone CAS server, although at my
university we do indeed have a separate "stock" CAS server for our
Shibboleth single-sign-on.
> --
> You received this message because you are subscribed to the Google Groups "casshib" group.
> To post to this group, send email to cas...@googlegroups.com.
> To unsubscribe from this group, send email to casshib+u...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/casshib?hl=en.
>
>
andy204
Jul 19, 2010, 3:25:31 PM7/19/10
to casshib
need to test that. i thought that i use 'zimbra' as app id and not as
passphrase.
thanks for make this clear to us.
-andy
passphrase.
thanks for make this clear to us.
-andy
andy204
Jul 19, 2010, 3:39:44 PM7/19/10
to casshib
thanks for your help!
now it works. just some small zimbra error, but thats not your
issue :)
kind regards
-andy
now it works. just some small zimbra error, but thats not your
issue :)
kind regards
-andy
Reply all
Reply to author
Forward
0 new messages