Re: [cas-user] Cas - Unauthorized

Ramakrishna G Tue, 30 Jan 2018 02:19:52 -0800

Hi ,

Now I think I resolved certificate issue. But I am getting this error


[Fri Jan 26 16:22:24.270308 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet)

[Fri Jan 26 16:22:24.270359 2018] [authz_core:debug] [pid 19878]
mod_authz_core.c(809): [client 192.168.111.118:62974] AH01626:
authorization result of <RequireAny>: denied (no authenticated user yet)

[Fri Jan 26 16:22:24.270390 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(2076): [client 192.168.111.118:62974] Entering
cas_authenticate()

[Fri Jan 26 16:22:24.270415 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(656): [client 192.168.111.118:62974] Modified r->args (now
'ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client')

[Fri Jan 26 16:22:24.270486 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1779): [client 192.168.111.118:62974] entering
getResponseFromServer()

[Fri Jan 26 16:22:24.270617 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(584): [client 192.168.111.118:62974] CAS Service
'https%3a%2f%2f192.168.111.118%3a8443%2f%3fticket%3dST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client%26ticket%3dST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client'

[Fri Jan 26 16:22:24.479223 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1856): [client 192.168.111.118:62974] Validation response:
<!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93
Not Acceptable</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line"
/><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.</p><hr class="line" /><h3>Apache
Tomcat/8.5.24</h3></body></html>

[Fri Jan 26 16:22:24.479448 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1440): [client 192.168.111.118:62974] entering
isValidCASTicket()

[Fri Jan 26 16:22:24.479470 2018] [auth_cas:debug] [pid 19878]
mod_auth_cas.c(1446): [client 192.168.111.118:62974] MOD_AUTH_CAS: response
= <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93
Not Acceptable</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line"
/><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.</p><hr class="line" /><h3>Apache
Tomcat/8.5.24</h3></body></html>

[Fri Jan 26 16:22:24.479581 2018] [auth_cas:error] [pid 19878] [client
192.168.111.118:62974] MOD_AUTH_CAS: error parsing CASv2 response: XML
parser error code: syntax error (2)

[Fri Jan 26 16:22:24.523966 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524008 2018] [authz_core:debug] [pid 19205]
mod_authz_core.c(809): [client 192.168.111.118:62976] AH01626:
authorization result of <RequireAny>: denied (no authenticated user yet),
referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524022 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(2076): [client 192.168.111.118:62976] Entering
cas_authenticate(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524042 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(584): [client 192.168.111.118:62976] CAS Service
'https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico', referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524049 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(532): [client 192.168.111.118:62976] entering
getCASLoginURL(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524058 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(509): [client 192.168.111.118:62976] entering
getCASGateway(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524065 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(599): [client 192.168.111.118:62976] entering
redirectRequest(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.524072 2018] [auth_cas:debug] [pid 19205]
mod_auth_cas.c(611): [client 192.168.111.118:62976] Adding outgoing header:
Location:
https://192.168.111.118:8443/cas/login?service=https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico,
referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.565945 2018] [authz_core:debug] [pid 19201]
mod_authz_core.c(809): [client 192.168.111.118:62978] AH01626:
authorization result of Require valid-user : denied (no authenticated user
yet), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.565996 2018] [authz_core:debug] [pid 19201]
mod_authz_core.c(809): [client 192.168.111.118:62978] AH01626:
authorization result of <RequireAny>: denied (no authenticated user yet),
referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.566012 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(2076): [client 192.168.111.118:62978] Entering
cas_authenticate(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.566026 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(656): [client 192.168.111.118:62978] Modified r->args (now
''), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.566104 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(1779): [client 192.168.111.118:62978] entering
getResponseFromServer(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.566245 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(584): [client 192.168.111.118:62978] CAS Service
'https%3a%2f%2f192.168.111.118%3a8443%2ffavicon.ico', referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.731155 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(1856): [client 192.168.111.118:62978] Validation response:
<!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93
Not Acceptable</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line"
/><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.</p><hr class="line" /><h3>Apache
Tomcat/8.5.24</h3></body></html>, referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.731389 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(1440): [client 192.168.111.118:62978] entering
isValidCASTicket(), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.731411 2018] [auth_cas:debug] [pid 19201]
mod_auth_cas.c(1446): [client 192.168.111.118:62978] MOD_AUTH_CAS: response
= <!doctype html><html lang="en"><head><title>HTTP Status 406 \xe2\x80\x93
Not Acceptable</title><style type="text/css">h1
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;}
h3
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body
{font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;}
p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}
a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 406 \xe2\x80\x93 Not Acceptable</h1><hr class="line"
/><p><b>Type</b> Status Report</p><p><b>Description</b> The target resource
does not have a current representation that would be acceptable to the user
agent, according to the proactive negotiation header fields received in the
request, and the server is unwilling to supply a default
representation.</p><hr class="line" /><h3>Apache
Tomcat/8.5.24</h3></body></html>, referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client

[Fri Jan 26 16:22:24.731538 2018] [auth_cas:error] [pid 19201] [client
192.168.111.118:62978] MOD_AUTH_CAS: error parsing CASv2 response: XML
parser error code: syntax error (2), referer:
https://192.168.111.118:8443/?ticket=ST-61-Ax_G3kwIznjFqCiNkoMeUy4y1Gk-client&ticket=ST-62-Kf3DaPe_Vlv9cOH5VQYhiIz_tWg-client&ticket=ST-63-9XuUCVFW1N7KHvmkSzAf31rObMA-client


Can you pls help.

On Thu, Jan 25, 2018 at 11:04 PM, Ramakrishna G <[email protected]> wrote:

> Hi David,
>
> As suggested I enabled Debug Mode. Error what I got to..
>
>
> [Thu Jan 25 17:53:01.512443 2018] [ssl:info] [pid 28180] SSL Library
> Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request --
> speaking HTTP to HTTPS port!?
>
> [Thu Jan 25 17:53:01.940036 2018] [ssl:info] [pid 28181] [client
> 192.168.111.84:62057] AH01964: Connection to child 1 established (server
> 192.168.111.12:443)
>
> [Thu Jan 25 17:53:01.940406 2018] [ssl:info] [pid 28181] [client
> 192.168.111.84:62057] AH01996: SSL handshake failed: HTTP spoken on HTTPS
> port; trying to send HTML error page
>
> [Thu Jan 25 17:53:01.940458 2018] [ssl:info] [pid 28181] SSL Library
> Error: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request --
> speaking HTTP to HTTPS port!?
>
> [Thu Jan 25 17:53:13.796431 2018] [ssl:info] [pid 28182] [client
> 192.168.111.84:62058] AH01964: Connection to child 2 established (server
> 192.168.111.12:443)
>
> [Thu Jan 25 17:53:13.796782 2018] [ssl:debug] [pid 28182]
> ssl_engine_io.c(1202): (70014)End of file found: [client
> 192.168.111.84:62058] AH02007: SSL handshake interrupted by system [Hint:
> Stop button pressed in browser?!]
>
> [Thu Jan 25 17:53:13.796815 2018] [ssl:info] [pid 28182] [client
> 192.168.111.84:62058] AH01998: Connection closed to child 2 with abortive
> shutdown (server 192.168.111.12:443)
>
> ~
>
>
> LoadModule auth_cas_module modules/mod_auth_cas.so
>
> CASCookiePath /var/cache/mod_auth_cas/
>
> CASCertificatePath  /etc/ssl/certs/
>
> CASLoginURL https://192.168.111.12:9443/cas/login
>
> CASRootProxiedAs https://192.168.111.12
>
> CASValidateURL https://192.168.111.12:9443/cas/serviceValidate
>
> #CASProxyValidateURL https://192.168.111.12:9443/cas/proxyValidate
>
> CASDebug On
>
> LogLevel debug
>
> CASValidateSAML On
>
> CASVersion 2
>
> #CASValidateServer off
>
> #CASAllowWildcardCert off
>
> CASTimeout 86400
>
> CASIdleTimeout 7200
>
> CASSSOEnabled On
>
> #LogLevel debug
>
>
> <VirtualHost *:80>
>
>     DocumentRoot "/var/www/html/"
>
>     ServerName 192.168.111.12
>
>     CASValidateSAML On
>
>     LogLevel debug
>
>     ErrorLog /var/log/cas_error_log
>
>     CustomLog /var/log/cas_access_log combined
>
>     # Other directives here
>
>     #AuthType CAS
>
>     #require valid-user
>
> </VirtualHost>
>
>
> <directory /var/www/html>
>
>      AllowOverride
>
>      Order allow,deny
>
>      Allow from all
>
>      Authtype CAS
>
>      require valid-user
>
>      Allow from env=no_cas_use
>
>      #Satisfy Any
>
>    # require cas-attribute edupersonaffiliation:staff
>
> </directory>
>
>
> What am I missing?
>
>
> Thankyou
>
> Ramakrishna
>
>
>
> On Thu, Jan 25, 2018 at 10:45 PM, David Hawes <[email protected]> wrote:
>
>> On 23 January 2018 at 08:52, Ramakrishna G <[email protected]>
>> wrote:
>> > Unauthorized
>> >
>> > This server could not verify that you are authorized to access the
>> document
>> > requested. Either you supplied the wrong credentials (e.g., bad
>> password),
>> > or your browser doesn't understand how to supply the credentials
>> required.
>> >
>> >
>> > Ticket is generated but says the above error. I am using mod_auth_cas in
>> > Apache server.
>>
>> Set:
>>
>> LogLevel debug
>> CASDebug On
>>
>> and check your error logs. You should have information as to why you
>> get this error.
>>
>> --
>> - Website: https://apereo.github.io/cas
>> - Gitter Chatroom: https://gitter.im/apereo/cas
>> - List Guidelines: https://goo.gl/1VRrw7
>> - Contributions: https://goo.gl/mh7qDG
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "CAS Community" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected].
>> To view this discussion on the web visit https://groups.google.com/a/ap
>> ereo.org/d/msgid/cas-user/CAAgu-wCcoYC-Sg4V3dE6hOxi-0QqiaJWm
>> 44xo9PuDhAt%2Br8wxA%40mail.gmail.com.
>>
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P8RVBDrHjwNwMcTb2NaSt_xZL4HHWB%3D6upvDW21%3DrHTeg%40mail.gmail.com.

Re: [cas-user] Cas - Unauthorized

Reply via email to