Ramakrishna,
This sounds like slow ticket replication. Does redis sentinel have multiple
stores?
If you set nginx to be sticky, will validation succeed?
Check your cas logs to see if the ticket is being validated. I think the cas
client tries to validate the ticket using https.
You could simplify your config:
location /cas
{
proxy_pass http://cas.server/cas
}
Ray
On Fri, 2018-08-03 at 22:28 +0530, Ramakrishna G wrote:
Hello all,
I am using Mod_auth_cas and HA- Cas server behind a loadbalancer.
Whenever I set CASValidateURL to one of the cas servers it works fine. But when
I send to cas via NGINX server then it says "Unauthorized error" in browser.
My Nginx has
location /cas/login
{
proxy_pass http://cas_server/cas/login;
}
location /cas/serviceValidate
{
proxy_pass http://cas_server/cas/serviceValidate;
}
location /secured
{
proxy_pass
http://<http://cas_server/cas>application_servers/api/services;
}
My cas.conf has
LoadModule auth_cas_module modules/mod_auth_cas.so
CASCertificatePath /etc/pki/tls/certs/
CASCookiePath /var/cache/mod_auth_cas/
CASLoginURL http://localhost:81/cas/login // Works fine
CASValidateURL http://localhost:81/cas/serviceValidate // Pointing to NGINX
#CASValidateURL http://localhost:8080/cas/serviceValidate // Pointing to one
of the cas server - Works fine
CASDebug On
LogLevel debug
No error as well. I am not sure where I am going wrong.
Can anyone help please.
Thanks
Ramakrishna G
--
Ray Bon
Programmer analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca.
