On Thu, 12 Dec 2019 at 18:09, Alan S <[email protected]> wrote: > > Still wrestling with this, I'm now specifying just the serviceValidate > endpoint to remove any possible problems with SAML attribute delivery. My > Apache configuration now looks like this: > > LoadModule auth_cas_module /usr/lib/apache2/modules/mod_auth_cas.so > > CASCookiePath /var/cache/apache2/mod_auth_cas/ > CASLoginURL https://CAS_SERVER/cas/login > CASValidateURL https://CAS_SERVER/cas/serviceValidate > CASDebug On > > <LocationMatch ^/auth/> > AuthType CAS > AuthName "Autentication required" > CASAuthNHeader CAS-User > Require valid-user > </LocationMatch> > > My logs never show a response validation: > > [Thu Dec 12 16:54:20.821632 2019] [auth_cas:debug] [pid 20232] > mod_auth_cas.c(2675): entering check_vhost_config() > [Thu Dec 12 16:54:20.904208 2019] [auth_cas:debug] [pid 20233] > mod_auth_cas.c(2675): entering check_vhost_config() > [Thu Dec 12 16:54:29.432630 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(2159): [client CLIENT_IP:44734] Entering cas_authenticate() > [Thu Dec 12 16:54:29.432643 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(610): [client CLIENT_IP:44734] CAS Service > 'https%3a%2f%2fAPP_HOST%2fauth%2f' > [Thu Dec 12 16:54:29.432652 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(558): [client CLIENT_IP:44734] entering getCASLoginURL() > [Thu Dec 12 16:54:29.432663 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(535): [client CLIENT_IP:44734] entering getCASGateway() > [Thu Dec 12 16:54:29.432671 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(625): [client CLIENT_IP:44734] entering redirectRequest() > [Thu Dec 12 16:54:29.432681 2019] [auth_cas:debug] [pid 20238] > mod_auth_cas.c(637): [client CLIENT_IP:44734] Adding outgoing header: > Location: > https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:34.729642 2019] [auth_cas:debug] [pid 20235] > mod_auth_cas.c(2159): [client CLIENT_IP:44736] Entering cas_authenticate(), > referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:34.729659 2019] [auth_cas:debug] [pid 20235] > mod_auth_cas.c(682): [client CLIENT_IP:44736] Modified r->args (now ''), > referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:34.729749 2019] [auth_cas:debug] [pid 20235] > mod_auth_cas.c(1832): [client CLIENT_IP:44736] entering > getResponseFromServer(), referer: > https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:34.729853 2019] [auth_cas:debug] [pid 20235] > mod_auth_cas.c(610): [client CLIENT_IP:44736] CAS Service > 'https%3a%2f%2fAPP_HOST%2fauth%2f', referer: > https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:35.031085 2019] [auth_cas:debug] [pid 20236] > mod_auth_cas.c(2159): [client CLIENT_IP:44754] Entering cas_authenticate(), > referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:35.031100 2019] [auth_cas:debug] [pid 20236] > mod_auth_cas.c(682): [client CLIENT_IP:44754] Modified r->args (now ''), > referer: https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:35.031149 2019] [auth_cas:debug] [pid 20236] > mod_auth_cas.c(1832): [client CLIENT_IP:44754] entering > getResponseFromServer(), referer: > https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > [Thu Dec 12 16:54:35.031241 2019] [auth_cas:debug] [pid 20236] > mod_auth_cas.c(610): [client CLIENT_IP:44754] CAS Service > 'https%3a%2f%2fAPP_HOST%2fauth%2f', referer: > https://CAS_SERVER/cas/login?service=https%3a%2f%2fAPP_HOST%2fauth%2f > > Any idea what could be causing this "Secure Connection Failed" issue on a 5.3 > server connection? (I've tried connecting on the latest mod_auth_cas master > and v1.2 tag.)
I'd expect to see a CURL error or the validation response printed out. Are there any logs on your CAS server that show the service validation from mod_auth_cas? Can you ensure that you can "curl https://CAS_SERVER/cas/serviceValidate"; from the host running Apache and mod_auth_cas? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAgu-wBARiZuySW19_%2BrSOVdwN0YCpRssMjpiV-pWd8snzUfFA%40mail.gmail.com.
smime.p7s
Description: S/MIME Cryptographic Signature
