Hello, Created certificate using following command: 1] keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME 2] keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas 3] sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts
*Cas.properties:* cas.server.name=https://xxxxxxx:8443 cas.server.prefix=${cas.server.name}/cas logging.config=file:/etc/cas/config/log4j2.xml cas.service-registry.initFromJson=true cas.service-registry.json.location=file:/etc/cas/services cas.tgc.secure:true cas.tgc.crypto.signing.key:xxxxxxx cas.tgc.crypto.encryption.key:xxxx cas.webflow.crypto.signing.key:xxxx cas.webflow.crypto.encryption.key:xxx cas.authn.accept.users= cas.authn.ldap[0].order=0 cas.authn.ldap[0].name= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://localhost #cas.authn.ldap[0].useSsl=false #cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=50000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].validatePeriod=270 cas.authn.ldap[0].searchFilter=cn={user} cas.authn.ldap[0].baseDn=dc=cyberforza,dc=com cas.authn.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.ldap[0].bindCredential=administrator cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail # LDAP Pooling cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=50 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=600 cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=5000 cas.authn.ldap[0].prunePeriod=5000 cas.authn.ldap[0].blockWaitTime=5000 #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].allowMultipleDns=false # Attribute repository settings cas.authn.attribute-repository.expirationTime=30 cas.authn.attribute-repository.expirationTimeUnit=MINUTES cas.authn.attribute-repository.maximumCacheSize=10000 cas.authn.attribute-repository.merger=ADD cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://localhost cas.authn.attribute-repository.ldap[0].searchFilter=cn={user} cas.authn.attribute-repository.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.attribute-repository.ldap[0].bindCredential=administrator cas.authn.attribute-repository.ldap[0].attributes.cn=cn cas.authn.attribute-repository.ldap[0].attributes.displayName=displayName cas.authn.attribute-repository.ldap[0].attributes.givenName=givenName cas.authn.attribute-repository.ldap[0].attributes.mail=mail cas.authn.attribute-repository.ldap[0].attributes.sn=sn cas.authn.attribute-repository.ldap[0].attributes.employeeNumber=employeeNumber cas.authn.attribute-repository.ldap[0].attributes.uid=uid *I am facing issue to connect and transfer user data from cas 6.2 to mod_auth_cas apache client.* *How to create certificate in cas server 6.2 and which certificate need to pass from server to client.* *Build and Run command for server:* 1] ./gradlew build 2] ./gradlew build jibDockerBuild 3] ./gradlew run mod_auth_cas apache client: CASLoginUrl https://cas.example.com/cas/login #CASValidateUrl https://cas.example.com/cas/serviceValidate CASValidateUrl https://cas.example.com/cas/samlValidate CASCookiePath /var/cache/apache2/mod_auth_armor/ CASRootProxiedAs https://cas.client.com CASValidateSAML On CASSSOEnabled On CASDebug On CASVersion 2 LogLevel debug CASCertificatePath /etc/ssl/certs/cas.crt <Directory "/var/www/html/secured-by-cas"> <IfModule mod_auth_cas.c> AuthType CAS CASAuthNHeader On </IfModule> Require valid-user </Directory> Please guide me to connect cas server 6.2 and mod_auth_cas apache client. Thanks and Regards Arti On Tuesday, December 8, 2020 at 9:51:47 PM UTC+5:30 Ray Bon wrote: > Arti, > > You can paste the text of your config into the email. > > If you are using self signed certs, either use the same one in both cas > and apache or add each cert to the other server. > > Ray > > On Tue, 2020-12-08 at 05:16 -0800, arti wavale wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello C Ryan, > > I have created a detail document and I have mention each and every main > step in cas 6.2 server side and mod auth cas apache cas client side. Please > find the attachment. > > I do not understood how can I create a certificate and how to pass data > from server to client . > > Please guide me on it > > Thanks and Regards > Arti > > On Tuesday, December 8, 2020 at 12:53:57 AM UTC+5:30 C Ryan wrote: > > Arti, > > > So first of all there is ton's of log information available to you, but > you've shared none of it. So it's hard to see where you have issues. > > However for mod_auth_cas you've defined the variables for it all fine. But > the example you have given does not indicate you've told Apache to use it > at all. > > As found in the man info for that module > https://github.com/apereo/mod_auth_cas, you need to implement the Auth > module. > > <Location /secured> > > Authtype CAS > > Require valid-user > > </Location> > > > Hope this helps. > > Colin > On 12/7/20 1:14 PM, arti wavale wrote: > > > Hello all, > > I am facing issue to connect and transfer user data from cas 6.2 to > mod_auth_cas apache client. > > How to create certificate in cas server 6.2 and which certificate need to > pass from server to client. > > Build and Run command for server: > 1] ./gradlew build > 2] ./gradlew build jibDockerBuild > 3] ./gradlew run > > mod_auth_cas apache client: > > CASLoginUrl https://cas.example.com/cas/login > #CASValidateUrl https://cas.example.com/cas/serviceValidate > CASValidateUrl https://cas.example.com/cas/samlValidate > CASCookiePath /var/cache/apache2/mod_auth_armor/ > CASRootProxiedAs https://cas.client.com > CASValidateSAML On > CASSSOEnabled On > CASDebug On > CASVersion 2 > LogLevel debug > CASCertificatePath /etc/ssl/certs/casrdev.crt > > Please guide me to connect cas server 6.2 and mod_auth_cas apache client. > > Thanks and Regards > Arti > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ecf455b-80b0-4a93-ad09-e9d2f92ce0a9n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ecf455b-80b0-4a93-ad09-e9d2f92ce0a9n%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2541805-b896-4634-90b8-77260da1f28cn%40apereo.org.
