Arti, Since there is no ticket validation in the cas log, it means that apache/mod_auth_cas is not able to send the ticket for validation. Either it is sending to the wrong url (verify CASValidateUrl) or it can not find cas.crt or cas/tomcat is not using cas.crt.
Did you copy your certificate from /etc/cas/config/cas.crt to /etc/ssl/certs/cas.crt. Does your apache access.log show the correct redirect with the ST-1-... ? Did you configure tomcat with your certificate? When you browse to https://server/cas/login, you should receive a prompt about an unverified certificate. Click advanced and view certificate to make sure it is the one you have added to apache config. If apache has its own self signed cert, it will need to be added to cacerts too. Ray On Mon, 2020-12-21 at 08:14 -0800, arti wavale wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello, Created certificate using following command: 1] keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME 2] keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas 3] sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts Cas.properties: cas.server.name=https://xxxxxxx:8443 cas.server.prefix=${cas.server.name}/cas logging.config=file:/etc/cas/config/log4j2.xml cas.service-registry.initFromJson=true cas.service-registry.json.location=file:/etc/cas/services cas.tgc.secure:true cas.tgc.crypto.signing.key:xxxxxxx cas.tgc.crypto.encryption.key:xxxx cas.webflow.crypto.signing.key:xxxx cas.webflow.crypto.encryption.key:xxx cas.authn.accept.users= cas.authn.ldap[0].order=0 cas.authn.ldap[0].name= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://localhost #cas.authn.ldap[0].useSsl=false #cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=50000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].validatePeriod=270 cas.authn.ldap[0].searchFilter=cn={user} cas.authn.ldap[0].baseDn=dc=cyberforza,dc=com cas.authn.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.ldap[0].bindCredential=administrator cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail # LDAP Pooling cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=50 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=600 cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=5000 cas.authn.ldap[0].prunePeriod=5000 cas.authn.ldap[0].blockWaitTime=5000 #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].allowMultipleDns=false # Attribute repository settings cas.authn.attribute-repository.expirationTime=30 cas.authn.attribute-repository.expirationTimeUnit=MINUTES cas.authn.attribute-repository.maximumCacheSize=10000 cas.authn.attribute-repository.merger=ADD cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://localhost cas.authn.attribute-repository.ldap[0].searchFilter=cn={user} cas.authn.attribute-repository.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.attribute-repository.ldap[0].bindCredential=administrator cas.authn.attribute-repository.ldap[0].attributes.cn=cn cas.authn.attribute-repository.ldap[0].attributes.displayName=displayName cas.authn.attribute-repository.ldap[0].attributes.givenName=givenName cas.authn.attribute-repository.ldap[0].attributes.mail=mail cas.authn.attribute-repository.ldap[0].attributes.sn=sn cas.authn.attribute-repository.ldap[0].attributes.employeeNumber=employeeNumber cas.authn.attribute-repository.ldap[0].attributes.uid=uid I am facing issue to connect and transfer user data from cas 6.2 to mod_auth_cas apache client. How to create certificate in cas server 6.2 and which certificate need to pass from server to client. Build and Run command for server: 1] ./gradlew build 2] ./gradlew build jibDockerBuild 3] ./gradlew run mod_auth_cas apache client: CASLoginUrl https://cas.example.com/cas/login #CASValidateUrl https://cas.example.com/cas/serviceValidate CASValidateUrl https://cas.example.com/cas/samlValidate CASCookiePath /var/cache/apache2/mod_auth_armor/ CASRootProxiedAs https://cas.client.com CASValidateSAML On CASSSOEnabled On CASDebug On CASVersion 2 LogLevel debug CASCertificatePath /etc/ssl/certs/cas.crt <Directory "/var/www/html/secured-by-cas"> <IfModule mod_auth_cas.c> AuthType CAS CASAuthNHeader On </IfModule> Require valid-user </Directory> Please guide me to connect cas server 6.2 and mod_auth_cas apache client. Thanks and Regards Arti On Tuesday, December 8, 2020 at 9:51:47 PM UTC+5:30 Ray Bon wrote: Arti, You can paste the text of your config into the email. If you are using self signed certs, either use the same one in both cas and apache or add each cert to the other server. Ray On Tue, 2020-12-08 at 05:16 -0800, arti wavale wrote: Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information. Hello C Ryan, I have created a detail document and I have mention each and every main step in cas 6.2 server side and mod auth cas apache cas client side. Please find the attachment. I do not understood how can I create a certificate and how to pass data from server to client . Please guide me on it Thanks and Regards Arti On Tuesday, December 8, 2020 at 12:53:57 AM UTC+5:30 C Ryan wrote: Arti, So first of all there is ton's of log information available to you, but you've shared none of it. So it's hard to see where you have issues. However for mod_auth_cas you've defined the variables for it all fine. But the example you have given does not indicate you've told Apache to use it at all. As found in the man info for that module https://github.com/apereo/mod_auth_cas, you need to implement the Auth module. <Location /secured> Authtype CAS Require valid-user </Location> Hope this helps. Colin On 12/7/20 1:14 PM, arti wavale wrote: Hello all, I am facing issue to connect and transfer user data from cas 6.2 to mod_auth_cas apache client. How to create certificate in cas server 6.2 and which certificate need to pass from server to client. Build and Run command for server: 1] ./gradlew build 2] ./gradlew build jibDockerBuild 3] ./gradlew run mod_auth_cas apache client: CASLoginUrl https://cas.example.com/cas/login #CASValidateUrl https://cas.example.com/cas/serviceValidate CASValidateUrl https://cas.example.com/cas/samlValidate CASCookiePath /var/cache/apache2/mod_auth_armor/ CASRootProxiedAs https://cas.client.com CASValidateSAML On CASSSOEnabled On CASDebug On CASVersion 2 LogLevel debug CASCertificatePath /etc/ssl/certs/casrdev.crt Please guide me to connect cas server 6.2 and mod_auth_cas apache client. Thanks and Regards Arti -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | [email protected]<mailto:[email protected]> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cf154bf3d1b20e788e23f290e7e3c71d53605e5b.camel%40uvic.ca.
