Arti,
I use a stand alone tomcat to run cas. Out of habit, I restart tomcat for all
changes to cas.
Does gradlew know to use that cert?
Here is a section of my server.xml.
<Connector port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/home/uvtomcat/config/thekeystore"
clientAuth="false" sslProtocol="TLS">
</Connector>
Ray
On Wed, 2021-01-06 at 13:59 +0530, arti wavale wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello Ray Bon,
I am using CASValidateUrl correctly and I have copied the server certificate
from /etc/cas/config/cas.crt to /etc/ssl/certs/cas.crt on the client side.
But cas.war is not uploaded properly in apache tomcat and first I need to stop
tomcat service then successfully run command " ./gradlew run " for cas V 6.2.
So how can I configure the cas.war file in apache tomcat on the server system.
Please give a solution on it.
Thanks and Regards
Arti
On Tue, Jan 5, 2021 at 5:50 AM Ray Bon <[email protected]<mailto:[email protected]>>
wrote:
Arti,
Since there is no ticket validation in the cas log, it means that
apache/mod_auth_cas is not able to send the ticket for validation. Either it is
sending to the wrong url (verify CASValidateUrl) or it can not find cas.crt or
cas/tomcat is not using cas.crt.
Did you copy your certificate from /etc/cas/config/cas.crt to
/etc/ssl/certs/cas.crt.
Does your apache access.log show the correct redirect with the ST-1-... ?
Did you configure tomcat with your certificate?
When you browse to https://server/cas/login, you should receive a prompt about
an unverified certificate. Click advanced and view certificate to make sure it
is the one you have added to apache config.
If apache has its own self signed cert, it will need to be added to cacerts too.
Ray
On Mon, 2020-12-21 at 08:14 -0800, arti wavale wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello,
Created certificate using following command:
1] keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore
/etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME
2] keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore
-alias cas
3] sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore
/usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts
Cas.properties:
cas.server.name<http://cas.server.name>=https://xxxxxxx:8443
cas.server.prefix=${cas.server.name<http://cas.server.name>}/cas
logging.config=file:/etc/cas/config/log4j2.xml
cas.service-registry.initFromJson=true
cas.service-registry.json.location=file:/etc/cas/services
cas.tgc.secure:true
cas.tgc.crypto.signing.key:xxxxxxx
cas.tgc.crypto.encryption.key:xxxx
cas.webflow.crypto.signing.key:xxxx
cas.webflow.crypto.encryption.key:xxx
cas.authn.accept.users=
cas.authn.ldap[0].order=0
cas.authn.ldap[0].name=
cas.authn.ldap[0].type=AUTHENTICATED
cas.authn.ldap[0].ldapUrl=ldap://localhost
#cas.authn.ldap[0].useSsl=false
#cas.authn.ldap[0].useStartTls=false
cas.authn.ldap[0].connectTimeout=50000
cas.authn.ldap[0].subtreeSearch=true
cas.authn.ldap[0].validatePeriod=270
cas.authn.ldap[0].searchFilter=cn={user}
cas.authn.ldap[0].baseDn=dc=cyberforza,dc=com
cas.authn.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com
cas.authn.ldap[0].bindCredential=administrator
cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail
# LDAP Pooling
cas.authn.ldap[0].minPoolSize=3
cas.authn.ldap[0].maxPoolSize=50
cas.authn.ldap[0].validateOnCheckout=true
cas.authn.ldap[0].validatePeriodically=true
cas.authn.ldap[0].validatePeriod=600
cas.authn.ldap[0].failFast=true
cas.authn.ldap[0].idleTime=5000
cas.authn.ldap[0].prunePeriod=5000
cas.authn.ldap[0].blockWaitTime=5000
#cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.ldap[0].allowMultipleDns=false
# Attribute repository settings
cas.authn.attribute-repository.expirationTime=30
cas.authn.attribute-repository.expirationTimeUnit=MINUTES
cas.authn.attribute-repository.maximumCacheSize=10000
cas.authn.attribute-repository.merger=ADD
cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://localhost
cas.authn.attribute-repository.ldap[0].searchFilter=cn={user}
cas.authn.attribute-repository.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com
cas.authn.attribute-repository.ldap[0].bindCredential=administrator
cas.authn.attribute-repository.ldap[0].attributes.cn<http://attributes.cn>=cn
cas.authn.attribute-repository.ldap[0].attributes.displayName=displayName
cas.authn.attribute-repository.ldap[0].attributes.givenName=givenName
cas.authn.attribute-repository.ldap[0].attributes.mail=mail
cas.authn.attribute-repository.ldap[0].attributes.sn<http://attributes.sn>=sn
cas.authn.attribute-repository.ldap[0].attributes.employeeNumber=employeeNumber
cas.authn.attribute-repository.ldap[0].attributes.uid=uid
I am facing issue to connect and transfer user data from cas 6.2 to
mod_auth_cas apache client.
How to create certificate in cas server 6.2 and which certificate need to pass
from server to client.
Build and Run command for server:
1] ./gradlew build
2] ./gradlew build jibDockerBuild
3] ./gradlew run
mod_auth_cas apache client:
CASLoginUrl https://cas.example.com/cas/login
#CASValidateUrl https://cas.example.com/cas/serviceValidate
CASValidateUrl https://cas.example.com/cas/samlValidate
CASCookiePath /var/cache/apache2/mod_auth_armor/
CASRootProxiedAs https://cas.client.com
CASValidateSAML On
CASSSOEnabled On
CASDebug On
CASVersion 2
LogLevel debug
CASCertificatePath /etc/ssl/certs/cas.crt
<Directory "/var/www/html/secured-by-cas">
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</Directory>
Please guide me to connect cas server 6.2 and mod_auth_cas apache client.
Thanks and Regards
Arti
On Tuesday, December 8, 2020 at 9:51:47 PM UTC+5:30 Ray Bon wrote:
Arti,
You can paste the text of your config into the email.
If you are using self signed certs, either use the same one in both cas and
apache or add each cert to the other server.
Ray
On Tue, 2020-12-08 at 05:16 -0800, arti wavale wrote:
Notice: This message was sent from outside the University of Victoria email
system. Please be cautious with links and sensitive information.
Hello C Ryan,
I have created a detail document and I have mention each and every main step in
cas 6.2 server side and mod auth cas apache cas client side. Please find the
attachment.
I do not understood how can I create a certificate and how to pass data from
server to client .
Please guide me on it
Thanks and Regards
Arti
On Tuesday, December 8, 2020 at 12:53:57 AM UTC+5:30 C Ryan wrote:
Arti,
So first of all there is ton's of log information available to you, but you've
shared none of it. So it's hard to see where you have issues.
However for mod_auth_cas you've defined the variables for it all fine. But the
example you have given does not indicate you've told Apache to use it at all.
As found in the man info for that module
https://github.com/apereo/mod_auth_cas, you need to implement the Auth module.
<Location /secured>
Authtype CAS
Require valid-user
</Location>
Hope this helps.
Colin
On 12/7/20 1:14 PM, arti wavale wrote:
Hello all,
I am facing issue to connect and transfer user data from cas 6.2 to
mod_auth_cas apache client.
How to create certificate in cas server 6.2 and which certificate need to pass
from server to client.
Build and Run command for server:
1] ./gradlew build
2] ./gradlew build jibDockerBuild
3] ./gradlew run
mod_auth_cas apache client:
CASLoginUrl https://cas.example.com/cas/login
#CASValidateUrl https://cas.example.com/cas/serviceValidate
CASValidateUrl https://cas.example.com/cas/samlValidate
CASCookiePath /var/cache/apache2/mod_auth_armor/
CASRootProxiedAs https://cas.client.com
CASValidateSAML On
CASSSOEnabled On
CASDebug On
CASVersion 2
LogLevel debug
CASCertificatePath /etc/ssl/certs/casrdev.crt
Please guide me to connect cas server 6.2 and mod_auth_cas apache client.
Thanks and Regards
Arti
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d66fd910ccc95ea9903a0203068329876f4e065.camel%40uvic.ca.
