Ok I have figured out the issue. I needed to setup HTTPS for apache to be able to see the logs and when I installed HTTPS for apache I saw the 401 Authorization problem which was related to SSL certificate non CA . So what I did to fix the issue was to open up mod_auth.cas.c file and replace this line:
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 1L); with curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE); and bingo. It fixed the issue. On Saturday, October 1, 2016 at 12:52:25 PM UTC-7, pouria Mahmoudi wrote: > > Hi, > I setup apache httpd (2.2.15) and tomcat 8 and also downloaded cas server > war file as explained in this document: > > https://www.howtoforge.com/how-to-set-up-apache-tomcat-mod_jk-sso-cas-mod_auth_cas > > Everything was good, so when I try to access a secured page, I correctly > redirected to CAS server, but when I enter user/pass and expected to see > the secured pages, I see "401 Authorization Required" page. > > There is not much helpful information in the apache log, neither in cas > server. however I added the log here: > > CAS server log: > > 2016-10-01 12:43:47,648 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-2-icfYsgQpiaNi4qC5oPC1-its.cas] for service [ > http://localhost/examples/] for user [casuser]> > 2016-10-01 12:43:47,648 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: casuser > WHAT: ST-2-icfYsgQpiaNi4qC5oPC1-its.cas for http://localhost/examples/ > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Sat Oct 01 12:43:47 PDT 2016 > CLIENT IP ADDRESS: 0:0:0:0:0:0:0:1 > SERVER IP ADDRESS: 0:0:0:0:0:0:0:1 > ============================================================= > > > Apache httpd log: > > error_log: > > [Sat Oct 01 12:35:02 2016] [notice] SELinux policy enabled; httpd running > as context unconfined_u:system_r:httpd_t:s0 > [Sat Oct 01 12:35:02 2016] [notice] suEXEC mechanism enabled (wrapper: > /usr/sbin/suexec) > [Sat Oct 01 12:35:02 2016] [notice] Digest: generating secret for digest > authentication ... > [Sat Oct 01 12:35:02 2016] [notice] Digest: done > [Sat Oct 01 12:35:02 2016] [info] APR LDAP: Built with OpenLDAP LDAP SDK > [Sat Oct 01 12:35:02 2016] [info] LDAP: SSL support available > [Sat Oct 01 12:35:02 2016] [warn] ./mod_dnssd.c: No services found to > register > [Sat Oct 01 12:35:02 2016] [notice] Apache/2.2.15 (Unix) DAV/2 > mod_jk/1.2.32 SVN/1.6.11 configured -- resuming normal operations > [Sat Oct 01 12:35:02 2016] [info] Server built: Jul 18 2016 15:24:00 > > access_log: > ::1 - - [01/Oct/2016:12:43:39 -0700] "GET /examples/ HTTP/1.1" 302 336 "-" > "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" > ::1 - - [01/Oct/2016:12:43:47 -0700] "GET > /examples/?ticket=ST-2-icfYsgQpiaNi4qC5oPC1-its.cas HTTP/1.1" 401 476 "-" > "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0" > > > I am really confused. Any help will be much appreciated. > > > This is cas.config: > > LoadModule auth_cas_module /usr/lib64/httpd/modules/mod_auth_cas.so > CASCookiePath /var/cache/httpd/mod_auth_cas/ > CASLoginURL https://localhost:9443/cas/login > CASValidateURL https://localhost:9443/cas/serviceValidate > <Location /examples> > AuthType CAS > require valid-user > </Location> > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/9a936356-1d94-41c0-a95e-7d2f9d0f6e49%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
