Ray, Can you please elaborate this "If you set nginx to be sticky, will validation succeed?" Any example for this.
Also in cas logs I could see ticket was not validated when I go through NGINX Thanks Ramakrishna G On Fri, Aug 3, 2018 at 11:02 PM, Ray Bon <[email protected]> wrote: > Ramakrishna, > > This sounds like slow ticket replication. Does redis sentinel have > multiple stores? > If you set nginx to be sticky, will validation succeed? > > Check your cas logs to see if the ticket is being validated. I think the > cas client tries to validate the ticket using https. > > You could simplify your config: > location /cas > { > proxy_pass http://cas.server/cas > } > > Ray > > On Fri, 2018-08-03 at 22:28 +0530, Ramakrishna G wrote: > > Hello all, > > I am using Mod_auth_cas and HA- Cas server behind a loadbalancer. > > > Whenever I set CASValidateURL to one of the cas servers it works fine. But > when I send to cas via NGINX server then it says "Unauthorized error" in > browser. > > My Nginx has > > location /cas/login > { > proxy_pass http://cas_server/cas/login; > } > > location /cas/serviceValidate > { > proxy_pass http://cas_server/cas/serviceValidate; > } > > location /secured > { > proxy_pass http:// <http://cas_server/cas>application > _servers/api/services; > } > > > My cas.conf has > > LoadModule auth_cas_module modules/mod_auth_cas.so > CASCertificatePath /etc/pki/tls/certs/ > CASCookiePath /var/cache/mod_auth_cas/ > CASLoginURL http://localhost:81/cas/login // Works fine > CASValidateURL http://localhost:81/cas/serviceValidate // Pointing to > NGINX > #CASValidateURL http://localhost:8080/cas/serviceValidate // Pointing to > one of the cas server - Works fine > CASDebug On > LogLevel debug > > No error as well. I am not sure where I am going wrong. > > Can anyone help please. > > Thanks > Ramakrishna G > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1533317546.2860.92.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAGST5P9BTNQHqRqeZOqC-3%2Bv0H1-b3xDaMaiitq-87H_iSU_Pw%40mail.gmail.com.
