That's usually a certificate problem. Are you using a self-signed
certificate on the CAS server? If so, you need to have

CASCertificatePath    /etc/pki/tls/certs/casserver.crt

in the mod_auth_cas configuration.

--

DAVID A. CURRY, CISSP
*DIRECTOR OF INFORMATION SECURITY*
INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 212 229-5300 x4728 • david.cu...@newschool.edu

[image: The New School]


On Sun, Sep 23, 2018 at 3:00 AM Fahmi L. Ramdhani <
fahmilestianramdh...@gmail.com> wrote:

> Hello, all. I tried to build CAS server based on the guidelines from
> https://dacurry-tns.github.io/deploying-apereo-cas. In the trial phase my
> client application gets a problem:
>
>
>> *Unauthorized*This server could not verify that you are authorized to
>> access the document requested. Either you supplied the wrong credentials
>> (e.g., bad password), or your browser doesn't understand how to supply the
>> credentials required.
>
>
> This problem appears after logging in. The following configuration of the
> cas:
>
> *etc/cas/config/cas.properties*
> cas.server.name: https://cas.domain.com:8443
> cas.server.prefix: https://cas.domain.com:8443/cas
>
> cas.adminPagesSecurity.ip=127\.0\.0\.1
>
> cas.tgc.secure: true
> cas.tgc.crypto.signing.key: xxxxxxxx
> cas.tgc.crypto.encryption.key: xxxxxxxxxxxxxxxx
>
> cas.webflow.crypto.signing.key: xxxxxxxxxxxxxxxxxxxxxxxxx
> cas.webflow.crypto.encryption.key: xxxxxxxxxxxxxxxxxxxxxx
>
> cas.serviceRegistry.initFromJson: true
> cas.serviceRegistry.json.location: file:/etc/cas/services
>
> logging.config: file:/etc/cas/config/log4j2.xml
>
> *etc/cas/services/**HTTPSandIMAPSwildcard-1503925297.json*
>
> {
>   /*
>    * Wildcard service definition that applies to any https or imaps url.
>    * Do not use this definition in a production environment.
>    */
>   "@class" :            "org.apereo.cas.services.RegexRegisteredService",
>   "serviceId" :          "^(https|imaps)://.*",
>   "name" :              "HTTPS and IMAPS wildcard",
>   "id" :                1503925297,
>   "evaluationOrder" :   99999
> }
>
>
> *apache site virtualhost configuration*
> <VirtualHost *:443>
>         ServerName cas.domain.com
>         ServerAdmin ad...@domain.com
>
>         <Directory "/var/www/html">
>                 <IfModule mod_auth_cas.c>
>                         AuthType CAS
>                 </IfModule>
>                 Require valid-user
>         </Directory>
>
>         <IfModule mod_auth_cas.c>
>                 CASLoginUrl
> https://cas.domain.com:8443/cas/login
>                 CASValidateUrl        https://cas.domain
> .com:8443/cas/serviceValidate
>                 CASCookiePath         /var/cache/apache2/mod_auth_cas/
>                 CASSSOEnabled         On
>                 CASDebug              Off
>         </IfModule>
>
>         ErrorLog ${APACHE_LOG_DIR}/error.log
>         CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>         SSLCertificateFile /etc/pki/tls/certs/cas.crt
>         SSLCertificateKeyFile /etc/pki/tls/private/cas.key
> </VirtualHost>
>
>
> How to solve this problem? I hope anyone can provide a detailed solution
> about this. Thank you.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/b7cf7903-1f56-40e0-b177-d2bd67ee1eb8%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/b7cf7903-1f56-40e0-b177-d2bd67ee1eb8%40apereo.org?utm_medium=email&utm_source=footer>
> .
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAMZxXSdBr7bkbOVp1o8G8sE_8qiigsBcZB3yshS7%2B9v%2BA%40mail.gmail.com.

Reply via email to