Hello, Created certificate using following command: 1] keytool -genkey -alias cas -keyalg RSA -validity 999 -keystore /etc/cas/thekeystore -ext san=dns:$REPLACE_WITH_FULL_MACHINE_NAME 2] keytool -export -file /etc/cas/config/cas.crt -keystore /etc/cas/thekeystore -alias cas 3] sudo keytool -import -file /etc/cas/config/cas.crt -alias cas -keystore /usr/lib/jvm/java-1.11.0-openjdk-amd64/lib/security/cacerts
*Cas.properties:* cas.server.name=https://xxxxxxx:8443 cas.server.prefix=${cas.server.name}/cas logging.config=file:/etc/cas/config/log4j2.xml cas.service-registry.initFromJson=true cas.service-registry.json.location=file:/etc/cas/services cas.tgc.secure:true cas.tgc.crypto.signing.key:xxxxxxx cas.tgc.crypto.encryption.key:xxxx cas.webflow.crypto.signing.key:xxxx cas.webflow.crypto.encryption.key:xxx cas.authn.accept.users= cas.authn.ldap[0].order=0 cas.authn.ldap[0].name= cas.authn.ldap[0].type=AUTHENTICATED cas.authn.ldap[0].ldapUrl=ldap://localhost #cas.authn.ldap[0].useSsl=false #cas.authn.ldap[0].useStartTls=false cas.authn.ldap[0].connectTimeout=50000 cas.authn.ldap[0].subtreeSearch=true cas.authn.ldap[0].validatePeriod=270 cas.authn.ldap[0].searchFilter=cn={user} cas.authn.ldap[0].baseDn=dc=cyberforza,dc=com cas.authn.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.ldap[0].bindCredential=administrator cas.authn.ldap[0].principalAttributeList=memberOf,uid,cn,mail # LDAP Pooling cas.authn.ldap[0].minPoolSize=3 cas.authn.ldap[0].maxPoolSize=50 cas.authn.ldap[0].validateOnCheckout=true cas.authn.ldap[0].validatePeriodically=true cas.authn.ldap[0].validatePeriod=600 cas.authn.ldap[0].failFast=true cas.authn.ldap[0].idleTime=5000 cas.authn.ldap[0].prunePeriod=5000 cas.authn.ldap[0].blockWaitTime=5000 #cas.authn.ldap[0].providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.ldap[0].allowMultipleDns=false # Attribute repository settings cas.authn.attribute-repository.expirationTime=30 cas.authn.attribute-repository.expirationTimeUnit=MINUTES cas.authn.attribute-repository.maximumCacheSize=10000 cas.authn.attribute-repository.merger=ADD cas.authn.attribute-repository.ldap[0].ldapUrl=ldap://localhost cas.authn.attribute-repository.ldap[0].searchFilter=cn={user} cas.authn.attribute-repository.ldap[0].bindDn=cn=admin,dc=cyberforza,dc=com cas.authn.attribute-repository.ldap[0].bindCredential=administrator cas.authn.attribute-repository.ldap[0].attributes.cn=cn cas.authn.attribute-repository.ldap[0].attributes.displayName=displayName cas.authn.attribute-repository.ldap[0].attributes.givenName=givenName cas.authn.attribute-repository.ldap[0].attributes.mail=mail cas.authn.attribute-repository.ldap[0].attributes.sn=sn cas.authn.attribute-repository.ldap[0].attributes.employeeNumber=employeeNumber cas.authn.attribute-repository.ldap[0].attributes.uid=uid *I am facing issue to connect and transfer user data from cas 6.2 to mod_auth_cas apache client.* *How to create certificate in cas server 6.2 and which certificate need to pass from server to client.* *Build and Run command for server:* 1] ./gradlew build 2] ./gradlew build jibDockerBuild 3] ./gradlew run mod_auth_cas apache client: CASLoginUrl https://cas.example.com/cas/login #CASValidateUrl https://cas.example.com/cas/serviceValidate CASValidateUrl https://cas.example.com/cas/samlValidate CASCookiePath /var/cache/apache2/mod_auth_armor/ CASRootProxiedAs https://cas.client.com CASValidateSAML On CASSSOEnabled On CASDebug On CASVersion 2 LogLevel debug CASCertificatePath /etc/ssl/certs/cas.crt <Directory "/var/www/html/secured-by-cas"> <IfModule mod_auth_cas.c> AuthType CAS CASAuthNHeader On </IfModule> Require valid-user </Directory> Please guide me to connect cas server 6.2 and mod_auth_cas apache client. Thanks and Regards Arti On Tuesday, December 8, 2020 at 9:51:47 PM UTC+5:30 Ray Bon wrote: > Arti, > > You can paste the text of your config into the email. > > If you are using self signed certs, either use the same one in both cas > and apache or add each cert to the other server. > > Ray > > On Tue, 2020-12-08 at 05:16 -0800, arti wavale wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello C Ryan, > > I have created a detail document and I have mention each and every main > step in cas 6.2 server side and mod auth cas apache cas client side. Please > find the attachment. > > I do not understood how can I create a certificate and how to pass data > from server to client . > > Please guide me on it > > Thanks and Regards > Arti > > On Tuesday, December 8, 2020 at 12:53:57 AM UTC+5:30 C Ryan wrote: > > Arti, > > > So first of all there is ton's of log information available to you, but > you've shared none of it. So it's hard to see where you have issues. > > However for mod_auth_cas you've defined the variables for it all fine. But > the example you have given does not indicate you've told Apache to use it > at all. > > As found in the man info for that module > https://github.com/apereo/mod_auth_cas, you need to implement the Auth > module. > > <Location /secured> > > Authtype CAS > > Require valid-user > > </Location> > > > Hope this helps. > > Colin > On 12/7/20 1:14 PM, arti wavale wrote: > > > Hello all, > > I am facing issue to connect and transfer user data from cas 6.2 to > mod_auth_cas apache client. > > How to create certificate in cas server 6.2 and which certificate need to > pass from server to client. > > Build and Run command for server: > 1] ./gradlew build > 2] ./gradlew build jibDockerBuild > 3] ./gradlew run > > mod_auth_cas apache client: > > CASLoginUrl https://cas.example.com/cas/login > #CASValidateUrl https://cas.example.com/cas/serviceValidate > CASValidateUrl https://cas.example.com/cas/samlValidate > CASCookiePath /var/cache/apache2/mod_auth_armor/ > CASRootProxiedAs https://cas.client.com > CASValidateSAML On > CASSSOEnabled On > CASDebug On > CASVersion 2 > LogLevel debug > CASCertificatePath /etc/ssl/certs/casrdev.crt > > Please guide me to connect cas server 6.2 and mod_auth_cas apache client. > > Thanks and Regards > Arti > > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ecf455b-80b0-4a93-ad09-e9d2f92ce0a9n%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ecf455b-80b0-4a93-ad09-e9d2f92ce0a9n%40apereo.org?utm_medium=email&utm_source=footer> > . > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/b2541805-b896-4634-90b8-77260da1f28cn%40apereo.org.
