Hi Everyone,
I am currently trying to create a client application for my cas server
using Apache2 on ubuntu 20.04 LTS.
But at this time I encountered an obstacle. After successfully logging in
using sso cas. The following problems arise:
//
Unauthorized
This server could not verify that you are authorized to access the document
requested. Either you supplied the wrong credentials (e.g., bad password),
or your browser doesn't understand how to supply the credentials required.
Apache / 2.4.41 (Ubuntu) Server at cas.example.org Port 80
//
Is there a cas configuration that I missed?
Here is the configuration I have made on my server. I hope this helps make
it easier to answer this question.
Apache / 2.4.41 (Ubuntu) Server at cas.example.org Port 80
//
Is there a cas configuration that I missed?
Here is the configuration I have made on my server. I hope this helps make
it easier to answer this question.
-----------------------------------------------------------
Service Registry Files
(/etc/cas/services/ApacheSecuredByCAS-1609235681.json) :
{
"@class" : "org.apereo.cas.services.RegexRegisteredService",
"serviceId":"^http://cas.example.org/secured-by-cas";,
"name" : "Apache",
"id" : 1609235681,
"evaluationOrder" : 1,
"authenticationPolicy" : {
"@class" :
"org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy",
"requiredAuthenticationHandlers" : ["java.util.TreeSet", [ "Radius" ]]
}
}
-------------------
cas.properties (/etc/cas/config) :
cas.server.name=https://cas.example.org:8443
cas.server.prefix=${cas.server.name}/cas
logging.config=file:/etc/cas/config/log4j2.xml
cas.service-registry.json.location=file:/etc/cas/services
cas.authn.accept.users=
#cas.authn.accept.enabled=
server.port = 8443
#cas.adminPagesSecurity.ip=127\.0\.0\.1
# SSL
server.ssl.enabled=true
server.ssl.keyStore=file:/etc/cas/thekeystore
server.ssl.keyStorePassword=changeit
server.ssl.keyPassword=changeit
# AUTHENTICATION PROPERTIES
#cas.authn.radius.server.nasIpAddress=192.168.1.2
#EAP_MSCHAPv2
cas.authn.radius.name=Radius
cas.authn.radius.server.protocol=PAP
cas.authn.radius.server.retries=1
cas.authn.radius.client.authenticationPort=1812
cas.authn.radius.client.sharedSecret=casserver
cas.authn.radius.client.inetAddress=192.168.56.2
cas.authn.radius.client.accountingPort=1813
# TICKETING PROPERTIES
# Enable the backing map to be cacheable
cas.ticket.registry.in-memory.cache=true
cas.ticket.registry.in-memory.load-factor=1
cas.ticket.registry.in-memory.concurrency=20
cas.ticket.registry.in-memory.initial-capacity=1000
---------------
Dependencies (build.gradle) :
dependencies {
// Other CAS dependencies/modules may be listed here...
implementation
"org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}"
implementation
"org.apereo.cas:cas-server-support-radius:${project.'cas.version'}"
}
---------
APACHE2 CONFIG (/etc/apache2) (I'm not using httpd)
auth_cas.conf :
<IfModule mod_auth_cas.c>
CASLoginUrl https://localhost:8443/cas/login
CASValidateUrl https://localhost:8443/cas/serviceValidate
CASCookiePath /var/cache/apache2/mod_auth_cas/
CASSSOEnabled On
CASDebug On
logLevel Debug
</IfModule>
/etc/apache2/sites-enabled/000-default.conf :
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerName cas.example.org
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
# LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<location /secured-by-cas> // I've been change to <Directory
"/var/www/html/secured-by-cas"> but still same.
<IfModule mod_auth_cas.c>
AuthType CAS
CASAuthNHeader On
</IfModule>
Require valid-user
</location>
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
------------------------------------
I hope you guys understand about this email, im not that good english guys.
Than you,
Irvan
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ef1f5ad5-fe94-46bd-88b8-a6ef9f734d64n%40apereo.org.
