Phil, Never mind about the git path. Must be been a small network hiccup on my end. It downloaded fine.
Ben Branch Sun Administrator University of Central Oklahoma ITIL Foundation v3, Network+ 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> "If you wish to know your past, look at your present conditions. If you wish to know your future, look at your present actions." - Siddhartha Gautama From: phil.a...@gmail.com [mailto:phil.a...@gmail.com] On Behalf Of Phil Ames Sent: Wednesday, January 18, 2012 12:18 PM To: cas-user@lists.jasig.org Cc: Matt Smith Subject: Re: [cas-user] Configuring CAS to trust/replace Luminis CAS. On Wed, Jan 18, 2012 at 1:08 PM, Ben Branch <bbra...@uco.edu<mailto:bbra...@uco.edu>> wrote: Hello everyone, Recently after getting our CAS test infrastructure built, I was asked to see if it was possible for us to either replace our Luminis CAS implementation with an external CAS or build a trust between the too. We opted to try and build a trust between the two. To assist us with this, we found the following documentation: 1. CAS and Luminis 4: Using External/Central CAS - http://www.lumdev.net/node/3153 2. Trusting another CAS Server - http://www.usask.ca/docs/cas/trusting.html 3. Trusted Authentication Handler - https://wiki.jasig.org/display/CASUM/Trusted Document #1 advises us how to configure the Luminis CAS portion, which we have done and don't appear to be having any issues. Document #2 advises us to make a small change to the AJP 1.3 connector in Tomcat, and then compile the mod_auth_cas Apache module. This document also advises us how to configure apache to accept the CAS connections. Document #3 tells us how we should configure our Central CAS to trust other incoming CAS connections. Now for the problems... PROBLEM #1: Document #2 says that we need to compile the apache mod_auth_cas module. Not a problem. We download it, it appears to compile fine, but when we try to start apache with the module, I get the following error: Starting httpd: httpd: Syntax error on line 208 of /etc/httpd/conf/httpd.conf: Cannot load /etc/httpd/modules/mod_auth_cas.so into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: CRYPTO_THREADID_get_id_callback I went back and recompiled the module, this time I noticed something that I didn't catch before. ./configure output - http://pastebin.com/3xCG6x67 Make ; make install output - http://pastebin.com/DrMjgQK3 This is what caught my eye: mod_auth_cas.c: In function âcas_post_configâ: mod_auth_cas.c:2027: warning: implicit declaration of function âCRYPTO_THREADID_get_id_callbackâ mod_auth_cas.c:2027: warning: comparison between pointer and integer mod_auth_cas.c:2029: warning: implicit declaration of function âCRYPTO_THREADID_set_id_callbackâ Reviewing the Official CAS Clients on the JASIG site ( https://wiki.jasig.org/display/CASC/RPM+Modules ) reveals that this issue should have been resolved by an updated version of the mod_auth_cas module. I verified that I have downloaded this version, yet I am still getting the error. From the CHANGELOG: %changelog * Tue Nov 09 2011 <jehan.procac...@it-sudparis.eu<mailto:jehan.procac...@it-sudparis.eu>> - 1.0.9.1-1 - updated to mod_auth_cas-1.0.9.1.tar.gz - updated build centos from openssl-1.0.0-4.el6_0.2.i686 to openssl-1.0.0-10.el6_1.5.i688 + modified src/mod_auth_cas.h because of "mod_auth_cas.so: undefined symbol: CRYPTO_THREADID_get_id_callback" : /* https://issues.jasig.org/browse/MAS-47 */ #define CRYPTO_THREADID_get_id_callback() CRYPTO_THREADID_get_callback() #define CRYPTO_THREADID_set_id_callback(callback) CRYPTO_THREADID_set_callback(callback) Here is my version of OpenSSL: [root@pomona lib64]# rpm -q --file /usr/lib64/libssl.so.10 openssl-1.0.0-20.el6.x86_64 My version of Apache: [root@pomona sbin]# ./httpd -v Server version: Apache/2.2.15 (Unix) Server built: Oct 6 2011 11:06:33 [root@pomona sbin]# Sorry, this fix hasn't been included in a tagged release yet. Your best bet right now will be to git clone https://github.com/Jasig/mod_auth_cas.git and build from there. PROBLEM #2: Following the official JASIG documentation (Document #3 above) we were able to compile our war file with the cas-server-support-trusted artifact. We tried to configure the login webflow via the /WEB-INF/login-webflow.xml. We added the appropriate action-state as advised in the document. We found in the document that we needed to update 2 decision-states and 1 other action-state (gatewayRequestCheck, renewRequestCheck, and generateServiceTicket) from viewLoginForm to remoteAuthenticate. These 2 decision-states and the single action-state are not in the login-webflow.xml. Further in the documentation we need to modify the cas-servlet.xml. It advises us to add a bean into the authenticationManager and another one into the authenticationHandlers. We made all of the necessary changes and when we would try to access our login page, we would get an error stating that the service was unavailable. Reviewing the tomcat logs showed that we were getting Error 500 on /cas/login landing page. Additional review of the localhost logs showed the following: SEVERE: Servlet.service() for servlet [cas] in context with path [/cas] threw exception [Request processing failed; nested exception is org.springframework.webflow.definition.registry.FlowDefinitionConstructionException: An exception occurred constructing the flow 'login'] with root cause org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 'transistion'. One of '{"http://www.springframework.org/schema/webflow":evaluate, "http://www.springframework.org/schema/webflow":render, "http://www.springframework.org/schema/webflow":set, "http://www.springframework.org/schema/webflow":transition, "http://www.springframework.org/schema/webflow":on-exit, "http://www.springframework.org/schema/webflow":exception-handler}' is expected. at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195) at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384) at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:417) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3182) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1806) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.emptyElement(XMLSchemaValidator.java:725) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:377) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2756) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:648) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:511) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:808) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:119) at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:235) at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:284) at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:124) at org.springframework.webflow.engine.model.builder.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:113) at org.springframework.webflow.engine.model.builder.xml.XmlFlowModelBuilder.init(XmlFlowModelBuilder.java:113) at org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.assembleFlowModel(DefaultFlowModelHolder.java:87) at org.springframework.webflow.engine.model.builder.DefaultFlowModelHolder.getFlowModel(DefaultFlowModelHolder.java:61) at org.springframework.webflow.engine.builder.model.FlowModelFlowBuilder.doInit(FlowModelFlowBuilder.java:146) at org.springframework.webflow.engine.builder.support.AbstractFlowBuilder.init(AbstractFlowBuilder.java:46) at org.springframework.webflow.engine.builder.FlowAssembler.assembleFlow(FlowAssembler.java:90) at org.springframework.webflow.engine.builder.DefaultFlowHolder.assembleFlow(DefaultFlowHolder.java:109) at org.springframework.webflow.engine.builder.DefaultFlowHolder.getFlowDefinition(DefaultFlowHolder.java:84) at org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl.getFlowDefinition(FlowDefinitionRegistryImpl.java:61) at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:138) at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:193) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:790) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549) at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115) at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:405) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:964) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:515) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) I'm very uncertain where to go from here with this. The only way I was able to get my CAS back in working order was to revert all of my changes that I had made. Any help in this matter would be greatly appreciated. Ben Branch Sun Administrator University of Central Oklahoma ITIL Foundation v3, Network+ 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649<tel:405.974.2649> | M: 405.550.6804<tel:405.550.6804> | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> "If you wish to know your past, look at your present conditions. If you wish to know your future, look at your present actions." - Siddhartha Gautama **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** -This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: modauth...@gmail.com<mailto:modauth...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: bbra...@uco.edu<mailto:bbra...@uco.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user **Bronze+Blue=Green** The University of Central Oklahoma is Bronze, Blue, and Green! Please print this e-mail only if absolutely necessary! **CONFIDENTIALITY** This e-mail (including any attachments) may contain confidential, proprietary and privileged information. Any unauthorized disclosure or use of this information is prohibited. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user