Marvin, Re #1: Yes, I have not bothered yet with the attributes and what I need to do in order to release them As I cannot make the request succeed I figured I have no chance to verify that whatever I do to make the attributes available is working or not. But maybe that is what confuses mod_auth_cas or the SAML validation?
I will build and deploy your modified version of the module later today and report back. Re #2: Indeed we can see an odd request for /favicon.ico that that is redirected via CAS. But not all the time. CSS and JS I don't see redirected. The CSS and JS that is in the log I posted is that of CAS itself. Is it not? Thanks and regards Ralf ________________________________________ From: Marvin Addison [[email protected]] Sent: Monday, August 26, 2013 14:39 To: [email protected] Subject: Re: [cas-user] SAML Ticket Validation > OK. Here we go... Something indeed seems to be wrong with mod_auth_cas. With > every http request for SAML validation I get one or more segfaults in the > apache default error.log. Two observations about the logs you shared: 1. You're getting a successful SAML ticket validation response. 2. Looks like you're getting redirected to CAS for resources (JS, CSS, favicon) other than your application entry point HTML page. There's nothing strictly wrong with #2 per se, but it makes reading the logs much harder and it's relatively less efficient. It would be interesting to have some logging to indicate successful parsing of attributes, but I don't see an AttributeResponse in the SAML message, which indicates you haven't configured CAS for attribute release or you haven't allowed attributes to be released in the service manager. I have a patched version you can use that provides additional attribute logging, https://github.com/serac/mod_auth_cas/tree/attr-logging, which you may find helpful. In my experience most problems are in parsing the XML; it would be reassuring to know you're getting past that part. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
