[cas-user] CAS Authentication for DSpace 5.x behind a proxy

Shem Pasamba Sun, 27 Sep 2015 19:47:26 -0700

Hello,

I'm using Dspace 5.2 as an application server and patched it to enable CAS 
Login authentication.  When using an IP address (eg. 
https://cas-server.example.com/cas/login?service=https://172.16.0.1:8443/xmlui/cas-login)
 
the login works.  However when I put the app server behind an nginx proxy 
(eg. 
https://cas-server.example.com/cas/login?service=https://app-server.example.com/xmlui/cas-login
 
where https://app-server.example.com/xmlui/ 
<https://cas-server.example.com/cas/login?service=https://app-server.example.com/xmlui/cas-login>
 
points to 172.16.0.1:8443/xmlui/) it doesn't work.  It says 
Authentication Failed



I've looked at the logs and it outputs something like this:

2015-09-28 09:30:32,255 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/1/cas-login
2015-09-28 09:30:32,375 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/2/cas-login
2015-09-28 09:30:32,490 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/3/cas-login
2015-09-28 09:30:32,584 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/4/cas-login
2015-09-28 09:30:32,695 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:
 
ticket\colon; ST-31-oFW6L5IUb9m2Vifb0puT-172.32.0.31
2015-09-28 09:30:32,695 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:service\colon;
 
https\colon;//app-server.example.com/xmlui//cas-login
2015-09-28 09:30:32,695 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:CAS
 
ticket\colon; ST-31-oFW6L5IUb9m2Vifb0puT-172.32.0.31
2015-09-28 09:30:32,695 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:CAS
 
service\colon; https\colon;//app-server.example.com/xmlui//cas-login
2015-09-28 09:30:33,056 ERROR org.dspace.authenticate.CASAuthentication @ 
org.dspace.authenticate.CASAuthentication.authenticate(CASAuthentication.java:152)
2015-09-28 09:30:33,057 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:
 
ticket\colon; ST-31-oFW6L5IUb9m2Vifb0puT-172.32.0.31
2015-09-28 09:30:33,057 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:service\colon;
 
https\colon;//app-server.example.com/xmlui//cas-login
2015-09-28 09:30:33,057 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:CAS
 
ticket\colon; ST-31-oFW6L5IUb9m2Vifb0puT-172.32.0.31
2015-09-28 09:30:33,057 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:login:CAS
 
service\colon; https\colon;//app-server.example.com/xmlui//cas-login
2015-09-28 09:30:33,084 ERROR org.dspace.authenticate.CASAuthentication @ 
org.dspace.authenticate.CASAuthentication.authenticate(CASAuthentication.java:152)
2015-09-28 09:30:33,085 INFO  org.dspace.authenticate.LDAPAuthentication @ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:auth:attempting
 
trivial auth of user=null
2015-09-28 09:30:33,085 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil 
@ 
anonymous:session_id=4C8BFC564233F78B04C440B196DDC333:ip_addr=172.16.0.232:failed_login:email=null,
 
realm=null, result=5
2015-09-28 09:30:33,091 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/5/cas-login
2015-09-28 09:30:33,444 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/6/cas-login
2015-09-28 09:30:33,547 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/7/cas-login
2015-09-28 09:30:33,636 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/8/cas-login
2015-09-28 09:30:33,759 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/9/cas-login
2015-09-28 09:30:33,778 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/9/cas-login resolved to 
cocoon://DRI/9/cas-login?pipelinehash=-3983196624749804755
2015-09-28 09:30:33,784 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/8/cas-login resolved to 
cocoon://DRI/8/cas-login?pipelinehash=-6688634643225531088
2015-09-28 09:30:33,785 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/7/cas-login resolved to 
cocoon://DRI/7/cas-login?pipelinehash=-7904451038231442283
2015-09-28 09:30:33,785 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/6/cas-login resolved to 
cocoon://DRI/6/cas-login?pipelinehash=-4548287742655953408
2015-09-28 09:30:33,787 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/5/cas-login resolved to 
cocoon://DRI/5/cas-login?pipelinehash=-5710316335294949100
2015-09-28 09:30:33,788 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/4/cas-login resolved to cocoon://DRI/4/cas-login
2015-09-28 09:30:33,788 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/3/cas-login resolved to cocoon://DRI/3/cas-login
2015-09-28 09:30:33,789 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/2/cas-login resolved to cocoon://DRI/2/cas-login
2015-09-28 09:30:33,789 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
Source cocoon://DRI/1/cas-login resolved to cocoon://DRI/1/cas-login


172.16.0.232 is my proxy server and 172.32.0.31 is my computer.


And here's the log for a successful login:

2015-09-28 09:38:12,452 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/1/cas-login
2015-09-28 09:38:12,454 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/2/cas-login
2015-09-28 09:38:12,456 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/3/cas-login
2015-09-28 09:38:12,458 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/4/cas-login
2015-09-28 09:38:12,460 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:login:
 
ticket\colon; ST-32-bMg7fNzCuCc4ynTaPf9L-172.32.0.31
2015-09-28 09:38:12,460 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:login:service\colon;
 
https\colon;//172.16.0.1\colon;8443/xmlui/cas-login
2015-09-28 09:38:12,461 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:login:CAS
 
ticket\colon; ST-32-bMg7fNzCuCc4ynTaPf9L-172.32.0.31
2015-09-28 09:38:12,461 INFO  org.dspace.authenticate.CASAuthentication @ 
anonymous:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:login:CAS
 
service\colon; https\colon;//172.16.0.1\colon;8443/xmlui/cas-login
2015-09-28 09:38:12,838 INFO  org.dspace.authenticate.CASAuthentication @ 
Authenticated user via CAS: test_asac
2015-09-28 09:38:12,846 DEBUG org.dspace.storage.rdbms.DatabaseManager @ 
Running query "select * from eperson where netid = ? "  with parameters: 
test_asac
2015-09-28 09:38:12,855 INFO  org.dspace.authenticate.CASAuthentication @ 
test_a...@example.com:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:authenticate:type=CAS
2015-09-28 09:38:12,855 DEBUG org.dspace.storage.rdbms.DatabaseManager @ 
Running query "update eperson set last_active = ? where eperson_id = ?"
2015-09-28 09:38:12,857 INFO  org.dspace.eperson.EPerson @ 
test_a...@example.com:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:update_eperson:eperson_id=5
2015-09-28 09:38:12,857 INFO  org.dspace.app.xmlui.utils.AuthenticationUtil 
@ 
test_a...@example.com:session_id=9B771FD7FE6C3AE2839248DEE9306948:ip_addr=172.32.0.31:login:type=implicit
2015-09-28 09:38:12,857 DEBUG org.dspace.storage.rdbms.DatabaseManager @ 
Running query "SELECT * FROM epersongroup2eperson WHERE eperson_id= ?"  
with parameters: 5
2015-09-28 09:38:12,864 DEBUG org.dspace.storage.rdbms.DatabaseManager @ 
Running query "SELECT * FROM group2groupcache WHERE child_id= ?  OR 
child_id= ? "  with parameters: 0,7
2015-09-28 09:38:12,865 DEBUG org.dspace.storage.rdbms.DatabaseManager @ 
Running query "select * from epersongroup e LEFT JOIN metadatavalue m on 
(m.resource_id = e.eperson_group_id and m.resource_type_id = ? and 
m.metadata_field_id = ?) where  m.text_value = ?"  with parameters: 
6,64,ldap-users
2015-09-28 09:38:12,873 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/5/cas-login
2015-09-28 09:38:12,876 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/6/cas-login
2015-09-28 09:38:12,878 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/7/cas-login
2015-09-28 09:38:12,881 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/8/cas-login
2015-09-28 09:38:12,884 DEBUG org.dspace.app.xmlui.cocoon.AspectGenerator @ 
aspectgenerator path: cocoon://DRI/9/cas-login


Here's the code that was added to DSPACE 5.x to CAS work: 
https://github.com/DSpace/DSpace/pull/222/files


Thanks for your help.


All the best,


Shem Pasamba

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

[cas-user] CAS Authentication for DSpace 5.x behind a proxy

Reply via email to