Re: [cas-user] mod_auth_cas environment variables not accessible

The CAS attributes are stored as request headers and won't be available in the apache environment. You'd have to store them as apache environment variables to be able to get at them with RequestHeader (I think). Something like this should work for you: diff --git a/src/mod_auth_cas.c

Re: [cas-user] mod_auth_cas doesn't set AUTH_TYPE in script enviromnent?

On Fri, 16 Apr 2021 at 16:48, Mark H. Wood wrote: > > I'm tinkering with some test CGI scripts to prepare for a real > project, and I noticed that a script protected by CAS doesn't get a > value for AUTH_TYPE in its environment, whereas a similar location > protected by one of the AuthType Basic

Re: [cas-user] Question about using CAS with LDAP...?

On Fri, 12 Feb 2021 at 12:25, KC Pullen wrote: > > > Ray, > > I'll take a look at the LDAP logs and see if I can find anything... What do your mod_authnz_ldap logs say? -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines:

Re: [cas-user] Making CAS Auth optinal if browser has a certain cookie stored

On Tue, 1 Dec 2020 at 15:22, Bryan K. Walton wrote: > Is it possible to use an If Statement like this to make CAS auth > optional? If not, is there another way to bypass CAS auth if a > certain cookie is already present in the user's browser? A similar config works for me in both Directory and

Re: [cas-user] Re: mod_auth_cas - certificate path configuration and failed connection

On Fri, 13 Dec 2019 at 14:58, Alan S wrote: > > Okay, via curl, this looks good (see the response below), and I'm getting the > authenticated username returned. So, this is a good step forward in > troubleshooting. Do you have advice for debugging the Apache module? I'm not > sure what would

Re: [cas-user] Re: mod_auth_cas - certificate path configuration and failed connection

On Thu, 12 Dec 2019 at 18:09, Alan S wrote: > > Still wrestling with this, I'm now specifying just the serviceValidate > endpoint to remove any possible problems with SAML attribute delivery. My > Apache configuration now looks like this: > > LoadModule auth_cas_module

Re: [cas-user] Compiling Mod-auth-cas with external OpenSSL

On Mon, 4 Nov 2019 at 12:01, Colin Ryan wrote: > > David, > > Yes I've built Apache2 itself with SSL using the safe external OpenSSL as I"m > trying to use with the module. When I run the totally to stock ./configure > line I posted it gives me > > checking for openssl/ssl.h in /opt/aa... yes >

Re: [cas-user] Compiling Mod-auth-cas with external OpenSSL

On Fri, 1 Nov 2019 at 15:41, Colin Ryan wrote: > > Folks, > > For various reason's I need to compile my own mod_auth_cas module for > use in Apache. I also have my own builds of OpenSSL within this toolchain. > > > I cannot for the life of me seem to get mod_auth_cas to use my external > openssl

Re: [cas-user] mod_auth_cas and attributes

On Fri, Oct 25, 2019, 05:45 Alberto Cabello Sánchez wrote: > On Thu, 24 Oct 2019 16:12:58 -0400 > David Hawes wrote: > > > What version of mod_auth_cas are you using? > > Sorry, I didn't included it in my question: > > mod_auth_cas is 1.2, freshly cloned from

Re: [cas-user] mod_auth_cas and attributes

On Thu, 24 Oct 2019 at 08:44, David Curry wrote: > > You should be safe from SAML messes; CASv2 attribute release via SAML 1.1 has > been around for years and years; much longer than the CAS server's support > for the SAML2 protocol and acting as an IdP/SP. You don't actually have to >

Re: [cas-user] mod_auth_cas and attributes

What version of mod_auth_cas are you using? v1.2 supports CASv2 attributes, which should work with /serviceValidate provided your server supports it. Turn "CASDebug On" and you should be able to see the validation response with the attributes returned from your server. With CASAuthnHeader set to

Re: [cas-user] mod_auth_cas and apache 2.4 AuthMerging

On Wed, 17 Jul 2019 at 18:47, Paul Hirose wrote: > > RHEL7.6, mod_auth_cas-1.1-3.el7.x86_64 (from EPEL). > I'd like to protect my overall site with CAS. I'd then additionally like to > add IP restrictions on a subset of this site. I was hoping the first > Location stanza would require CAS for

Re: [cas-user] empty SAML response with mod_auth_cas from v1.2/master

On Mon, 3 Jun 2019 at 17:13, Alan S wrote: > > Hi, all, > > Our previous Apache client (mod_auth_cas v1.0.9.1) worked seamlessly with our > organization's CAS server, and retrieving SAML attributes was no problem at > all. Currently, we're working toward a rollout of CAS 5.3.3, and I'm trying

Re: [cas-user] mod_auth_cas / phpCas - HTTP Apache Behind HTTPS Terminated Load Balancer

On Tue, 14 May 2019 at 13:22, 'Will Gleich' via CAS Community wrote: > Has anyone else solved this problem – am I over-looking something? Perhaps I > can spoof HTTPS with some apache header change. Have you tried using CASRootProxiedAs with the virtual host on your LB and setting session

[cas-user] mod_auth_cas 1.2 Release

The mod_auth_cas team is pleased to announce the release of mod_auth_cas 1.2. https://github.com/apereo/mod_auth_cas/tree/v1.2 This release includes: * OpenSSL 1.1 support. * CASv2 attributes. * CASPreserveTicket, which allows tickets to pass through when a valid session exists. *

[cas-user] mod_auth_cas v1.2-RC1

mod_auth_cas v1.2-RC1 has been tagged: https://github.com/apereo/mod_auth_cas/tree/v1.2-RC1 Various bugfixes and documentation updates are included as well as: - OpenSSL 1.1 support - CASv2 attributes - CASPreserveTicket, which allows tickets to pass through when a valid session exists. If

Re: [cas-user] Protect Single Page application using mod_auth_cas

The order of these directives matters. You may want to review: http://httpd.apache.org/docs/current/sections.html#merging We'd need more config to tell what's going on in your case. On Fri, 30 Nov 2018 at 19:46, Shankaranand Bahushrutham wrote: > > > I have 2 single page applications developed

Re: [cas-user] Re: Unable to Retrieve CAS User Attributes (CAS 5.3.x)

On 2 October 2018 at 01:16, Fahmi L. Ramdhani wrote: > Thanks dhawes, > I have a little trouble about this, even though it should be able to. I > configure it according to the documentation about attributes. Below are logs > from mod_auth_cas: The log excerpt looks like it was after validation.

Re: [cas-user] Unable to Retrieve CAS User Attributes (CAS 5.3.x)

On 1 October 2018 at 15:18, Fahmi L. Ramdhani wrote: > Hi, > > I'am unable to retrieves CAS User Attributes using mod_auth_cas. Below is my > configuration: > 100-domain.com.conf > > > ServerName domain.com > ServerAlias www.domain.com > ServerAdmin ad...@domain.com > >

Re: [cas-user] Mod_Auth_Cas Headers

On 1 October 2018 at 14:02, Ramakrishna G wrote: > David, > > Can you pls share code snippet or link for setting headers to response > attribute. The wording was confusing in my last email, but we are just talking about attribute release here. You should review the documentation for your CAS

Re: [cas-user] Mod_Auth_Cas Headers

Just so I understand, you are setting headers on the validation response to mod_auth_cas in your CAS server and expect the headers to show up? They will not show up. You will need add those headers to the attributes sent back in the validation response for them to be available as headers in you

Re: [cas-user] Apache 2.4 with Mod_auth_CAS session timeouts before setting value.

For reference: https://github.com/apereo/mod_auth_cas/issues/151 On 20 August 2018 at 16:28, Matt T wrote: > Hi Everyone, > > I'm pulling my hair out here. We run Cognos and front-end it with Apache > 2.4. We've CASified the application by using mod_auth_cas. We've compiled > from source and

Re: [cas-user] Clustering Mod_auth_cas

On Fri, Aug 3, 2018 at 5:56 AM, Ramakrishna G wrote: > Hello Team, > > I have multiple CAS client (mod_auth_cas) connected to a load balancer. My > problem is mod_auth_cas ask CASCOOKIEPATH to set to store the user > information locally. > > I am planning to use NFS for the same but I feel there

Re: [cas-user] Invalid cache cookie length?

On Tue, Apr 10, 2018 at 2:41 PM, Bryan K. Walton wrote: > What does "Invalid cache cookie length" mean in the cas debug logs? > > For example: > [Mon Apr 09 16:17:29.340510 2018] [:debug] [pid 7828] > mod_auth_cas.c(897): [client xxx.xxx.xxx.xxx:64395] Invalid cache cookie >

Re: [cas-user] Can I make use of XML attributes in a serviceValidate response for authorization control?

On Thu, Feb 22, 2018 at 4:14 PM, Bryan K. Walton wrote: > We have a mod_auth_cas installation where the CAS server on the other > end is sending us XML attributes in their response. I don't have any > details on their CAS server version. What I do know is that we are >

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

On Thu, Feb 15, 2018 at 2:51 PM, Mukunthini Jeyakumar wrote: > Thanks dhawes. > > I'm using the php code to print the values retuned in the header > foreach (getallheaders() as $name => $value) { > echo "$name: $value\n"; > } > ?> > > I've no

Re: [cas-user] mod_auth_cas environnment variable

On Tue, Feb 13, 2018 at 10:23 AM, Fabio Martelli wrote: > Hi All, is there a way to force mod_auth_cas to put retrieved principal > attributes as env variable instead of headers? We're talking Apache environment variables, right? Do you need anything other than

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

On Fri, Feb 9, 2018 at 4:00 PM, Mukunthini Jeyakumar wrote: > Hi > > I'm seeing the same error even If I use /serviceValidate endpoint. As soon > as I turn on CASValidateSAML, I'm getting the error > > Here is my mod_auth_cas. (I've used David Curry's Guide ) > > LoadModule

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Are you sure your server supports /samlValidate? Are you able to use /serviceValidate? Post your full mod_auth_cas config here. The 406 you see is from the CAS server. Do you have any logs on the CAS server that indicate why the request failed? On Fri, Feb 9, 2018 at 2:09 PM, Mukunthini

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

Set: LogLevel debug CASDebug On and check your error logs. You should have information as to why you get this error. On Thu, Feb 8, 2018 at 1:13 PM, Mukunthini Jeyakumar wrote: > Hi David, > > I'm using mod_auth_cas configured to use the "samlValidate" endpoint. When I >

Re: [cas-user] Cas - Unauthorized

SRootProxiedAs https://192.168.111.12 >> >> CASValidateURL https://192.168.111.12:9443/cas/serviceValidate >> >> #CASProxyValidateURL https://192.168.111.12:9443/cas/proxyValidate >> >> CASDebug On >> >> LogLevel debug >> >> CASValidateSAM

Re: [cas-user] Cas - Unauthorized

On 23 January 2018 at 08:52, Ramakrishna G wrote: > Unauthorized > > This server could not verify that you are authorized to access the document > requested. Either you supplied the wrong credentials (e.g., bad password), > or your browser doesn't understand how to supply

Re: [cas-user] Ip changed to Host name

On 23 January 2018 at 08:56, Ramakrishna G wrote: > Hello all,, > > > I am using mod_auth_cas. While i hit cas url I give ip and cas automatically > change it to host name. Can anyone suggest how to stop this? > > > Eg: my url: https://192.168.111.XX => It redirets to my

Re: [cas-user] Re: CAS 5.0.8 + Active Directory - Note receiving user information

Have you tried using the /samlValidate endpoint with "CASValidateSaml On"? /serviceValidate may or may not return attributes, depending on your CAS server. If it does, you can use mod_auth_cas from git master, which supports CASv2 attributes. On 14 September 2017 at 09:11, Micas Camela

Re: [cas-user] Cannot retrieve user attributes from PHP application behind mod_auth_cas

On 19 July 2017 at 15:11, David Curry wrote: > > You need to have mod_auth_cas configured to use the "samlValidate" endpoint > on the CAS server, and also have the "CASAuthNHeader" setting turned on in > /etc/httpd/conf.d/cas.conf (or wherever your config file is).

Re: [cas-user] Redirect loop

now where the problem is... I need a ProxyPassReverse for the > rewrite rule I have since it is redirecting with an address that has 8080 > appended. > What do you think? If so, how would you write the ProxyPassReverse for that > rewrite rule? > > On Monday, May 22, 2017 at 5:49:09

Re: [cas-user] Redirect loop

; 302 587 "-" > "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0) Gecko/20100101 > Firefox/52.0" > > 10.55.1.102 - USER567 [18/May/2017:20:39:33 +] "GET / HTTP/1.1" 302 > 16773 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12;

Re: [cas-user] Redirect loop

On 18 May 2017 at 17:40, Pooya Eslami wrote: > Same if that line is deleted or set to / > I keep getting sent to cas and redirected back to site. > I would like to try RewriteCond, but where would I stop?! If I stop at cas > it will not redirect to cas, if stop after site, it

Re: [cas-user] CAS Apache Module - Ignore SSO/URL in a protected directory

On 16 February 2017 at 22:05, RJ Guroo wrote: > I have a requirement to ignore SSO for subsequent folders within a protected > folder. > > For example: We have to protect the URI, /app1/ > > /app1/ should be protected > /app1/dir1/ .. protected by the first rule > /app1/dir2/

Re: [cas-user] mod_cas_auth and cas attribute

On Thu, Feb 2, 2017 at 2:41 PM, Tom Barber wrote: > Hello folks > > I see in the readme the cas-attribute directive is for use with SAML, it is > only SAML and not serviceValidate endpoints? serviceValidate is supported in git master:

Re: [cas-user] CASifying Peoplesoft

On 26 January 2017 at 13:23, Bryan Wooten wrote: > We have our Peoplesoft environment CASified by adding CAS filters to the > Weblogin web.xml and writing some custom signon Peoplecode. It works well. > > Any we doing a proof of concept where the Weblogic is behind Apache.

Re: [cas-user] Converting REMOTE_USER variable to all lower/upper case in mod_auth_cas v. 1.1?

On 25 January 2017 at 08:23, Bryan K. Walton <bwal...@leepfrog.com> wrote: > On Tue, Jan 24, 2017 at 06:51:22PM -0500, David Hawes wrote: >> On 24 January 2017 at 08:45, Bryan K. Walton <bwal...@leepfrog.com> wrote: >> ... >> > However, that same CAS s

Re: [cas-user] Converting REMOTE_USER variable to all lower/upper case in mod_auth_cas v. 1.1?

On 24 January 2017 at 21:43, Chris Cheltenham wrote: ... > > > Authtype CAS > > require valid-user > > CASAuthNHeader CAS_USER > > Try using CAS-USER here. 2.4 is more strict with headers. See:

Re: [cas-user] Converting REMOTE_USER variable to all lower/upper case in mod_auth_cas v. 1.1?

On 24 January 2017 at 16:19, Chris Cheltenham wrote: > Bryon , > > According to my tcpdump mod_auth_cas is pushing REMOTE_USER no matter what we > configure it to be. > So when we changed the behavior of the other side to EXPECT the REMOTE_USER > variable , it

Re: [cas-user] Converting REMOTE_USER variable to all lower/upper case in mod_auth_cas v. 1.1?

On 24 January 2017 at 08:45, Bryan K. Walton wrote: ... > However, that same CAS server passes some users in lowercase. Is there > a way in mod_auth_cas to convert all usernames to either uppercase or > lowercase, overriding what the CAS authentication server sends? There

Re: [cas-user] CASRootProxiedAs with variable value

ne :) Thank you very much. After >> holydays i'will try to do more tests to be sure... i'll let you know. >> >> Le mercredi 21 décembre 2016 22:11:49 UTC+1, Hansi PIERRE a écrit : >>> >>> Ho !! tks a lot :) ... i'll try it tomorrow :) >>> >>> Le

Re: [cas-user] CASRootProxiedAs with variable value

On 21 December 2016 at 11:22, David Hawes <dha...@vt.edu> wrote: ... > I've attached a horrible, inflexible, mostly untested and probably > buggy patch against git master that should rewrite the Host header to > the service URL. Let me know if it works for your case. The previous

Re: [cas-user] CASRootProxiedAs with variable value

On 21 December 2016 at 04:27, Hansi PIERRE wrote: > Hello ... first thank you for the answer. > > Le mardi 20 décembre 2016 23:04:48 UTC+1, dhawes a écrit : >> >> >> I'm not sure I follow. What prevents you from using a URL with >> CASRootProxiedAs? > > > Because my proxified

Re: [cas-user] CASRootProxiedAs with variable value

On 20 December 2016 at 08:51, Hansi PIERRE wrote: ... > It seems like the variable is not resolved. > Is there a way to set a variable as value of "CASRootProxiedAs" ? No, you cannot have variables in the URL. > More generally my apache is proxyfied and i can't get the

Re: [cas-user] mod_auth_cas 1.1

I see no mod_auth_cas configuration here. On 13 December 2016 at 18:44, Chris Cheltenham <cchelten...@swaintechs.com> wrote: > David, > > Again I appreciate your help. > > > > -Original Message- > From: cas-user@apereo.org [mailto:cas-user@apereo.org] On B

Re: [cas-user] mod_auth_cas 1.1

On 12 December 2016 at 17:57, Chris Cheltenham wrote: > David, > > He mod_auth_cas is attached. Can you post your Apache config? -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html -

Re: [cas-user] mod_auth_cas 1.1

Please post your mod_auth_cas configuration. Next, set your LogLevel to debug and CASDebug on. Do you see anything useful in the error log? On 10 December 2016 at 11:41, Chris Cheltenham wrote: > Hello everyone, > > > > We are using RHEL 7.3 with apache 2.4.6 and CAS

Re: [cas-user] require group

I'd expect by the end of the year at the latest. On 23 November 2016 at 12:21, pouria Mahmoudi wrote: > Oh by the way, > Is it possible to tell me how soon this change would be merged? > > Thanks > > > On Wednesday, November 23, 2016 at 9:00:14 AM UTC-8, pouria

Re: [cas-user] require group

On 22 November 2016 at 16:40, pouria Mahmoudi wrote: > Hi Everyone, > I have a problem with getting group working with mod_auth_cas. > > Here is the snippet: > > > Authtype CAS > Require valid-user > Require

Re: [cas-user] CASAuthNHeader to return user

On 21 November 2016 at 16:13, pouria Mahmoudi wrote: ... > Description: If enabled, this will store the user returned by CAS in an HTTP > header > accessible to your web applications. ... > but it doesn't look like I have an http header. At least by doing Inspect >

Re: [cas-user] Landing Page using Gateway with mod_auth_cas

On 12 July 2016 at 11:32, Travis Schmidt wrote: > I have been trying to come up with a way to configure a landing page for an > app that uses gateway to determine if the user is logged in or not with > Apache 2.4 and mod_auth_cas. I thought at first just doing something

Re: [cas-user] Re: Where are the cas-attribute headers?

On 30 June 2016 at 12:40, mostolog wrote: > Hi > > > Finally, I managed to solve it. > > Seems that cas-attribute headers are only sent if CASAuthNHeader directive > is enabled. That's correct. Also note that you may want to set your CASAttributePrefix to something that does

Re: [cas-user] Compiling mod_auth_cas on debian 8 (missing aclocal-1.15)

On 21 March 2016 at 11:00, Philippe MARASSE wrote: > Hello, > > I'm trying to compile mod_auth_cas on a Debian 8 jessie, sources are > cloned from github. ./configure works but make complains about missing > aclocal-1.15. > > automake package for Debian 8 ships