Neil,
I don't think there is any real experience using mod_auth_cas with either
itk or ruid2. Any suggestions on better model for file-based session state
storage when using itk?
-Matt
On Tue, Feb 3, 2015 at 2:10 PM, Neil Sabol wrote:
> Good day CAS users,
>
>
>
> I hope you are all well.
>
ard slot 0 in child 15919 for worker proxy:reverse
>
> [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1852): proxy: worker
> proxy:reverse already initialized
>
> [Sun Oct 26 19:28:14 2014] [debug] proxy_util.c(1949): proxy: initialized
> single connection worker 0 in child 15919 for
ng the same ”Authorization Required” message.
>
> When the “require user” statement is removed the CAS login is bypassed and
> I enter the application directly.
>
>
>
> Thanks,
>
> Niva
>
>
>
>
>
> *From:* Matt Smith [mailto:m...@forsetti.com]
> *Se
Can you verify if mod_auth_cas works by itself by removing the AuthLDAPurl
line and using simply "Require user xXxX" ?
-Matt
On Oct 26, 2014 2:13 PM, "Niva" wrote:
> Hello,
>
> I'm trying to casify a webapp which is served by apache, but am getting
> "Authorization Required" after entering the l
Yes, mod_auth_CAS has been suffering from some extended release-rot. We
are looking to cut a 1.10 shortly.
Binary releases are not something we are looking to provide ourselves - I
would prefer to see Linux distro packages that take care of dependencies,
etc., for that. I will nudge the Fedora/E
There have been several fixes committed to the master branch since 1.0.9.1,
though we have not yet cut 1.0.10. Please try master and see if that
resolves your issue.
Also - if the first URL you visit is deeper in your site than subsequent
visits, your CAS cookie's PATH may be scoped to narrowly.
I should put a big *use at your own risk* banner on that libcas code.
libcas was a sandbox to play with libxml2 and SAX parsing in C. It works,
and it has some value, but is unmaintained. However, if someone wants to
clean up my awful hand-crafted state machine, I'd be happy to review and
update.
ld be to use repmemcached, but unfortunately
> mod_auth_cas does not give such a possibility
>
> /lm
>
> - Oryginalna wiadomość -
> Od: "Matt Smith"
> Do: cas-user@lists.jasig.org
> Wysłane: piątek, 8 marzec 2013 17:12:27
> Temat: Re: [cas-user]
Could you clarify your use-case a bit? Are you considering putting the
mod_auth_cas cookie directory in GlusterFS space and clustering/balancing
your web servers, or is your web content living in a shared GlusterFS space
and you are considering protecting it with mod_auth_cas? And in either
case,
I had a phone call with Talisma a few weeks back, and heard the same thing.
I don't really know much about the application -- but apparently, much of
it is a thick client. I came to understand there is a web-based portal,
but for our use, this would be used only by those that do not (yet) have
en
libxml2 seems better maintained, probably due to dependencies from Gnome.
For a basic SAX approach, I prototyped a toy last year:
https://github.com/forsetti/libcas
On Oct 9, 2012 2:29 PM, "Marvin Addison" wrote:
> https://issues.jasig.org/browse/MAS-76
>
> If you depend on mod_auth_cas + SAML,
Hello Michael,
The version in the Debian repositories is quite old, and much of that code
has been reworked. Could you please try a newer version from our GIT repo
at http://github.com/Jasig/mod_auth_cas/?
Tag "v1.0.9.1" is the most recent stable release
"master" should be stable and has some ne
Torben,
I'm not sure I completely understand your use case, but it sounds like you
are looking to chain Apache authentication handlers together, kind of like
a Linux PAM stack. Are you trying to do Kerberos (AD) authentication using
mod_auth_kerb, or does your application handle this internally?
>
> Thanks for the reply. I actually got past this issue. I think the
> instructions in the README are unclear. In there it states:
>
>
Good catch, we'll update the documentation before the next release to
reflect the preferred use of ./configure && make.
> I found some issues online describin
Milt,
Could you send the config.log that should have been generated from the
"./configure" process, and the output of the "make" and "make install"
processes?
By "yet to be released", do you mean you checked out the "master" branch at
GitHub? Or did you retrieve the code elsewhere?
-Matt
On Feb 2
mod_auth_cas does not currently provide this functionality. You would need
to include some javascript to detect the ticket and refresh to the
non-ticket URL.
On Thu, Feb 2, 2012 at 9:04 AM, Vipin Jain wrote:
> Hi Scott,
>
> We are using Apache Module mod_auth_cas 1.0.9.1, Can you please help us
be the logger for the attributeRepository bean?
>
> On 2012-01-21, at 13:37, Matt Smith wrote:
>
> Joel, could you turn up logging on the CAS server to verify that you are
> indeed collecting the attributes that should be delivered to the service?
>
> -Matt
>
> On Thu, Jan
service manager itself (
> https://fortran.its.unb.ca/cas/services/**). That service isn't set to
> release any attributes, but if I allow it to release all attributes I see
> no differences in the logs or in the headers returned.
>
> On 2012-01-18, at 23:48, Matt Smith wro
but any concrete examples using mod_auth_cas seem to deal strictly with
> using the attributes for Apache authorization and require a patch from
> MAS-60.
>
> On 2012-01-18, at 21:09, Matt Smith wrote:
>
> Joel,
>
> If you are looking to use SAML, set CASValidateURL to t
te
> POST request is done exactly as I would have expected. Is there perhaps an
> issue with newer versions of mod_auth_cas (I'm using 1.0.9.1) with CAS
> Server 3.3.5 when enabling SAML?
>
> On 2012-01-17, at 20:14, Matt Smith wrote:
>
> Joel,
> Is your CAS server running
Joel,
Is your CAS server running behind an Apache server (via AJP)? It appears
that the ticket is somehow being dropped from the validation request. Could
you increase either the CAS logging or the Apache logging (if CAS is behind
Apache) to show the parameters of the validation request?
-Matt
On J
mod_auth_cas should fit your Apache authentication needs nicely. Please
try to use 1.0.9.1, which is the latest release. Attributes are supported,
but only via SAML Validation. Please take a look at the README [1] for
configuration parameters. You will need to configure your CAS server to
acqui
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe (a) can be handled at the CAS server, but I'll let someone
else cover that.
For (b), m-a-c does have some basic SAML support, though testing has
been very limited. Not sure what it takes to enable server-side, but
look for the CASValidateS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As of m-a-c 1.0.9, Proxy Validation is not implemented. Patches are
welcome! ;-)
On 02/28/2011 12:09 PM, Seyfi, Ismail wrote:
>
> Is this possible?
>
>
>
> I see the following:
>
>
>
> Directive: CASProxyValidateURL
> Default:https://login.uconn.edu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pete,
I am aware of a few people that have attempted to use NFS to share the
CASCookiePath, with mixed success. NFS seems to have better locking
semantics than AFS (which effectively has none). But, I have not
heard that anyone has been truly happy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bryan-
Apologies for missing this in my inbox. I think Marvin already
answered the question, but I do want to use the opportunity to solicit
developers interested in maintaining the Windows port of
mod_auth_cas. 1.0.8.1 is the last version of mod_a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel-
CAS is designed for authentication within HTTP applications. While
one could bend things to get Samba to authenticate via CAS, I would
strongly recommend against it.
CAS does not itself store credentials (generally), but leverages an
externa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vipin,
Haven't tried this yet, but try using Apache's or
directives to limit authentication only to the regex you
want to protect.
- -Matt
On 12/13/2010 11:17 AM, Vipin Jain wrote:
> Hello,
>
> Can we have any setup at Apache level to protect onl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sorry for the long-delayed response - been away for a while.
Please use the curl branch of mod_auth_cas from the Jasig SVN:
https://source.jasig.org/cas-clients/mod_auth_cas/branches/curl/
Check the README file for CASSSOEnabled.
Please report back
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Not familiar with this error. Is Apache returning with a 401/403 or a
50x ?
Google indicates this might be a base misconfiguration. A few things
to check:
* Do you have a .htaccess file with permissions preventing Apache from
reading it?
* Is the a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looks like you are using the CAS 1.0 protocol when talking to your CAS
server. You should do one of the following:
1) Use the CAS 2.0 protocol, generally by replacing "validate" with
"serviceValidate" in CASValidateURL (if your CAS server supports i
On Fri, Apr 24, 2009 at 1:46 AM, Anthony Giggins wrote:
> I've setup CAS 3.3.2 with the following example
>
> http://www.ja-sig.org/wiki/display/CASUM/JAAS
>
Which JAAS LDAP module are you using? As the author of the
edu.uconn.netid.jaas.LDAPLoginModule module mentioned in that wiki
entry, I'd r
> Could you give me an estimate of how many man hours do you think
> mod_auth_cas took to write total?
I have to chuckle a bit at this question -- it took Phil (a "C ninja")
~8 hours to code the first, fully functional pass. In comparison, it
would have taken me weeks. Since then, work has focus
> 1. If in our app, there are multiple .htaccess files within the branches of
> a website.
> that have the same AuthType, AuthName, AuthUserFile and AuthGroupFile
> but a different "require" apache directive values for both users and groups
> to restrict which users or groups has access to specific
Haven't seen this specifically -- but try changing the password for
that user. My guess from "Pre-authentication information was invalid
(24)" is that the AD 2k8 is looking for Kerberos salting info that
hasn't yet been generated. Changing the password, even to the same
thing it currently is, may
35 matches
Mail list logo
