By: Niclas Lindqvist user 05 Jun 2020 at 6:11 a.m. CDT

2 Responses

I have followed this guide to enable CAS: https://gluu.org/docs/gluu-server/admin-guide/cas/ Problem is we're getting a 404 when being redirected from an apache2 web server with cas_auth configured exactly the same as to our current standalone CAS (except url obv.) I cannot find any log entries related to the auth attempts? We also noticed that `/opt/shibboleth-idp/conf/cas-protocol.xml `have example.org bean classes configured for some reason? It keeps getting rebuilt with those two URL:s every restart: ``` <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*" p:group="proxying-services" p:authorizedToProxy="true" p:singleLogoutParticipant="true" /> <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*" p:group="non-proxying-services" p:authorizedToProxy="false" /> <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="https:\/\/([A-Za-z0-9_-]+\.)*oru\.se(:\d+)?\/.*" p:group="non-proxying-services" p:authorizedToProxy="false" /> ``` cas-protocol.xml.vm: ``` #if ($casParams.enabled) <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="$casParams.authorizedToProxyPattern" p:group="proxying-services" p:authorizedToProxy="true" p:singleLogoutParticipant="true" /> <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="$casParams.unauthorizedToProxyPattern" p:group="non-proxying-services" p:authorizedToProxy="false" /> <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" c:regex="https:\/\/([A-Za-z0-9_-]+\.)*oru\.se(:\d+)?\/.*" p:group="non-proxying-services" p:authorizedToProxy="false" /> ``` Am I understanding the regex change correctly by changing from `c:regex="https:\/\/cas\.gluu\.org\/example_simple\.php"` to `c:regex="https:\/\/([A-Za-z0-9_-]+\.)*oru\.se(:\d+)?\/.*"`? We only want hosts named something.oru.se allowed. attribute-filter.xml.vm: ``` <AttributeFilterPolicy id="ManualCASFilterRule1"> <PolicyRequirementRule xsi:type="RequesterRegex" regex="^https:\/\/([A-Za-z0-9_-]+\.)*oru\.se(:\d+)?\/.*$" /> <AttributeRule attributeID="mail"> <PermitValueRule xsi:type="ANY" /> </AttributeRule> ``` Thanks in advance.

Debian 9.9

closed

By Mohib Zico staff 05 Jun 2020 at 9:24 a.m. CDT

Copy

>> I cannot find any log entries related to the auth attempts? 'idp-process.log' should reveal what is happening with CAS module in Gluu Server. If required, make it DEBUG. >> Am I understanding the regex change correctly by changing from c:regex="https:\/\/cas\.gluu\.org\/example_simple\.php" to c:regex="https:\/\/([A-Za-z0-9_-]+\.)*oru\.se(:\d+)?\/.*"? No guarantee of that. 'cas.gluu.org/example_simple' is just an example. I have seen far complex regex. You can compute and test your regular expression with various online regex tool like: https://regex101.com/ or https://regexr.com/ etc.

By Niclas Lindqvist user 08 Jun 2020 at 7:54 a.m. CDT

Copy

We had the wrong CASLoginURL problem is now solved. Thanks anyway

You need to Login in order to post an answer

CAS login attempts = error 404?

By: Niclas Lindqvist user 05 Jun 2020 at 6:11 a.m. CDT

Answers

By Mohib Zico staff 05 Jun 2020 at 9:24 a.m. CDT

By Niclas Lindqvist user 08 Jun 2020 at 7:54 a.m. CDT

Post an answer