Jasig-CAS - Redmine integration
Closed this issue · 10 comments
Hello,
I've installed the 2.5-stable version of redmine on a CentOS 7_64bit whith PostgreSQL as backend. Redmine is up and running.
Now I'm triying to configure CAS authentication in redmine against a JASIG-CAS v. 3.5.2. I installed "Redmine CAS" plugin v. 1.2.1 and its dependencies. and configured the plugin and set "Authentication required". We already have a couple of web applications integrated with this JASIG-CAS server and it's working fine.
When I try to authenticate I receive this message in the browser:
"Internal error
An error occurred on the page you were trying to access.
If you continue to experience problems please contact your Redmine administrator for assistance.
If you are the Redmine administrator, check your log files for details about the error."
And redmine log says:
CAS server responded with an error! (#<Net::HTTPFound 302
app/controllers/application_controller.rb:187:in `check_if_login_required'
I read that installing the CAS certificate would solve the problem. See http://www.redmine.org/issues/16029
If this is the right thing to do, my question is: where and how can I install the CAS certificate in the redmine server?
Thanks' a lot in advance for your help.
Installing the CAS certificate in redmine server did not solve the problem:
cat CAS.cert >> /etc/pki/tls/certs/ca-bundle.crt
Looks like your CAS server does a redirection… Make sure the URL to the CAS server is correct (include any subdirectories like /cas/ etc.).
Thank you for this reply.
I've used Firebug on Firefox to trace HTTP redirections and the final URL with HTTP_OK status (200) is the one I filled in redmine_cas plugin's configuration.
The CAS we use for redmine is already used in a couple of web applications and it's working fine.
Furthermore, I've tested the CAS authentication with a Perl script using LWP and I'm able to validate a service and retrieve cas:serviceResponse XML string.
Besides, Firebug showed that the CAS returned the service ticket to redmine at this URL:
https://redmine:3001/?ticket=ST-423-IcDeaoguh4Hr4mbTgjKp-localhost
After that a redmine server error 500 occurs.
Any clue?
Thanks'
Hi,
I'm still stuck with this issue.
Can any one give a hint?
Thanks'
Hey @faqman
The redirect URL https://redmine:3001/?ticket=ST-423-IcDeaoguh4Hr4mbTgjKp-localhost looks correct to me.
Could you provide the full stack trace from the Redmine log?
Hi Samuel, @calmyournerves
Thank you for your reply.
Here the logs:
########/var/www/html/redmine/log/production.log
Started GET "/" for 10.14.2.58 at 2014-09-18 14:37:02 +0200
Processing by WelcomeController#index as HTML
Current user: anonymous
Redirected to https://casserver/cas/login/login?service=https%3A%2F%2Fredmine%3A3001%2F
Filter chain halted as :check_if_login_required rendered or redirected
Completed 302 Found in 11.7ms (ActiveRecord: 2.6ms)
Started GET "/?ticket=ST-59-xcfxnSqupu1gXcyP1DRb-casserver" for 10.14.2.58 at 2014-09-18 14:37:19 +0200
Processing by WelcomeController#index as HTML
Parameters: {"ticket"=>"ST-59-xcfxnSqupu1gXcyP1DRb-casserver"}
Current user: anonymous
CAS server responded with an error! (#<Net::HTTPFound 302 Déplacé Temporairement readbody=true>)
Completed 500 Internal Server Error in 34.5ms
RuntimeError (The CAS authentication server at https://casserver/cas/login/proxyValidate?service=https%3A%2F%2Fredmine%3A3001%2F&ticket=ST-59-xcfxnSqupu1gXcyP1DRb-casserver responded with an error (#<Net::HTTPFound 302 Déplacé Temporairement readbody=true>)!):
app/controllers/application_controller.rb:187:in `check_if_login_required'
########/var/www/html/redmine/log/passenger.log
Started GET "/" for 10.14.2.58 at 2014-09-18 14:37:02 +0200
Processing by WelcomeController#index as HTML
Current user: anonymous
Redirected to https://casserver/cas/login/login?service=https%3A%2F%2Fredmine%3A3001%2F
Filter chain halted as :check_if_login_required rendered or redirected
Completed 302 Found in 11.7ms (ActiveRecord: 2.6ms)
Started GET "/?ticket=ST-59-xcfxnSqupu1gXcyP1DRb-casserver" for 10.14.2.58 at 2014-09-18 14:37:19 +0200
Processing by WelcomeController#index as HTML
Parameters: {"ticket"=>"ST-59-xcfxnSqupu1gXcyP1DRb-casserver"}
Current user: anonymous
CAS server responded with an error! (#<Net::HTTPFound 302 Déplacé Temporairement readbody=true>)
Completed 500 Internal Server Error in 34.5ms
RuntimeError (The CAS authentication server at https://casserver/cas/login/proxyValidate?service=https%3A%2F%2Fredmine%3A3001%2F&ticket=ST-59-xcfxnSqupu1gXcyP1DRb-casserver responded with an error (#<Net::HTTPFound 302 Déplacé Temporairement readbody=true>)!):
app/controllers/application_controller.rb:187:in `check_if_login_required'
@faqman: As your CAS server is throwing an error, do you see anything in those log files?
Good news it's working now. How? Here it is:
In the log files at the line beginning with "Redirected to ..." you can see this :
https://casserver/cas/login/login?service=https%3A%2F%2Fredmine%3A3001%2F
Meanwhile at the line beginning with "RuntimeError" you see this:
https://casserver/cas/login/proxyValidate?service=https%3A%2F%2Fredmine%3A3001%2F&ticket=ST-59-xcfxnSqupu1gXcyP1DRb-casserver
The URL of the CAS server filled in my redmine_cas plugin configuration was:
https://casserver/cas/login
I'm not sure which of redmine/redmine_cas plugin or our CAS server was adding the additional /login?
However, removing login from the CAS server URL in my redmine_cas plugin configuration did it. So it is working just fine with this CAS server URL:
I'm afraid I can't further explain this behavior? If any one can enlighten me, I would be much glad and grateful.
Thanks' to you all for your help.
Glad you got it working, I didn't see that double /login when I looked at it earlier :)
The rubycas-client gem is adding /login already, so it only needs the base URL of your CAS installation.
See here: https://github.com/rubycas/rubycas-client/blob/master/README.rdoc#a-more-complicated-example (config default values)
Thank you for the follow up and the interesting link to rubycas-client docs. I understand much more now the behavior of the cas authentication process under redmine/redmine_cas plugin.
May be this behavior of rubycas-client ought to be pointed out in the redmine_cas readme/documentation for other users’ edification.
Thanks' again for your valuable help.
Cheers!