websso with cas server and mod_auth_cas

asked 2018-07-27 08:00:35 -0500

Vaggelis Kapoulas gravatar image

updated 2018-07-27 08:11:19 -0500

Has anyone tried SSO with a Central Authentication Service (CAS) server, using mod_auth_cas?

I have tried, but I have limited success, and I want to know if it possible at all.

After logging in to the CAS sso login page, mod_auth_cas receives the assertion that has the necessary attributes, and stores it in the cookie cache, but it only populates the REMOTE_USER WSGI environment variable. The assertion attributes do not seem to get passed to keystone (I admit I don't know how there are supposed to be passed to keystone). So a mapping using the assertion attributes fails. If I use a simple mapping that uses only REMOTE_USER, I get keystone to create an ephmeral user and a project, but then, when the dashboard is redirected back to /v3/OS_FEDERATION/.../websso?origin=.../dashboard/auth/websso/, I get the following ERROR in the browser:

error   
message "An unexpected error prevented the server from fulfilling your request: 'origin'. (Disable insecure_debug mode to suppress these details.)"
code    500
title   "Internal Server Error"

and the following ERROR in /var/log/keystone/keystone.log:

2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi [req-a2f4f710-ce65-4e83-9df4-faac0aa49535 - - - - -] 'origin'
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi Traceback (most recent call last):
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 228, in __call__
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi     result = method(req, **params)
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 345, in federated_idp_specific_sso_auth
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi     return self.render_html_response(host, token_id)
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi   File "/usr/lib/python2.7/site-packages/keystone/federation/controllers.py", line 355, in render_html_response
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi     body = src.substitute(subs)
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi   File "/usr/lib64/python2.7/string.py", line 172, in substitute
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi     return self.pattern.sub(convert, self.template)
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi   File "/usr/lib64/python2.7/string.py", line 162, in convert
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi     val = mapping[named]
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi KeyError: 'origin'
2018-07-27 15:23:29.878 226046 ERROR keystone.common.wsgi

I am afraid I do not understand what is happening.

I would appreciate it, if you can provide any insight or info on what the problem might be.

Thanks in advance!

Best regards, Vaggelis

edit retag flag offensive close merge delete