search

SkyzohKey / kanet

Automatically exported from code.google.com/p/kanet
GNU General Public License v3.0
0 stars 0 forks source link

kanet + cas #7

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago 
bonjour à tous,

je suis en train de monter un portail captif à l'aide de "kanet" et d'une 
authentification CAS mais voila, je rencontre un problème (je ne serais pas la 
sinon me direz vous)

mon problème ::

Quand mon client veut aller sur le web il doit passer par mon portail et 
s'authentifier auprès de mon serveur CAS, jusque ici pas de problème. 
La ou le bas blesse c'est que une foi authentifier mon client devrai avoir 
(grâce au ticket délivré pas CAS) accéder au web mais cela ne fonctionne 
pas et je suis toujours redirigé sur le serveur web de kanet...

fichier /etc/apache2/sites-enable/kanet :

[code]
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/apache2/server.crt
        SSLCertificateKeyFile /etc/apache2/server.key
        SSLVerifyClient none
        SSLProxyEngine On

        Alias /www /usr/share/kanet/

        ProxyPreserveHost On
        ProxyRequests On
        ProxyPass / http://127.0.0.1:8181/ disablereuse=on retry=0 flushpackets=on
        ProxyPassReverse / http://127.0.0.1/
        ProxyTimeout 3

        <location />
                Allow From All
        </location>

        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>

<VirtualHost *:8080>
        RewriteEngine ON
        RedirectMatch .* https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas
        ErrorLog /var/log/apache2/error.log
        LogLevel warn
        CustomLog /var/log/apache2/access.log combined
</VirtualHost>
[/code]

fichier /etc/kanet/kanet.conf

[code]/*
        Configuration file for kanet
*/

{
        /*
                Server configuration
                SERVER_MODE="STANDALONE" (default) or "PROXY"
        */
        "SERVER_MODE" : "PROXY",
        "SERVER_URL" : "https://kanet.toto.fr",
        "SERVER_PORT" : "8181",
        "SERVER_IP" : "",
        "REDIRECT_SERVER_PORT" : "8080",
        "QUEUE_NUM" : "0",
        "SSL_CERT_FILE" : "/etc/kanet/ssl-kanet.crt",
        "SSL_KEY_FILE" : "/etc/kanet/ssl-kanet.key",
        "DEBUG" : "0",
        /*
                Persistent data,
                only sqlite is available.
        */
        "database" : "sqlite",
        "sqlite_connection_string" : "/var/lib/kanet/kanet.sqlite",
        "mysql_connection_string" : "Server=xxx; Port=3306; Database=xxx; uid=xxx; pwd=xxx;",
        /*
                Server behavior
        */
        "login_page" : "https://cas.toto.fr:8443/cas/?service=https://kanet.toto.fr/login_cas/",
        "captive_portal_page" : "https://kanet.toto.fr/www/update.html,
        "cas_url" : "https://cas.toto.fr:8443/cas/",
        "www_path" : "/usr/share/kanet/",
        "module_path" : "/usr/lib",
        "auth_module_name" : "kanet-radiusclient",

        /*
                blacklist acls
                always rejected.
        */
        "KANET_ACL_TYPE_BLACKLIST": [
                { "address" : "127.0.0.1", "port" : 9090 },
                { "port" : 8089 }
        ],
        /*
                open acls
                always open
        */
        "KANET_ACL_TYPE_OPEN": [
                { "address" : "kanet.toto.fr" },
                { "address" : "cas.toto.fr", },
                { "address" : "kanet.toto.fr" }
        ],
        /*
                default acls
                open to authenticated users.
        */
        "KANET_ACL_TYPE_DEFAULT": [
                { "port" : 8043 },
                { "port" : 443 },
                { "port" : 80 },
                { "port" : 8080 },
                { "port" : 8443 }
        ],

        /* Admins : comma separated login list */
        "admins": "colin,colin@upvm",
        /*
                blacklist_part
        */
        "blacklist_users" : [
                { "login" : "colin", "message" : "hi foo ! you're login have been locked .." },
                { "login" : "johndoe", "message" : "hi john doe ! this account is locked .." }
        ],
        "default_blacklist_message" : "Your account have been locked",

        /*
                auto_blacklist_acl
                used to inform user they are probably infected, if a user try to join
                one of this address, the user is automatically blacklisted and the message
                display on is login window
        */
        "auto_blacklist_acls": [
                { "address" : "192.168.1.45", "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" },
                { "port" : 45678, "message" : "You're account have been temporarily locked <br/> because you're probably infected by a virus" }
        ],
        /*
                quota, in bytes or seconds. 0 is unlimited.
        */
        "bytes_quota" : "0",
        "time_quota" : "0",
        /*
                message
                variables : $upbytes $downbytes $duration
        */
        "update_msg" : "Up : $upbytes, Down: $downbytes, Time: $duration",
        "over_quota_msg" : "Sorry you exceed your quota",
        "blacklist_msg" : "Sorry, you're account have been locked",
        "update_error_msg" : "An error occured during authentication process, please restart your browser",

}
[/code]

je tourne en rond depuis un moment et commence à désespérer... le pire c'est 
que je suis sur que c'est un petit truc qui me bloque et je ne voit pas du tout 
d'où cela peut venir

merci d'avance

Original issue reported on code.google.com by c.agu...@gmail.com on 23 Jan 2012 at 2:19

GoogleCodeExporter commented 8 years ago 
Bonjour,
il faudrait faire 2 choses :
- lancer kanet en console et regarder ce qui se dit.
- lancer un firebug ou autre et suivre les différentes redirections pour 
savoir sur quelle adresse ca s'arrete.

Original comment by cymo...@gmail.com on 24 Jan 2012 at 2:20