Not compatible with Apache httpd 2.4.x

[maxamillion]

MOD_AUTH_CAS: CASCookiePath '/dev/null' is not a directory or does not end in a trailing '/'!\n", 149) = 149

[pames]

It looks like you haven't specified CASCookiePath in your configuration. If that's not the case, please re-open this.

[maxamillion]

Yes, apologies. That was a previous problem I ran into, I pasted the wrong output into the issue ticket. I am getting this:

Cannot load modules/mod_auth_cas.so into server: /etc/httpd/modules/mod_auth_cas.so: undefined symbol: ap_requires

And ap_requires is declared in http_core.h in 2.2.x but does not appeared to be declared at all in 2.4.x

[bnoordhuis]

ap_requires() has indeed been removed in 2.4, reopening.

[antoine777]

Hi,

My company would like to use this CAS client but in Apache 2.4. Do you have a plan for the fix of this issue ?

Thanks

[bnoordhuis]

Not in the near future. None of the maintainers (including yours truly) seem to have time to work on mod_auth_cas these days.

[pames]

In the "good news, everyone" department, I did just have a conversation with some old colleagues from UConn who might be able to dedicate time/resources to mod_auth_cas development, but it's in very early stages and they need to determine what level of effort they can commit to.

[lilyevsky]

Any more good news after 6 months? I am also waiting for mod_auth_cas working with Apache 2.4

[smaresca]

I have a local branch to this end that I will update and push forward this weekend. There are elements with remain to be resolved, but I hope that they are minor.

On Fri, Nov 15, 2013 at 3:22 PM, lilyevsky notifications@github.com wrote:

Any more good news after 6 months? I am also waiting for mod_auth_cas working with Apache 2.4

— Reply to this email directly or view it on GitHubhttps://github.com/Jasig/mod_auth_cas/issues/49#issuecomment-28600384 .

[lilyevsky]

smareska,

Thanks. Please could you tell me how I can download your thing.

[adek]

@smaresca do you have working version with apache 2.4? We are also interested.

[paszczus]

+1

[blkperl]

+1

[tjfong-ubc]

Just wanted to get clarification on whether or not mod_auth_cas will work with Apache-2.4 or not. Just compiled 1.0.10 and produces this on apachectl start:

httpd: Syntax error on line 161 of /usr/local/apache2/conf/httpd.conf: Cannot load /usr/lib64/httpd/modules/mod_auth_cas.so into server: /usr/lib64/httpd/modules/mod_auth_cas.so: undefined symbol: ap_requires

If it does now support Apache-2.4, could someone tell me what I'm doing wrong?

Thanks Trev

[paszczus]

It is working fine now. You need to apply that commit: https://github.com/klausdieterkrannich/mod_auth_cas/commit/4a2486746a207cb25ed2b25273899335e0309579

[rkorn86]

the saml attributes are not transported from the soap response to the http headers.

[dhawes]

I cannot reproduce this with the commit referenced above. Do you have CASAuthNHeader set? If not, you will never get the SAML attributes in the HTTP headers.

[rkorn86]

Yeah ive tried nearly every setting. The only change i notice is the variable name of the remote user. if i enter multiple casauthnheader lines, only the last one is used and the remote user is exported under this variable (prefixed by CAS_) Could you show me your settings? Am 10.09.2014 23:27 schrieb David Hawes notifications@github.com:I cannot reproduce this with the commit referenced above. Do you have CASAuthNHeader set? If not, you will never get the SAML attributes in the HTTP headers.

—Reply to this email directly or view it on GitHub.

[rkorn86]

ive wrote my investigation here https://github.com/klausdieterkrannich/mod_auth_cas/commit/4a2486746a207cb25ed2b25273899335e0309579#commitcomment-7742311

[dhawes]

Pasted from the discussion above:

This appears to be a new feature in Apache 2.4: https://httpd.apache.org/docs/trunk/new_features_2_4.html

Translation of headers to environment variables is more strict than before to mitigate some possible
cross-site-scripting attacks via header injection. Headers containing invalid characters (including
underscores) are now silently dropped. Environment Variables in Apache has some pointers on how to
work around broken legacy clients which require such headers. (This affects all modules which use these
environment variables.)

Your workaround of using "CAS-" is probably the best thing to do here in the short term. We need to reconsider our defaults for Apache 2.4.

You can probably safely set CAS_DEFAULT_ATTRIBUTE_PREFIX to "" in mod_auth_cas.h if you want to not have a prefix. I haven't tested this much, but it seems to cause no issues (I'd have to test some more before I actually recommend doing this).

[jx759]

+1

[jamgregory]

Are there any plans to merge the @klausdieterkrannich's changes into this repo? We're in the process of upgrading our servers to use Apache 2.4, and ideally need to use this module.

[pames]

I don't have any active CAS deployments to test against (and haven't in years), so I'm not keen to merge something I can't really test/support. That said, maybe there are others with active deployments that are willing to take this on who also have commit rights on the project (e.g. the VA Tech folks).

[dhawes]

I have tested the 2.4 merge request and also recommend it to users here at VT. I would merge it based on that, but since I'm newer to the project than most I haven't done so.

I've actually been meaning to bring this up on the dev list as there are a few merge requests that I think can be merged and maybe tagged as a new release.

[dotmjs]

@dhawes Can you note the pull requests that yuo've vetted (set milestone to "1.10" might be easiest way) ?

On Wed, Oct 21, 2015 at 3:21 PM, David Hawes notifications@github.com wrote:

I have tested the 2.4 merge request and also recommend it to users here at VT. I would merge it based on that, but since I'm newer to the project than most I haven't done so.

I've actually been meaning to bring this up on the dev list as there are a few merge requests that I think can be merged and maybe tagged as a new release.

— Reply to this email directly or view it on GitHub https://github.com/Jasig/mod_auth_cas/issues/49#issuecomment-149999700.

matt@forsetti.com PGP: E2144AD8

[dhawes]

Milestones set:

https://github.com/Jasig/mod_auth_cas/milestones/1.0.10

[jhg03a]

@dhawes I tried testing your code today without success when using the jasigcas.herokuapp.com test server. I used the compile instructions on RHEL 6 following these steps: http://plone.uconn.edu/workspaces/uits-linux/standard-operating-procedures-sop/os-installs/red-hat/rhel6-installing-mod_auth_cas

Looking at the response stream, it appears that it's getting chopped off part-way through. http://pastebin.ca/3233738

[dhawes]

@jhg03a Are you using /serviceValidate or /samlValidate? It looks like only the former is configured on that server. When I try /samlValidate I get redirected to /login, which is exactly what your response shows.

/serviceValidate does seem to work.

[jhg03a]

@dhawes I'm seeing the same thing regardless. In case it's relevant, here is my apache .conf I'm testing with. http://pastebin.ca/3235278

[dhawes]

@jhg03a Try the following:

CASLoginURL https://jasigcas.herokuapp.com/login
CASValidateURL https://jasigcas.herokuapp.com/serviceValidate

[jhg03a]

Ah ha! That did it. Now things are working fine with the pull request. Thanks @dhawes!

[jhg03a]

I wish they would document on that page what all the appropriate URL are. Based on their documentation their url should have a /cas/ in the middle of it.

[jx759]

Is mod_auth_cas considered fully compatible with Apache 2.4?

I noticed this merge: https://github.com/Jasig/mod_auth_cas/pull/86

I've installed mod_auth_cas and am using it successfully with Apache 2.4

The main README still indicates support is for Apache 2.0 and 2.2

Also fyi on RHEL I need to install these: gcc openssl-devel libcurl-devel automake libtool httpd-devel

Thank you for all your work on this.

[dhawes]

Apache 2.4 support is in git master, and should be released soon as v1.1.

I hesitate to say "fully compatible", but we will take care of issues as they arise. :)

Thanks for the note about the README. That is one of the things we need to update before the release.

[dhawes]

Apache 2.4 support has been added in v1.1.

[Smy]

Thank you @dhawes and the mod_auth_cas team for this release !

[gcarroll]

As soon as I can g

Sent from my iPhone

On May 19, 2016, at 7:54 AM, Smy notifications@github.com wrote:

Thank you @dhawes and the mod_auth_cas team for this release !

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub

[gcarroll]

hello

Sent from my iPhone

On May 19, 2016, at 7:54 AM, Smy notifications@github.com wrote:

Thank you @dhawes and the mod_auth_cas team for this release !

— You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub

[gcarroll]

Hello,

Sorry about that. Seems my iPhone decided to decide that was ready to post when I wasn't. I have downloaded this release and first need to get my CAS server configured and working beforehand. I will report any issues here if I run into any.

+1 for everyone's work on this module.

Geordie Carroll Interior Technology Inc