Objet : Discussion list for Belenios
Archives de la liste
- From: Alban Bruder <alban.bruder AT uni-weimar.de>
- To: belenios-discuss AT inria.fr
- Cc: Stéphane Glondu <stephane.glondu AT inria.fr>
- Subject: Re: [belenios-discuss] Keycloak CAS fails with 502 error
- Date: Tue, 6 Apr 2021 17:43:30 +0200
- Authentication-results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=alban.bruder AT uni-weimar.de; spf=None smtp.mailfrom=alban.bruder AT uni-weimar.de; spf=None smtp.helo=postmaster AT smtpout.uni-weimar.de
- Ironport-hdrordr: A9a23:aT/5c6GHC/boaM+cpLqFu5HXdLJzesId70hD6mlaQ3VuHPCwvcaogfgdyFvQgDEeRHkvlbm7SdC9aFnb8oN45pRUAKyrWxPotHDtAIZp64bjxDOIIVyZysd206B8f69iTODhFFQSt7ec3CCUG8stqeP3k5yAqvzZyx5WLD1CS6Yl1AthDxbeL0sefngjObMcNL6xovVKvCChf3N/VLXfOlAgU/LYr9PG0LLKCCRnOzcd5AODjSyl5dfBenDytCs2aD9Bzawv9mLIiWXCiZmLie2xyRPXygbogqh+pd2J8Ld+LfCXhtNQAjvhjRvAXvUCZ5Sy+A80u/20rGwhmN7KrxpIBbUK11rhOl60ugf2nzP82Csz8RbZuCSlvUc=
- Ironport-phdr: A9a23:teXjmBZJRPdP/r8GEsaavfT/LTGQ14qcDmYuwqpisKpHd+GZx7+nAna3zctkgFKBZ4jH8fUM07OQ7/mxHzVfvN3Y7jgrS99lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBoKevrB4Xck9q41/yo+53Ufg5EmCexbal9IRmrqQjdrNQajIliJ6o+1xfEo2ZDdvhLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfMTQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklDsLOjgk+2zMlMd+kLxUrw6gpxxnwo7bfoeVNOZlfqjAed8WXHdNUtpNWyBEBI6zaJYBD/caPeZAsYbyu0cOoxW5BQmpHuzvyzlIjWLy0aA11+ktFAfL1xEiEd0TqnTZtMj7OrkcUe61z6fGwzvMYPxU1jjh54bFaQwhrPKWUL5sbcbcx0siGgXYhVuQs4zlODaV2/wRvmif9OVvT+SvgHM6pgFrvzig29kjipPUjY8S0F/E8T52z5wzJdGiU0F7e8OkH4ZOuCGALIZ2X8UiQ2BxtCc01LIGuJu7czIQyJg92hHQdeWKfo6V6R3sSOifOy13hG55eL2hnRay91Ctx+zzW8SwzVpHsCpIn9fMuH0P2RLe9MeKRuVy80mvxTuCygPe5v1FLE03iafVK4Asz70/m5QTsUnOAjH6lkv5gqKQa04q9O+o6+H9bbXnoJ+RL4B0igDiMqQuh8ywGv40MgkJX2SD9uS81aHj/U3kQLpRlPE5jq7ZsJXCKcQYuKG4AxNa0oIk6xmlDDeqytQYnX4cLFJZYB6Hjo7pO0vPIP/iF/u/jU6snTF2zP7FJr3sGojBI3fenLv7fbtw5FRQxBcpwdxC+p5ZC6kNLfbzV0PrsNHUEgU1PgKpz+r9CNhw1YUTUn+VDKCDKqPdq1qI6/ovI+aSYI8Vvy7wK+Mg5/7ylX85nkIdfbWz0ZsKbnC4H+1qIkuHbnrth9cOC30KshAjQ+P0kFGCUDhTaGiuX68k+z02B5+qAZ3DS42imrCNwT23EoBLam1HElyMFG3nd4SAW/cCciKSJcphnyQeWrilUIAuzxeuuBXhxLp9M+rb5zMXtYj42dho4e3TlAg+9DJqAMSc1mGCVXt0knkVSDAoxKx/u1Byyk+f0ahkhPxVDdNT5/dOUgc8KJHc0vd3CtHzWgLEZdiJUkypTs+nATE3VNIxwsUBb1xzG9W4lhrDxTalA6cJl7yXA5w56rnT0Gb1J8ljzXbG1a4hj0I/TsRSNG2mnbJw9xXIB47SiEiZjKardaEE3CHX7muDzGyOvFtZUAFqS6nFU2ofNQPqqoHz60fPSb6pEvErMxBK1NWZAqpMcNzgy1tcF9n5P9GLSma7kmH4LwyVyr6WJN7jf28U2mPXElUInho74HCHcBczByKouSTSAWo9RhrUf0rw/Lwm+zuARUguwlTPMhQJ/4rwwQYcgLmnc91W27sFvCk7rDAcNEu73pfJBtuFrhAncKgOObsV0BJ8zWvc8jdFENm4NakKrkMYckFoskLr3g8xBogSyaACnDYR1AN3bJmg/hZBejeftbjrP6HPLXTuug2pauvJ11Db2czQ9qpdsJwF
Thank you for your quick response.
I see. This behavior of the /validate endpoint is not described in previous CAS documentations (https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#242-response)
With the added line, authentication works for me too.
Thanks a lot!
On 06.04.21 17:26, Stéphane Glondu wrote:
Hello,
Le 06/04/2021 à 15:44, Alban Bruder a écrit :
I am trying to create an election with Belenios and CAS via theBelenios implements the CAS 1.0 protocol:
following Keycloak plugin.
(https://github.com/jacekkow/keycloak-protocol-cas)
If authentication is successful, the Keycloak endpoint
https://your.keycloak.host/auth/realms/master/protocol/cas/validate
returns the response string "yes". However, Belenios terminates with a
"502 - Bad Gateway" error. The problem occurs in the public demo as well
as in my private instance. Unfortunately I'm not an OCAML expert but the
corresponding position in the code should be the following
(https://gitlab.inria.fr/belenios/belenios/-/blob/master/src/web/web_auth_cas.ml#L97).
Does anyone have any idea how we can solve this problem?
https://apereo.github.io/cas/5.2.x/protocol/CAS-Protocol-V2-Specification.html#24-validate-cas-10
In the validate endpoint, the response string "yes" should be followed
by (a newline and) the login being authenticated. Is it indeed returned
by your CAS server?
Looking at:
https://github.com/jacekkow/keycloak-protocol-cas/blob/master/src/main/java/org/keycloak/protocol/cas/endpoints/ValidateEndpoint.java
it seems that just "yes" is returned. How is one supposed to know who
has been authenticated in this case?
Cheers,
--
Alban Bruder
Studiengang Medieninformatik, B.Sc.
Bauhaus-Universität Weimar
Mitglied des StudierendenKonvents
Mitglied des Fachschaftsrats Medien
Büro der Studierendenvertretungen
Marienstraße 18
D-99423 Weimar
- [belenios-discuss] Keycloak CAS fails with 502 error, Alban Bruder, 06/04/2021
- Re: [belenios-discuss] Keycloak CAS fails with 502 error, Stéphane Glondu, 06/04/2021
- Re: [belenios-discuss] Keycloak CAS fails with 502 error, Alban Bruder, 06/04/2021
- Re: [belenios-discuss] Keycloak CAS fails with 502 error, Stéphane Glondu, 06/04/2021
Archives gérées par MHonArc 2.6.19+.