You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Difference between revisions of "CAS-SSO/Administration"

From Wikitech-static
Jump to navigation Jump to search
imported>Muehlenhoff
(New stub page)
 
imported>Jbond
Line 1: Line 1:
Stub page with information on how to debug/handle Apereo CAS as deployed by the Wikimedia Foundation.
Stub page with information on how to debug/handle Apereo CAS as deployed by the Wikimedia Foundation.
== Icinga ==
=== $vhost requires authentication ===
This icinga check is in place to ensure protected sites correctly redirect and unauthenticated connection back to https://idp.wikimedia.org.  You can run the check manually from icinga with the following command. (use the -v switch to increase verbosity)
<source lang="bash">
icinga1001 ~ $ # test cas-icinga.wikimedia.org
icinga1001 ~ $ IP=208.80.154.84
icinga1001 ~ $ VHOST=cas-icinga.wikimedia.org
icinga1001 ~ $ URI=/icinga
208 ~ % /usr/lib/nagios/plugins/check_http -I ${IP} -H ${VHOST} -e 'HTTP/1.1 302' -d 'ocation: https://idp.wikimedia.org/login' -S -u ${URI} 
HTTP OK: Status line output matched "HTTP/1.1 302" - 604 bytes in 0.005 second response time |time=0.004526s;;;0.000000;10.000000 size=604B;;;0
</source>
common things to check
* the <code>-u</code> switch points to the correct protected uri
* The check is hitting the correct vhost
* mod_auth_cas is correctly installed and configured
To debug mode_auth_cas update the vhost to have <code>Loglevel debug</code> & <code>CASDebug On</code>

Revision as of 10:17, 27 March 2020

Stub page with information on how to debug/handle Apereo CAS as deployed by the Wikimedia Foundation.

Icinga

$vhost requires authentication

This icinga check is in place to ensure protected sites correctly redirect and unauthenticated connection back to https://idp.wikimedia.org. You can run the check manually from icinga with the following command. (use the -v switch to increase verbosity)

icinga1001 ~ $ # test cas-icinga.wikimedia.org
icinga1001 ~ $ IP=208.80.154.84
icinga1001 ~ $ VHOST=cas-icinga.wikimedia.org
icinga1001 ~ $ URI=/icinga
208 ~ % /usr/lib/nagios/plugins/check_http -I ${IP} -H ${VHOST} -e 'HTTP/1.1 302' -d 'ocation: https://idp.wikimedia.org/login' -S -u ${URI}  
HTTP OK: Status line output matched "HTTP/1.1 302" - 604 bytes in 0.005 second response time |time=0.004526s;;;0.000000;10.000000 size=604B;;;0

common things to check

  • the -u switch points to the correct protected uri
  • The check is hitting the correct vhost
  • mod_auth_cas is correctly installed and configured

To debug mode_auth_cas update the vhost to have Loglevel debug & CASDebug On