You are browsing a read-only backup copy of Wikitech. The primary site can be found at wikitech.wikimedia.org
CAS-SSO/Administration: Difference between revisions
< CAS-SSO
Jump to navigation
Jump to search
imported>Jbond |
imported>Muehlenhoff (API endpoints) |
||
| Line 22: | Line 22: | ||
To debug mode_auth_cas update the vhost to have <code>Loglevel debug</code> & <code>CASDebug On</code> | To debug mode_auth_cas update the vhost to have <code>Loglevel debug</code> & <code>CASDebug On</code> | ||
== API endpoints == | |||
The ssoSessions endpoint exports a JSON description of current sessions, restricted to access from the IDP hosts (currently disabled): | |||
curl https://idp.wikimedia.org/api/ssoSessions?type=ALL | |||
Revision as of 14:22, 30 March 2020
Stub page with information on how to debug/handle Apereo CAS as deployed by the Wikimedia Foundation.
Icinga
$vhost requires authentication
This icinga check is in place to ensure protected sites correctly redirect and unauthenticated connection back to https://idp.wikimedia.org. You can run the check manually from icinga with the following command. (use the -v switch to increase verbosity)
icinga1001 ~ $ # test cas-icinga.wikimedia.org
icinga1001 ~ $ IP=208.80.154.84
icinga1001 ~ $ VHOST=cas-icinga.wikimedia.org
icinga1001 ~ $ URI=/icinga
208 ~ % /usr/lib/nagios/plugins/check_http -I ${IP} -H ${VHOST} -e 'HTTP/1.1 302' -d 'ocation: https://idp.wikimedia.org/login' -S -u ${URI}
HTTP OK: Status line output matched "HTTP/1.1 302" - 604 bytes in 0.005 second response time |time=0.004526s;;;0.000000;10.000000 size=604B;;;0
common things to check
- the
-uswitch points to the correct protected uri - The check is hitting the correct vhost
- mod_auth_cas is correctly installed and configured
To debug mode_auth_cas update the vhost to have Loglevel debug & CASDebug On
API endpoints
The ssoSessions endpoint exports a JSON description of current sessions, restricted to access from the IDP hosts (currently disabled):
curl https://idp.wikimedia.org/api/ssoSessions?type=ALL