You are browsing a read-only backup copy of Wikitech. The live site can be found at


From Wikitech-static
Revision as of 14:22, 30 March 2020 by imported>Muehlenhoff (API endpoints)
Jump to navigation Jump to search

Stub page with information on how to debug/handle Apereo CAS as deployed by the Wikimedia Foundation.


$vhost requires authentication

This icinga check is in place to ensure protected sites correctly redirect and unauthenticated connection back to You can run the check manually from icinga with the following command. (use the -v switch to increase verbosity)

icinga1001 ~ $ # test
icinga1001 ~ $ IP=
icinga1001 ~ $
icinga1001 ~ $ URI=/icinga
208 ~ % /usr/lib/nagios/plugins/check_http -I ${IP} -H ${VHOST} -e 'HTTP/1.1 302' -d 'ocation:' -S -u ${URI}  
HTTP OK: Status line output matched "HTTP/1.1 302" - 604 bytes in 0.005 second response time |time=0.004526s;;;0.000000;10.000000 size=604B;;;0

common things to check

  • the -u switch points to the correct protected uri
  • The check is hitting the correct vhost
  • mod_auth_cas is correctly installed and configured

To debug mode_auth_cas update the vhost to have Loglevel debug & CASDebug On

API endpoints

The ssoSessions endpoint exports a JSON description of current sessions, restricted to access from the IDP hosts (currently disabled):