[Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
Mark Cooper
mark.cooper at lyrasis.org
Thu Aug 10 12:02:49 EDT 2023
Hi Ludwig,
Try this - update the provider config:
config: {
url: 'https://cas.weber.edu',
host: 'cas.weber.edu',
path_prefix: '/staff/auth',
callback_url: '/staff/auth/cas/callback',
# everything else ...
}
Finding all of the possible configuration options (if it turns out you need them) can be somewhat tricky. In this case path prefix comes direct from the omniauth library:
https://github.com/search?q=repo%3Aomniauth%2Fomniauth%20path_prefix&type=code
Best,
Mark
Hosting and Support Team
Lyrasis
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Ludwig Possie <ludwigpossie at weber.edu>
Sent: Thursday, August 10, 2023 8:45 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
I apologize, I didn't want to have any issues with our security team so I substituted our domain name for 'someuniversity'. I've checked with them and they are fine if I post the following. We do have ArchivesSpace running behind Traefik proxy. This is what part of configuration currently looks like:
# proxy config (release testing only)
AppConfig[:frontend_proxy_url] = "https://asstage.weber.edu/staff"
AppConfig[:public_proxy_url] = "https://asstage.weber.edu/"
AppConfig[:plugins] = ['batch_update_lang_and_script', 'batch_update_langmaterials', 'aspace-oauth']
AppConfig[:authentication_sources] = [{
model: 'ASOauth',
provider: 'cas',
label: 'CAS Sign In',
slo_link: true,
config: {
url: 'https://cas.weber.edu',
host: 'cas.weber.edu<http://cas.weber.edu>',
ssl: true,
login_url: '/login',
logout_url: '/logout',
service_validate_url: '/serviceValidate',
callback_url: 'auth/cas/callback',
uid_key: 'user',
email_key: 'email'
# more cas keys and options at: https://github.com/dlindahl/omniauth-cas
#
# if your server does not return an email address, you can add one
# here using the fetch_raw_info option.
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu<http://ivory-tower.edu>" } }
}
}]
When I click on the 'CAS Sign In' button this is what I'm getting back on the logs:
************************************************************
│ Welcome to ArchivesSpace!
│ You can now point your browser to http://localhost:8080
│ ************************************************************
│ F, [2023-08-10T15:28:36.687087 #65] FATAL -- :
│ F, [2023-08-10T15:28:36.689853 #65] FATAL -- : ActionController::RoutingError (No route matches [GET] "/staff/auth/cas"):
│ F, [2023-08-10T15:28:36.690437 #65] FATAL -- :
│ F, [2023-08-10T15:28:36.690757 #65] FATAL -- : actionpack (5.2.8.1) lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:38:in `call_app'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `block in call'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:28:in `tagged'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `tagged'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
│ rack (2.2.6.2) lib/rack/method_override.rb:24:in `call'
│ rack (2.2.6.2) lib/rack/runtime.rb:22:in `call'
│ activesupport (5.2.8.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/static.rb:127:in `call'
│ rack (2.2.6.2) lib/rack/sendfile.rb:110:in `call'
│ railties (5.2.8.1) lib/rails/engine.rb:524:in `call'
On Thu, Aug 10, 2023 at 8:21 AM Joshua D. Shaw <Joshua.D.Shaw at dartmouth.edu<mailto:Joshua.D.Shaw at dartmouth.edu>> wrote:
Hi Ludwig
Assuming you haven't removed your specific domain what you posted, I think you'll want to change all of the urls, the host, and the email domain to your specific urls/domain. You may need to contact your IT department to get specifics.
You only need the proxy url entries if you are running AS under a proxy.
Best,
Joshua
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Ludwig Possie <ludwigpossie at weber.edu<mailto:ludwigpossie at weber.edu>>
Sent: Wednesday, August 9, 2023 8:36 PM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
I'm trying to get CAS authentication setup on our AS 3.4.0 using the lyrasis/aspace-oauth plugin. I've tried to follow the example outlined on the plugin. I'm able to get as far as to the staff login page and I can see a "CAS sign In" button on the top right, but when I press it I get the following message, "The page you were looking for doesn't exist." The button links me to https://as.someuniversity.edu/staff/auth/cas
My config.rb contains the following parameters is there something that I need to add or change?:
AppConfig[:frontend_proxy_url] = "https://as.someuniversity.edu/staff"
AppConfig[:public_proxy_url] = "https://as.someuniversity.edu/"
AppConfig[:authentication_sources] = [{
model: 'ASOauth',
provider: 'cas',
label: 'CAS Sign In',
slo_link: true,
config: {
url: 'https://cas.someuniversity.edu<https://cas.someuniversity.edu/>',
host: 'cas.someuniversity.edu<http://cas.someuniversity.edu/>',
ssl: true,
login_url: '/login',
logout_url: '/logout',
service_validate_url: '/cas/serviceValidate',
callback_url: 'auth/cas/callback',
uid_key: 'user',
email_key: 'email'
# more cas keys and options at: https://github.com/dlindahl/omniauth-cas
#
# if your server does not return an email address, you can add one
# here using the fetch_raw_info option.
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu<http://ivory-tower.edu/>" } }
}
}]
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org<mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20230810/38646985/attachment.html>
More information about the Archivesspace_Users_Group
mailing list