[Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
Ludwig Possie
ludwigpossie at weber.edu
Thu Aug 10 12:16:02 EDT 2023
Thank you so much! That did get me to the CAS authentication screen. I
was able to enter my username and password and was redirected back to AS.
However I'm now getting an "Authentication error, unable to login."
message. I know that username is in AS along with permissions, since we
used to authenticate using LDAP. Am I missing something? Thx.
On Thu, Aug 10, 2023 at 10:02 AM Mark Cooper <mark.cooper at lyrasis.org>
wrote:
> Hi Ludwig,
>
> Try this - update the provider config:
>
> config: {
> url: 'https://cas.weber.edu',
> host: 'cas.weber.edu',
> * path_prefix: '/staff/auth',*
> * callback_url: '/staff/auth/cas/callback',*
> # everything else ...
> }
>
> Finding all of the possible configuration options (if it turns out you
> need them) can be somewhat tricky. In this case path prefix comes direct
> from the omniauth library:
>
>
> https://github.com/search?q=repo%3Aomniauth%2Fomniauth%20path_prefix&type=code
>
> Best,
> Mark
>
> Hosting and Support Team
> Lyrasis
>
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of
> Ludwig Possie <ludwigpossie at weber.edu>
> *Sent:* Thursday, August 10, 2023 8:45 AM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* Re: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration
> Issues
>
> I apologize, I didn't want to have any issues with our security team so I
> substituted our domain name for 'someuniversity'. I've checked with them
> and they are fine if I post the following. We do have ArchivesSpace
> running behind Traefik proxy. This is what part of configuration currently
> looks like:
>
> # proxy config (release testing only)
> AppConfig[:frontend_proxy_url] = "https://asstage.weber.edu/staff"
> AppConfig[:public_proxy_url] = "https://asstage.weber.edu/"
>
> AppConfig[:plugins] = ['batch_update_lang_and_script',
> 'batch_update_langmaterials', 'aspace-oauth']
>
> AppConfig[:authentication_sources] = [{
> model: 'ASOauth',
> provider: 'cas',
> label: 'CAS Sign In',
> slo_link: true,
> config: {
> url: '
> https://cas.weber.edu',
> host: 'cas.weber.edu',
> ssl: true,
> login_url: '/login',
> logout_url: '/logout',
> service_validate_url:
> '/serviceValidate',
> callback_url:
> 'auth/cas/callback',
> uid_key: 'user',
> email_key: 'email'
> # more cas keys and
> options at: https://github.com/dlindahl/omniauth-cas
> #
> # if your server does not
> return an email address, you can add one
> # here using the
> fetch_raw_info option.
> #fetch_raw_info: ->(s, o,
> t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu" } }
> }
> }]
>
>
> When I click on the 'CAS Sign In' button this is what I'm getting back on
> the logs:
> ************************************************************
> │ Welcome to ArchivesSpace!
> │ You can now point your browser to http://localhost:8080
> │ ************************************************************
> │ F, [2023-08-10T15:28:36.687087 #65] FATAL -- :
> │ F, [2023-08-10T15:28:36.689853 #65] FATAL -- :
> ActionController::RoutingError (No route matches [GET] "/staff/auth/cas"):
> │ F, [2023-08-10T15:28:36.690437 #65] FATAL -- :
> │ F, [2023-08-10T15:28:36.690757 #65] FATAL -- : actionpack (5.2.8.1)
> lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
> │ actionpack (5.2.8.1)
> lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
> │ railties (5.2.8.1) lib/rails/rack/logger.rb:38:in `call_app'
> │ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `block in call'
> │ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in
> `block in tagged'
> │ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:28:in
> `tagged'
> │ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in
> `tagged'
> │ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `call'
> │ actionpack (5.2.8.1) lib/action_dispatch/middleware/remote_ip.rb:81:in
> `call'
> │ actionpack (5.2.8.1)
> lib/action_dispatch/middleware/request_id.rb:27:in `call'
> │ rack (2.2.6.2) lib/rack/method_override.rb:24:in `call'
> │ rack (2.2.6.2) lib/rack/runtime.rb:22:in `call'
> │ activesupport (5.2.8.1)
> lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
> │ actionpack (5.2.8.1) lib/action_dispatch/middleware/executor.rb:14:in
> `call'
> │ actionpack (5.2.8.1) lib/action_dispatch/middleware/static.rb:127:in
> `call'
> │ rack (2.2.6.2) lib/rack/sendfile.rb:110:in `call'
> │ railties (5.2.8.1) lib/rails/engine.rb:524:in `call'
>
> On Thu, Aug 10, 2023 at 8:21 AM Joshua D. Shaw <
> Joshua.D.Shaw at dartmouth.edu> wrote:
>
> Hi Ludwig
>
> Assuming you haven't removed your specific domain what you posted, I think
> you'll want to change all of the urls, the host, and the email domain to
> your specific urls/domain. You may need to contact your IT department to
> get specifics.
>
> You only need the proxy url entries if you are running AS under a proxy.
>
> Best,
> Joshua
>
> ------------------------------
> *From:* archivesspace_users_group-bounces at lyralists.lyrasis.org <
> archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of
> Ludwig Possie <ludwigpossie at weber.edu>
> *Sent:* Wednesday, August 9, 2023 8:36 PM
> *To:* Archivesspace Users Group <
> archivesspace_users_group at lyralists.lyrasis.org>
> *Subject:* [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
>
> I'm trying to get CAS authentication setup on our AS 3.4.0 using the
> lyrasis/aspace-oauth plugin. I've tried to follow the example outlined on
> the plugin. I'm able to get as far as to the staff login page and I can
> see a "CAS sign In" button on the top right, but when I press it I get the
> following message, "The page you were looking for doesn't exist." The
> button links me to https://as.someuniversity.edu/staff/auth/cas
>
> My config.rb contains the following parameters is there something that I
> need to add or change?:
>
> AppConfig[:frontend_proxy_url] = "https://as.someuniversity.edu/staff"
> AppConfig[:public_proxy_url] = "https://as.someuniversity.edu/"
>
> AppConfig[:authentication_sources] = [{
>
> model: 'ASOauth',
>
> provider: 'cas',
> label: 'CAS Sign In',
> slo_link: true,
> config: {
> url: '
> https://cas.someuniversity.edu',
> host: '
> cas.someuniversity.edu',
> ssl: true,
> login_url: '/login',
> logout_url: '/logout',
> service_validate_url:
> '/cas/serviceValidate',
>
> callback_url: 'auth/cas/callback',
>
> uid_key: 'user',
> email_key: 'email'
> # more cas keys and
> options at: https://github.com/dlindahl/omniauth-cas
> #
> # if your server does not
> return an email address, you can add one
> # here using the
> fetch_raw_info option.
> #fetch_raw_info: ->(s, o,
> t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu" } }
> }
> }]
>
> --
> Ludwig Possié
> Systems Admin
> Stewart Library
> Weber State University
> 801-626-8093
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
>
>
> --
> Ludwig Possié
> Systems Admin
> Stewart Library
> Weber State University
> 801-626-8093
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
>
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20230810/dc61d34b/attachment.html>
More information about the Archivesspace_Users_Group
mailing list