[Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
Mark Cooper
mark.cooper at lyrasis.org
Thu Aug 10 12:49:10 EDT 2023
I'd try:
config: {
// everything else ...
fetch_raw_info: ->(s, o, t, user_info, raw_xml) {
{ email: "#{user_info['user']}@example.org}" }
}
}
Replace example.org with your email domain.
You can also review the documentation to see if there are other config settings that may be required for your implementation:
https://github.com/dlindahl/omniauth-cas#configuration-options
If that doesn't work you'll most likely need someone to add log statements to the plugin to see what you're getting back from the cas response and see if you can figure out the issue based on that. That's definitely getting in the weeds and will be awkward / very difficult to troubleshoot via mailing list.
Mark
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org <archivesspace_users_group-bounces at lyralists.lyrasis.org> on behalf of Ludwig Possie <ludwigpossie at weber.edu>
Sent: Thursday, August 10, 2023 9:16 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org>
Subject: Re: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
Thank you so much! That did get me to the CAS authentication screen. I was able to enter my username and password and was redirected back to AS. However I'm now getting an "Authentication error, unable to login." message. I know that username is in AS along with permissions, since we used to authenticate using LDAP. Am I missing something? Thx.
On Thu, Aug 10, 2023 at 10:02 AM Mark Cooper <mark.cooper at lyrasis.org<mailto:mark.cooper at lyrasis.org>> wrote:
Hi Ludwig,
Try this - update the provider config:
config: {
url: 'https://cas.weber.edu',
host: 'cas.weber.edu<http://cas.weber.edu>',
path_prefix: '/staff/auth',
callback_url: '/staff/auth/cas/callback',
# everything else ...
}
Finding all of the possible configuration options (if it turns out you need them) can be somewhat tricky. In this case path prefix comes direct from the omniauth library:
https://github.com/search?q=repo%3Aomniauth%2Fomniauth%20path_prefix&type=code
Best,
Mark
Hosting and Support Team
Lyrasis
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Ludwig Possie <ludwigpossie at weber.edu<mailto:ludwigpossie at weber.edu>>
Sent: Thursday, August 10, 2023 8:45 AM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: Re: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
I apologize, I didn't want to have any issues with our security team so I substituted our domain name for 'someuniversity'. I've checked with them and they are fine if I post the following. We do have ArchivesSpace running behind Traefik proxy. This is what part of configuration currently looks like:
# proxy config (release testing only)
AppConfig[:frontend_proxy_url] = "https://asstage.weber.edu/staff"
AppConfig[:public_proxy_url] = "https://asstage.weber.edu/"
AppConfig[:plugins] = ['batch_update_lang_and_script', 'batch_update_langmaterials', 'aspace-oauth']
AppConfig[:authentication_sources] = [{
model: 'ASOauth',
provider: 'cas',
label: 'CAS Sign In',
slo_link: true,
config: {
url: 'https://cas.weber.edu',
host: 'cas.weber.edu<http://cas.weber.edu>',
ssl: true,
login_url: '/login',
logout_url: '/logout',
service_validate_url: '/serviceValidate',
callback_url: 'auth/cas/callback',
uid_key: 'user',
email_key: 'email'
# more cas keys and options at: https://github.com/dlindahl/omniauth-cas
#
# if your server does not return an email address, you can add one
# here using the fetch_raw_info option.
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu<http://ivory-tower.edu>" } }
}
}]
When I click on the 'CAS Sign In' button this is what I'm getting back on the logs:
************************************************************
│ Welcome to ArchivesSpace!
│ You can now point your browser to http://localhost:8080
│ ************************************************************
│ F, [2023-08-10T15:28:36.687087 #65] FATAL -- :
│ F, [2023-08-10T15:28:36.689853 #65] FATAL -- : ActionController::RoutingError (No route matches [GET] "/staff/auth/cas"):
│ F, [2023-08-10T15:28:36.690437 #65] FATAL -- :
│ F, [2023-08-10T15:28:36.690757 #65] FATAL -- : actionpack (5.2.8.1) lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:38:in `call_app'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `block in call'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:28:in `tagged'
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `tagged'
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'
│ rack (2.2.6.2) lib/rack/method_override.rb:24:in `call'
│ rack (2.2.6.2) lib/rack/runtime.rb:22:in `call'
│ activesupport (5.2.8.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/executor.rb:14:in `call'
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/static.rb:127:in `call'
│ rack (2.2.6.2) lib/rack/sendfile.rb:110:in `call'
│ railties (5.2.8.1) lib/rails/engine.rb:524:in `call'
On Thu, Aug 10, 2023 at 8:21 AM Joshua D. Shaw <Joshua.D.Shaw at dartmouth.edu<mailto:Joshua.D.Shaw at dartmouth.edu>> wrote:
Hi Ludwig
Assuming you haven't removed your specific domain what you posted, I think you'll want to change all of the urls, the host, and the email domain to your specific urls/domain. You may need to contact your IT department to get specifics.
You only need the proxy url entries if you are running AS under a proxy.
Best,
Joshua
________________________________
From: archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org> <archivesspace_users_group-bounces at lyralists.lyrasis.org<mailto:archivesspace_users_group-bounces at lyralists.lyrasis.org>> on behalf of Ludwig Possie <ludwigpossie at weber.edu<mailto:ludwigpossie at weber.edu>>
Sent: Wednesday, August 9, 2023 8:36 PM
To: Archivesspace Users Group <archivesspace_users_group at lyralists.lyrasis.org<mailto:archivesspace_users_group at lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues
I'm trying to get CAS authentication setup on our AS 3.4.0 using the lyrasis/aspace-oauth plugin. I've tried to follow the example outlined on the plugin. I'm able to get as far as to the staff login page and I can see a "CAS sign In" button on the top right, but when I press it I get the following message, "The page you were looking for doesn't exist." The button links me to https://as.someuniversity.edu/staff/auth/cas
My config.rb contains the following parameters is there something that I need to add or change?:
AppConfig[:frontend_proxy_url] = "https://as.someuniversity.edu/staff"
AppConfig[:public_proxy_url] = "https://as.someuniversity.edu/"
AppConfig[:authentication_sources] = [{
model: 'ASOauth',
provider: 'cas',
label: 'CAS Sign In',
slo_link: true,
config: {
url: 'https://cas.someuniversity.edu<https://cas.someuniversity.edu/>',
host: 'cas.someuniversity.edu<http://cas.someuniversity.edu/>',
ssl: true,
login_url: '/login',
logout_url: '/logout',
service_validate_url: '/cas/serviceValidate',
callback_url: 'auth/cas/callback',
uid_key: 'user',
email_key: 'email'
# more cas keys and options at: https://github.com/dlindahl/omniauth-cas
#
# if your server does not return an email address, you can add one
# here using the fetch_raw_info option.
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@ivory-tower.edu<http://ivory-tower.edu/>" } }
}
}]
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org<mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
_______________________________________________
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group at lyralists.lyrasis.org<mailto:Archivesspace_Users_Group at lyralists.lyrasis.org>
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
--
Ludwig Possié
Systems Admin
Stewart Library
Weber State University
801-626-8093
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20230810/6cd6d033/attachment.html>
More information about the Archivesspace_Users_Group
mailing list