<div dir="ltr">Thank you so much! That did get me to the CAS authentication screen. I was able to enter my username and password and was redirected back to AS. However I'm now getting an "Authentication error, unable to login." message. I know that username is in AS along with permissions, since we used to authenticate using LDAP. Am I missing something? Thx.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 10, 2023 at 10:02 AM Mark Cooper <<a href="mailto:mark.cooper@lyrasis.org">mark.cooper@lyrasis.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg3474093496870859627">
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hi Ludwig,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Try this - update the provider config:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
config: {
<div> url: '<a href="https://cas.weber.edu" target="_blank">https://cas.weber.edu</a>',</div>
<div> host: '<a href="http://cas.weber.edu" target="_blank">cas.weber.edu</a>',</div>
<div><b> path_prefix: '/staff/auth',</b></div>
<div><b> callback_url: '/staff/auth/cas/callback',</b></div>
<div> # everything else ...</div>
}<br>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Finding all of the possible configuration options (if it turns out you need them) can be somewhat tricky. In this case path prefix comes direct from the omniauth library:</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<a href="https://github.com/search?q=repo%3Aomniauth%2Fomniauth%20path_prefix&type=code" id="m_3474093496870859627LPlnk585181" target="_blank">https://github.com/search?q=repo%3Aomniauth%2Fomniauth%20path_prefix&type=code</a><br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Best,</div>
<div id="m_3474093496870859627Signature">
<div>
<div id="m_3474093496870859627divtagdefaultwrapper" style="font-size:12pt;font-family:Calibri,Arial,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,255,255)">
</div>
<div style="font-size:12pt;font-family:Calibri,Arial,Helvetica,sans-serif;color:rgb(0,0,0);background-color:rgb(255,255,255)">
<div name="divtagdefaultwrapper">
<span dir="ltr"><font style="color:black" size="3" face="Calibri,Arial,Helvetica,sans-serif"><span style="font-size:12pt;background-color:white"><font face="Calibri,Arial,Helvetica,sans-serif"><font style="color:rgb(40,40,40)" face="Calibri,Arial,Helvetica,sans-serif"><font style="color:rgb(47,47,47)" face="Arial,sans-serif"></font></font></font></span></font></span></div>
<div name="divtagdefaultwrapper">
<div>Mark</div>
<div><br>
</div>
<div>Hosting and Support Team</div>
<div>Lyrasis</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="m_3474093496870859627appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_3474093496870859627divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> <a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">archivesspace_users_group-bounces@lyralists.lyrasis.org</a> <<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">archivesspace_users_group-bounces@lyralists.lyrasis.org</a>> on behalf of Ludwig Possie
<<a href="mailto:ludwigpossie@weber.edu" target="_blank">ludwigpossie@weber.edu</a>><br>
<b>Sent:</b> Thursday, August 10, 2023 8:45 AM<br>
<b>To:</b> Archivesspace Users Group <<a href="mailto:archivesspace_users_group@lyralists.lyrasis.org" target="_blank">archivesspace_users_group@lyralists.lyrasis.org</a>><br>
<b>Subject:</b> Re: [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues</font>
<div> </div>
</div>
<div>
<div dir="ltr">I apologize, I didn't want to have any issues with our security team so I substituted our domain name for 'someuniversity'. I've checked with them and they are fine if I post the following. We do have ArchivesSpace running behind Traefik proxy.
This is what part of configuration currently looks like:
<div><br>
</div>
<div><font face="monospace"># proxy config (release testing only)<br>
AppConfig[:frontend_proxy_url] = "<a href="https://asstage.weber.edu/staff" target="_blank">https://asstage.weber.edu/staff</a>"<br>
AppConfig[:public_proxy_url] = "<a href="https://asstage.weber.edu/" target="_blank">https://asstage.weber.edu/</a>"</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">AppConfig[:plugins] = ['batch_update_lang_and_script', 'batch_update_langmaterials', 'aspace-oauth']</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">AppConfig[:authentication_sources] = [{<br>
model: 'ASOauth',<br>
provider: 'cas',<br>
label: 'CAS Sign In',<br>
slo_link: true,<br>
config: {<br>
url: '<a href="https://cas.weber.edu" target="_blank">https://cas.weber.edu</a>',<br>
host: '<a href="http://cas.weber.edu" target="_blank">cas.weber.edu</a>',<br>
ssl: true,<br>
login_url: '/login',<br>
logout_url: '/logout',<br>
service_validate_url: '/serviceValidate',</font></div>
<div><span style="font-family:monospace"> callback_url: 'auth/cas/callback',</span></div>
<div><font face="monospace"> uid_key: 'user',<br>
email_key: 'email'<br>
# more cas keys and options at: <a href="https://github.com/dlindahl/omniauth-cas" target="_blank">
https://github.com/dlindahl/omniauth-cas</a><br>
#<br>
# if your server does not return an email address, you can add one<br>
# here using the fetch_raw_info option.<br>
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@<a href="http://ivory-tower.edu" target="_blank">ivory-tower.edu</a>" } }<br>
}<br>
}]</font><br>
<div><br>
</div>
<div><br>
</div>
<div>When I click on the 'CAS Sign In' button this is what I'm getting back on the logs:</div>
<div><font face="monospace"> ************************************************************<br>
│ Welcome to ArchivesSpace!<br>
│ You can now point your browser to <a href="http://localhost:8080" target="_blank">http://localhost:8080</a><br>
│ ************************************************************<br>
│ F, [2023-08-10T15:28:36.687087 #65] FATAL -- :<br>
│ F, [2023-08-10T15:28:36.689853 #65] FATAL -- : ActionController::RoutingError (No route matches [GET] "/staff/auth/cas"):<br>
│ F, [2023-08-10T15:28:36.690437 #65] FATAL -- :<br>
│ F, [2023-08-10T15:28:36.690757 #65] FATAL -- : actionpack (5.2.8.1) lib/action_dispatch/middleware/debug_exceptions.rb:65:in `call'<br>
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/show_exceptions.rb:33:in `call'<br>
│ railties (5.2.8.1) lib/rails/rack/logger.rb:38:in `call_app'<br>
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `block in call'<br>
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `block in tagged'<br>
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:28:in `tagged'<br>
│ activesupport (5.2.8.1) lib/active_support/tagged_logging.rb:71:in `tagged'<br>
│ railties (5.2.8.1) lib/rails/rack/logger.rb:26:in `call'<br>
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/remote_ip.rb:81:in `call'<br>
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/request_id.rb:27:in `call'<br>
│ rack (2.2.6.2) lib/rack/method_override.rb:24:in `call'<br>
│ rack (2.2.6.2) lib/rack/runtime.rb:22:in `call'<br>
│ activesupport (5.2.8.1) lib/active_support/cache/strategy/local_cache_middleware.rb:29:in `call'<br>
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/executor.rb:14:in `call'<br>
│ actionpack (5.2.8.1) lib/action_dispatch/middleware/static.rb:127:in `call'<br>
│ rack (2.2.6.2) lib/rack/sendfile.rb:110:in `call'<br>
│ railties (5.2.8.1) lib/rails/engine.rb:524:in `call'</font><br>
</div>
</div>
</div>
<br>
<div>
<div dir="ltr">On Thu, Aug 10, 2023 at 8:21 AM Joshua D. Shaw <<a href="mailto:Joshua.D.Shaw@dartmouth.edu" target="_blank">Joshua.D.Shaw@dartmouth.edu</a>> wrote:<br>
</div>
<blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Hi Ludwig</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Assuming you haven't removed your specific domain what you posted, I think you'll want to change all of the urls, the host, and the email domain to your specific urls/domain. You may need to contact your IT department to get specifics.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
You only need the proxy url entries if you are running AS under a proxy.<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Best,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
Joshua<br>
</div>
<div id="m_3474093496870859627x_m_105229913376109029appendonsend"></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<hr style="display:inline-block;width:98%">
<div id="m_3474093496870859627x_m_105229913376109029divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt;color:rgb(0,0,0)"><b>From:</b>
<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">
archivesspace_users_group-bounces@lyralists.lyrasis.org</a> <<a href="mailto:archivesspace_users_group-bounces@lyralists.lyrasis.org" target="_blank">archivesspace_users_group-bounces@lyralists.lyrasis.org</a>> on behalf of Ludwig Possie <<a href="mailto:ludwigpossie@weber.edu" target="_blank">ludwigpossie@weber.edu</a>><br>
<b>Sent:</b> Wednesday, August 9, 2023 8:36 PM<br>
<b>To:</b> Archivesspace Users Group <<a href="mailto:archivesspace_users_group@lyralists.lyrasis.org" target="_blank">archivesspace_users_group@lyralists.lyrasis.org</a>><br>
<b>Subject:</b> [Archivesspace_Users_Group] AS 3.4.0 CAS configuration Issues</font>
<div> </div>
</div>
<div>
<div dir="ltr">I'm trying to get CAS authentication setup on our AS 3.4.0 using the lyrasis/aspace-oauth plugin. I've tried to follow the example outlined on the plugin. I'm able to get as far as to the staff login page and I can see a "CAS sign In" button
on the top right, but when I press it I get the following message, "The page you were looking for doesn't exist." The button links me to
<a href="https://as.someuniversity.edu/staff/auth/cas" id="m_3474093496870859627x_m_105229913376109029OWA23862456-fa39-8d36-4d8d-c46a0b3cd813" target="_blank">
https://as.someuniversity.edu/staff/auth/cas</a>
<div><br>
<div>My config.rb contains the following parameters is there something that I need to add or change?:
<div><br>
</div>
<div><font face="monospace">AppConfig[:frontend_proxy_url] = "<a href="https://as.someuniversity.edu/staff" id="m_3474093496870859627x_m_105229913376109029OWA5eabc0f5-d142-19a1-ae24-8360669a170d" target="_blank">https://as.someuniversity.edu/staff</a>"<br>
AppConfig[:public_proxy_url] = "<a href="https://as.someuniversity.edu/" id="m_3474093496870859627x_m_105229913376109029OWA8ecb3a6d-7af1-aa63-5efd-c04ea54de933" target="_blank">https://as.someuniversity.edu/</a>"<br>
</font></div>
<div><font face="monospace"><br>
</font></div>
<div><font face="monospace">AppConfig[:authentication_sources] = [{<br>
</font></div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div><font face="monospace"> model: 'ASOauth',</font></div>
</blockquote>
</blockquote>
</blockquote>
<div><font face="monospace"> provider: 'cas',<br>
label: 'CAS Sign In',<br>
slo_link: true,<br>
config: {<br>
url: '<a href="https://cas.someuniversity.edu/" id="m_3474093496870859627x_m_105229913376109029OWA5ae10e80-99a9-b2f6-76a9-3a2e74212920" target="_blank">https://cas.someuniversity.edu</a>',<br>
host: '<a href="http://cas.someuniversity.edu/" id="m_3474093496870859627x_m_105229913376109029OWAf9c1ffb0-2b0a-6f87-90e2-a71a331fb907" target="_blank">cas.someuniversity.edu</a>',<br>
ssl: true,<br>
login_url: '/login',<br>
logout_url: '/logout',<br>
service_validate_url: '/cas/serviceValidate',<br>
</font></div>
</div>
</div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div>
<div>
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px">
<div><font face="monospace"> callback_url: 'auth/cas/callback',</font></div>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</div>
</div>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<div>
<div><font face="monospace"> uid_key: 'user',<br>
email_key: 'email'<br>
# more cas keys and options at: <a href="https://github.com/dlindahl/omniauth-cas" id="m_3474093496870859627x_m_105229913376109029OWA168efd49-1c96-f8b8-8ef0-37068b73c9bb" target="_blank">
https://github.com/dlindahl/omniauth-cas</a><br>
#<br>
# if your server does not return an email address, you can add one<br>
# here using the fetch_raw_info option.<br>
#fetch_raw_info: ->(s, o, t, user_info) { { email: "#{user_info['user']}@<a href="http://ivory-tower.edu/" id="m_3474093496870859627x_m_105229913376109029OWA0e7cbcf4-8d2a-a8e6-10d2-813c3be4b60f" target="_blank">ivory-tower.edu</a>"
} }<br>
}<br>
}]</font><br>
<div><br>
</div>
<span>-- </span><br>
<div dir="ltr">
<div dir="ltr">Ludwig Possié
<div><font size="1">Systems Admin</font></div>
<div><font size="1">Stewart Library</font></div>
<div><font size="1">Weber State University</font></div>
<div><font size="1">801-626-8093</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
Archivesspace_Users_Group mailing list<br>
<a href="mailto:Archivesspace_Users_Group@lyralists.lyrasis.org" target="_blank">Archivesspace_Users_Group@lyralists.lyrasis.org</a><br>
<a href="http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group" rel="noreferrer" target="_blank">http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group</a><br>
</div>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
<span>-- </span><br>
<div dir="ltr">
<div dir="ltr">Ludwig Possié
<div><font size="1">Systems Admin</font></div>
<div><font size="1">Stewart Library</font></div>
<div><font size="1">Weber State University</font></div>
<div><font size="1">801-626-8093</font></div>
</div>
</div>
</div>
</div>
_______________________________________________<br>
Archivesspace_Users_Group mailing list<br>
<a href="mailto:Archivesspace_Users_Group@lyralists.lyrasis.org" target="_blank">Archivesspace_Users_Group@lyralists.lyrasis.org</a><br>
<a href="http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group" rel="noreferrer" target="_blank">http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group</a><br>
</div></blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">Ludwig Possié<div><font size="1">Systems Admin</font></div><div><font size="1">Stewart Library</font></div><div><font size="1">Weber State University</font></div><div><font size="1">801-626-8093</font></div></div></div>