I am having trouble using CAS with my Gitlab instance. Although the CAS provider is shibboleth, I didn’t want to get into Apache configuration. so I’d like to stick with getting CAS to work.
I am given a “Sign in with” option, and the link takes me to the CAS authentication screen, where I can sign in and get redirected back to the sign_in screen. However, I am not logged in, and a red error bar at the top reads:
Could not authenticate you from CAS3 because "Invalid cas ticket"
The CAS admin says that their logs look correct on their end. How can I troubleshoot this problem?
- How can I find out the root cause of “Invalid cas ticket”? I don’t see that phrase in any of my logs under /var/log/gitlab.
- Is there a way to get more verbose logs? Primarily what data is received in the communication directly between the server and the CAS provider?
Here is my gitlab.rb config:
gitlab_rails['omniauth_providers'] = [
{
"name" => "cas3",
"label" => "XXX",
"args" => {
"url"=> 'https://shib.xxx.edu',
"login_url"=> '/shibboleth-idp/profile/cas/login',
"service_validate_url"=> '/shibboleth-idp/profile/cas/validate',
"logout_url"=> '/shibboleth-idp/profile/cas/logout'
}
}
]