Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    Primo signin using PDS with CAS does not work - wrong port number

    • Article Type: General
    • Product: Primo
    • Product Version: 4

    Problem Symptoms:
    *Sign in to Primo using PDS configured with CAS does not work
    *a dedicated url is used for PDS (such as pds.mycampus.edu)
    *Load Balancer is used to direct http traffic for the pds url on port 80 to port 8991, or https traffic on port 443 to http port 8991.
    *wrong port number may appear in the PDS backlink when signing into CAS
    Example: https://sso.mycampus.edu/cas/login?service=http://pds.mycampus.edu:8991/cas/pds_main?
    The expected value is: ...service=http://pds.mycampus.edu/cas/pds_main?

    Cause:
    A limitation in the code that processes CAS, which occurs in Apache, external to ExLibris' PDS code.
    PDS code uses the Urls defined in the PDSDefinitions file, which do not have 8991 in them.
    However, since CAS is processed in Apache, CAS uses the url that Apache received from the load balancer, which has 8991 in it.
    This is what caused the backlink in the service parameter to appear with port 8991.

    Resolution:

    see UPDATE below!
    1. Ssh access to Primo FEs is required.
    2. Make backup of, and edit pdsroot/program/Apache/AuthCASEXL.pm
    3. Near line 577, add lines to the following 'if' block:
    my $service;
    if ($SERVICE eq "") {
    # use the current URL as the service
    $service = $self->this_url_encoded($r);
    } else {
    # use the static entry point into this service
    $service = $self->urlEncode($SERVICE);
    }

    Change to:
    my $service;
    if ($SERVICE eq "") {
    # use the current URL as the service
    $service = $self->this_url_encoded($r);
    } else {
    # use the static entry point into this service
    $service = $self->urlEncode($SERVICE);
    }
    $service =~ s/:8991//;
    $service =~ s/%3a8991//;

    4. The 'if' block above occurs 4 times in the AuthCASEXL.pm file. The additional lines will need to be added following EACH of the 4 'if' blocks in the file.
    5. Graceful restart of Apache *if Apache was running as root, this will need to be performed by root
    cd /exlibris/primo/p4_1/primoe/apache/bin
    apachectl -k graceful

    Additional Information

    AuthCASEXL.pm may be overwritten by a ServicePack or HotFix, therefore this modification may need to be re-applied following installations of Service Packs or Hotfixes.

    Alternate scenario:
    If the Load Balancer was used to forward https traffic on port 443 to an http request (sometimes called 'ssl termination'), then because Apache receives http from the Load Balancer, the backlink in service parameter may appear with http, instead of https. Http cannot use port 443, port 443 requires https.

    Example: xhttps://sso.mycampus.edu/cas/login?service=http://pds.mycampus.edu:443/cas/pds_main?
    The expected value is: ...service=https://pds.mycampus.edu:443/cas/pds_main?

    If this occurs, the following line can be added to the solution:
    $service =~ s/^http/https/;


    *UPDATE* Development has responded to this code limitation:

    If you put the correct Apache URL [such as fully qualified domain name] in ServerName parameter of httpd.conf - this is the one that is used for the perl module and for the service URL as well. 
    The fix described in this Article is not necessary.

     

     

    Category: PDS - Primo

    Subject: Primo


    • Article last edited: 02/09/2016
    //Feedback