0

I have installed a CAS server with a public domain and it works correctly.

Now I want to use my other public domain with different services with CAS authentication but, after login in CAS, when I redirect to these services, PHPCas tell me "Authentication failed, you were not authenticated"

I have been searching for a long time and I couldn't find any solution. What I need is to keep the CAS session between two servers.

The configuration of PHPCas authentication is:

phpCAS::client(CAS_VERSION_2_0,'example.com', 8443,'/cas', TRUE);

The url is this: http://client.com/portal.php?ticket=ST-..... so the ticket is granted (in CAS server log tells "ticcket granted"), why is failiing the authentication?

Here you have the log of phpCAS:

D4B6 .START (2018-03-15 11:57:13) phpCAS-1.3.5+ ****************** [CAS.php:468]
D4B6 .=> phpCAS::client('2.0', 'XX.com', 8443, '/cas') [portal.php:10]
D4B6 .|    => CAS_Client::__construct('2.0', false, 'XX.com', 8443, '/cas', true) [CAS.php:360]
D4B6 .|    |    Starting a new session okutpm09o0akdi2bisd1q9ivg5 [Client.php:932]
D4B6 .|    |    Session is not authenticated [Client.php:938]
D4B6 .|    <= ''
D4B6 .<= ''
D4B6 .=> phpCAS::setNoCasServerValidation() [portal.php:13]
D4B6 .|    You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1644]
D4B6 .<= ''
D4B6 .=> phpCAS::forceAuthentication() [portal.php:16]
D4B6 .|    => CAS_Client::forceAuthentication() [CAS.php:1098]
D4B6 .|    |    => CAS_Client::isAuthenticated() [Client.php:1280]
D4B6 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
D4B6 .|    |    |    |    no user found [Client.php:1635]
D4B6 .|    |    |    <= false
D4B6 .|    |    |    no ticket found [Client.php:1494]
D4B6 .|    |    <= false
D4B6 .|    |    => CAS_Client::redirectToCas(false) [Client.php:1289]
D4B6 .|    |    |    => CAS_Client::getServerLoginURL(false, false) [Client.php:1656]
D4B6 .|    |    |    |    => CAS_Client::getURL() [Client.php:342]
D4B6 .|    |    |    |    |    Final URI: https://www.XX.com/newlogin/v1/portal.php [Client.php:3549]
D4B6 .|    |    |    |    <= 'https://www.XX.com/newlogin/v1/portal.php'
D4B6 .|    |    |    <= 'https://XX.com:8443/cas/login?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php'
D4B6 .|    |    |    Redirect to : https://XX.com:8443/cas/login?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php [Client.php:1663]
D4B6 .|    |    |    exit()
D4B6 .|    |    |    -
D4B6 .|    |    -
D4B6 .|    -
B117 .START (2018-03-15 11:57:15) phpCAS-1.3.5+ ****************** [CAS.php:468]
B117 .=> phpCAS::client('2.0', 'XX.com', 8443, '/cas') [portal.php:10]
B117 .|    => CAS_Client::__construct('2.0', false, 'XX.com', 8443, '/cas', true) [CAS.php:360]
B117 .|    |    Starting a new session okutpm09o0akdi2bisd1q9ivg5 [Client.php:932]
B117 .|    |    Session is not authenticated [Client.php:938]
B117 .|    |    Ticket 'ST-43-bcpN1lrL0uxok07f9Xf4-cas' found [Client.php:1020]
B117 .|    <= ''
B117 .<= ''
B117 .=> phpCAS::setNoCasServerValidation() [portal.php:13]
B117 .|    You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1644]
B117 .<= ''
B117 .=> phpCAS::forceAuthentication() [portal.php:16]
B117 .|    => CAS_Client::forceAuthentication() [CAS.php:1098]
B117 .|    |    => CAS_Client::isAuthenticated() [Client.php:1280]
B117 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
B117 .|    |    |    |    no user found [Client.php:1635]
B117 .|    |    |    <= false
B117 .|    |    |    CAS 2.0 ticket `ST-43-bcpN1lrL0uxok07f9Xf4-cas' is present [Client.php:1447]
B117 .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1450]
B117 .|    |    |    |     [Client.php:3170]
B117 .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3177]
B117 .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
B117 .|    |    |    |    |    |    Final URI: https://www.XX.com/newlogin/v1/portal.php [Client.php:3549]
B117 .|    |    |    |    |    <= 'https://www.XX.com/newlogin/v1/portal.php'
B117 .|    |    |    |    <= 'https://XX.com:8443/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php'
B117 .|    |    |    |    => CAS_Client::_readURL('https://XX.com:8443/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php&ticket=ST-43-bcpN1lrL0uxok07f9Xf4-cas', NULL, NULL, NULL) [Client.php:3192]
B117 .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
B117 .|    |    |    |    |    |    curl_exec() failed [CurlRequest.php:77]
B117 .|    |    |    |    |    <= false
B117 .|    |    |    |    <= false
B117 .|    |    |    |    could not open URL 'https://XX.com:8443/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php&ticket=ST-43-bcpN1lrL0uxok07f9Xf4-cas' to validate (CURL error #7: Failed to connect to XX.com port 8443: Connection refused) [Client.php:3195]
B117 .|    |    |    |    => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://XX.com:8443/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php&ticket=ST-43-bcpN1lrL0uxok07f9Xf4-cas', true) [Client.php:3199]
B117 .|    |    |    |    |    => CAS_Client::getURL() [AuthenticationException.php:77]
B117 .|    |    |    |    |    <= 'https://www.XX.com/newlogin/v1/portal.php'
B117 .|    |    |    |    |    CAS URL: https://XX.com:8443/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fnewlogin%2Fv1%2Fportal.php&ticket=ST-43-bcpN1lrL0uxok07f9Xf4-cas [AuthenticationException.php:80]
B117 .|    |    |    |    |    Authentication failure: Ticket not validated [AuthenticationException.php:81]
B117 .|    |    |    |    |    Reason: no response from the CAS server [AuthenticationException.php:83]
B117 .|    |    |    |    |    exit()
B117 .|    |    |    |    |    -
B117 .|    |    |    |    -
B117 .|    |    |    -
B117 .|    |    -
B117 .|    -

I have changed the real URL to XX, just for privacy :) What can I do? Thanks!

msabate
  • 335
  • 1
  • 2
  • 16
  • Have you tried `phpCAS::setDebug()` or `phpCAS::setVerbose(true)` for additional information? You may also want to try disabling the cert check to see if that is the problem (`phpCAS::setNoCasServerValidation()`) https://github.com/apereo/phpCAS/blob/master/docs/examples/example_simple.php – Curtis Kelsey Mar 13 '18 at 13:03
  • Hi @CurtisKelsey, thanks for your answer. I have disabled the cert check and the setDebug. I have put the verbose and the only thing I get as extra information is this: phpCAS 1.3.5+ using server https://...... (CAS 2.0). The page connects with CAS, but it says that authentication has failed (I can see a ticket number in the URL) – msabate Mar 14 '18 at 08:47
  • Without additional information it is not possible to help beyond the simple guidance I have provided. Can you post the debug output? – Curtis Kelsey Mar 14 '18 at 12:03
  • Where does it should be? At /tmp/phpCAS.log ?? I don't have any log there... :( I give you, at the moment, the verbose: phpCAS 1.3.5+ using server https://example.com:8443/cas/ (CAS 2.0) – msabate Mar 14 '18 at 12:20
  • https://wiki.jasig.org/display/CASC/phpCAS+troubleshooting provides the info on where the debug file goes. By default to the temp directory of the system. – Curtis Kelsey Mar 14 '18 at 13:45
  • I know, but in my server I don't have a phpCAS.log in /tmp :( – msabate Mar 14 '18 at 17:35
  • @CurtisKelsey I have been able to get the log. I have just edited my question – msabate Mar 15 '18 at 10:55
  • the log shows the CAS server's https://XX.com:8443/cas/serviceValidate endpoint is not responding. Check on that. – Curtis Kelsey Mar 15 '18 at 17:23

0 Answers0