EzDevInfo.com

phpCAS

Jasig PHP CAS Client phpCAS - CAS Clients - Apereo Wiki

phpCAS::isAuthenticated returning false after login in different service

I've configured the CAS login page so that it accepts the username and password as GET parameters and if these are provided, it submits the login form automatically. This looks as the CAS login page is not even touched during authentication from the website.

The website is using phpCAS version 1.3.2 to communicate with CAS. If I log in directly through the form, It works as expected: the browser gets redirected back from CAS correctly and isAuthenticated() returns true. However if I log in to a different service beforehand, isAuthenticated() returns false. If I'm not mistaken this is because I have to do an actual check with CAS if the auth is fine, therefore I've also tried checkAuthentication(), but I get the following errors:

[error] [client 192.168.12.120] PHP Fatal error:  Uncaught exception 'CAS_AuthenticationException' in /home/dev/www/CAS-1.3.2/CAS/Client.php:2248
Stack trace:
#0 /home/dev/www/CAS-1.3.2/CAS/Client.php(1227): CAS_Client->_validatePGT('https://192.168...', '????<cas:servic...', Object(DOMElement))
#1 /home/dev/www/CAS-1.3.2/CAS/Client.php(1131): CAS_Client->isAuthenticated()
#2 /home/dev/www/CAS-1.3.2/CAS.php(1078): CAS_Client->checkAuthentication()
#3 /home/dev/www/redir.php(39): phpCAS::checkAuthentication()
#4 {main}
thrown in /home/dev/www/CAS-1.3.2/CAS/Client.php on line 2248, referer: https://192.168.10.144:8181/cas/login?username=myUser&password=testpassword&auto=true&service=https%3A%2F%2F192.168.12.120%2Fredir.php

CAS server log

phpCAS debug log

PHP Code:

<?php

function pageURL() {
    $PROTOCOL = "http";
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
        $PROTOCOL = "https";
    }
    $url = "$PROTOCOL://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
    $url = strtok($url, '?');
    return $url;
}

// Configuration
$phpcas_path = "CAS-1.3.2";

$cas_host = "192.168.10.144";
$cas_port = 8181;
$cas_context = "/cas";

// Load the CAS lib
require_once $phpcas_path . "/CAS.php";

// Enable debugging
phpCAS::setDebug ();

// Initialize phpCAS
phpCAS::proxy ( CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context );

phpCAS::setNoCasServerValidation ();

// check CAS authentication
$auth = phpCAS::checkAuthentication();

// logout if desired
if (isset ( $_REQUEST ['logout'] )) {
    phpCAS::logout ();
}

$serviceUrl = "https://192.168.10.144:8181/accessrights/";
?>

<html>
<head>
<title>CAS form login</title>
</head>
<body>

<?php if ($auth) { 
    phpCAS::serviceWeb($serviceUrl, $err_code, $accessrights); 
?>

    <p>Hello <strong><?php echo phpCAS::getUser(); ?></strong>! You have been authenticated with CAS. Your access rights are: <?php echo $accessrights; ?></p> 

<?php } else { ?>

<h3>User login</h3>
<div>Enter your username and password here in order to log in on the website:</div>
<!-- ###LOGIN_FORM### -->
<form method="GET" action="https://192.168.10.144:8181/cas/">
    <p>Username : <input type="text" name="username" /></p>
    <p>Password : <input type="password" name="password" /></p>
    <p>Remember me : <input type="checkbox" name="rememberMe" value="true" /></p>
    <p><input type="submit" value="Login !" /></p>
    <input type="hidden" name="auto" value="true" />
    <input type="hidden" name="service" value="<?php echo pageURL(); ?>" />
</form>
<!-- ###LOGIN_FORM### -->

<?php } ?>

</body>
</html>

I see that checkAuthentication() fails to retrieve a Proxy Granting Ticket, but I have no clue about the reason. Any ideas? I also have a page with forceAuthentication(), and it works flawlessly.


Source: (StackOverflow)

Ticket validated but no PGT Iou transmitted

I am trying to make a proxy CAS webapp using PHPCAS library version 1.3.3. At first I tried an example from the docs but unfortunately I got an error and said that I wasn't authenticated.

I was using the example_proxy_GET.php and on the log it said like this :

Authentication failure: Ticket validated but no PGT Iou transmitted [AuthenticationException.php:80] Reason: no CAS error [AuthenticationException.php:94]

The authentication was successful on validate the ST (Service Ticket) but the log also said that : <proxyGrantingTicket> not found [Client.php:2541] CAS_AuthenticationException::__construct(CAS_Client, 'Ticket validated but no PGT Iou transmitted

So, my question is that the Single Sign-On server (CAS 2.0 I think) that was not sending a PGT Iou (so there's misconfiguration on the server) or there's something wrong on the examples file?

And if the server was misconfigured, what should I do?

Thanks

UDPATE

I'm using a private IP address and when I tried open the CAS server log on tomcat, here's it said

2015-04-09 11:56:41,428 WARN [org.jasig.cas.util.HttpClient] - <Socket Timeout Detected while attempting to send message to [http://10.10.100.102/sso/docs/examples/example_proxy_GET.php].>

My guess was that I should use some public IP / domain to use the CAS properly


Source: (StackOverflow)

Advertisements

Using CakePHP 3.0 plugin

I'm currently building a new CakePHP app with version 3.0.0-RC1, and trying to install and use the jasig/phpCAS plugin. Using this guide, I've run the following command from the command prompt: composer require jasig/phpcas

This correctly copies the jasig/phpcas files into the vendor directory of my app, but one of the other files that the guide says should be updated (vendor/cakephp-plugins.php) doesn't even exist.

I've had a tough time accessing the plugin. I want to be able to call its static methods, and I keep getting errors of the form: Error: Class 'App\Controller\phpCAS' not found. (The exact directory in the error changes depending on where I'm calling the method from.)

I don't know if this is due to not having the cakephp-plugins.php file, or if I'm not calling the plugin correctly. It's my understanding that if the plugin is loaded I should just be able to call static methods on it like this: phpCAS::methodName()


Source: (StackOverflow)

Blank page after success login CAS

i installed CAS 3.4.12 in Tomcat 6, with OpenLDAP, openssl.. i try to apply phpCAS, but i get blank page.. and the URL in browser :

http://sso.jarkom.com/index.php?ticket=ST-7-nqIcVhNfOwPDVDRodaEK-cas

any one can help me to find the error and resolve it...??

this's the source code of sample phpCAS

<?php 
// import phpCAS lib 
include_once('CAS.php'); 
phpCAS::setDebug(); 
// initialize phpCAS 
phpCAS::client(CAS_VERSION_2_0,'sso.jarkom.com',443,'cas'); 
// no SSL validation for the CAS server 
phpCAS::setNoCasServerValidation(); 
// force CAS authentication
phpCAS::forceAuthentication(); 
// logout if desired 
if (isset($_REQUEST['logout'])) { 
    phpCAS::logout(); 
} 
// for this test, simply print that the authentication was successfull 
?> 
<html> 
   <head> 
      <title>phpCAS simple client</title> 
   </head> 
<body> 
<h1>Successfull Authentication!</h1> 
  <p>the user's login is <b><?php echo phpCAS::getUser(); ?></b>.</p> 
<p>phpCAS version is <b><?php echo phpCAS::getVersion(); ?></b>.</p> 
<p><a rel='nofollow' href="?logout=">Logout</a></p> 
</body> 
</html>

Source: (StackOverflow)

phpCAS single sign out or check authentication

I am using phpCAS (v 1.3.2) on my app. I wanted to do a periodic check against the CAS server to determine if the user has been logged out by other participating SSO apps. However, whenever I do a phpCAS::checkAuthentication() or phpCAS::forceAuthentication(), it would always return authenticated even if some other apps already logged out or even if I do a direct logout with the CAS server's logout url/link. I see that it is because the local session is still present, so it does not bother to do a check against the server. Is it the responsibility of the other apps to destroy this session?

The other way is working perfectly - that is, I do a logout on my app (w/c is using phpCAS) then I also get logged off with the other participating sso apps and even at the server's portal. By the way, I have tried all examples the CAS library provided. None worked.

What am I missing ?


Source: (StackOverflow)

Impossible SSL CAS-certificates with phpCAS and examples. It only works without SSL server verification

I am doing a CAS integration with a project that I am doing with my university. The final integration should be made with symfony2, however first I need to make the example code working.

I finally get working the example_simple.php example with phpCAS 1.3.2 , however the directive:

phpCAS::setNoCasServerValidation();

is the enabled one. I think I should use instead:

phpCAS::setCasServerCACert($cas_server_ca_cert_path);

However when I enable this second one (and disable the other) then the authorization does not work anymore. Here is the relevant output line error of the log:

could not open URL 'https://cas_server.fi/cas/serviceValidate?service=http%3A%2F%2Flocalhost%2Fphpcas2%2Fdocs%2Fexamples%2Fexample_simple.php&ticket=ST-115606-M1Omd1cHWzbLbmxa1nYV-cas' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:2763]

The cas server provided me two .crt files:

  • MYCASRootCA.crt
  • MYCASLinuxSUBCA.crt

And they are suppose to be installed in my system (Ubuntu 13.10). They are in different places, such a /etc/ssl/certs/MYCASLinuxSUBCA.pem but also:

  • /usr/share/ca-certificates/lut/MYCASRootCA.crt
  • /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt

So assuming that the variable $cas_server_ca_cert_path has to have one of these .crt files or .pem dirs (such a /usr/share/ca-certificates/lut/MYCASLinuxSUBCA.crt) I cannot make it work. What I am doing it wrong? My client-server (no the cas server) is in my localhost. Is it a problem? Should I avoid use setCasServerCACert command? Why is it happening?

I've also tried to use the curl-ca-bundle.crt certificate provided by my XAMP instalation (Xampp 1.8.3).

I am a little bit lost with certificates as you can see.

I read about problems with phpCAS and recent Ubuntu versions in https://github.com/Jasig/phpCAS/issues?state=open. However I cannot make this working with the master code, even without certification (by default).

Any ideas would be appreciated...


Source: (StackOverflow)

Warning: session_destroy(): Trying to destroy uninitialized session with phpCas

I am facing a problem today with the phpCas library https://wiki.jasig.org/display/CASC/phpCAS.

Problem is the following, when I try to use some logout function, I got the message

Warning: session_destroy(): Trying to destroy uninitialized session

After giving a quick look into the phpCas's library code, I manage to figure out where the problem comes from, here is a snippet of a logout function :

session_write_close();
header('Location: '.$cas_url);
phpCAS::trace("Prepare redirect to : ".$cas_url);
session_unset();
session_destroy();

The problem there it seems is that session_write_close() actually close the session then session_destroy() can't work.

Tried to put the session_write_close() in comment and worked like a charm but it leads to two questions :

  • Is the problem really coming from there? Or should it work?

  • If the problem do really come from there, why is it there and nobody complaining? Thought phpCas was a reknown library used by many.


Source: (StackOverflow)

CAS Authentication failed phpCAS

I get error, after successful login in CAS.

CAS Authentication failed! You were not authenticated.You may submit your request again by clicking here. If the problem persists, you may contact the administrator of this site.

and the error in Log file :

PHP Fatal error:  Uncaught exception 'CAS_AuthenticationException' in /var/www/CAS-.3.2/CAS/Client.php:2764\nStack trace:\n#0 /var/www/CAS-1.3.2/CAS/Client.php(1224): CAS_Client->validateCAS20('https://sso.jarko...', '', NULL)\n#1 /var/www/CAS-1.3.2/CAS.php(1151): CAS_Client->isAuthenticated()\n#2 /var/www/login.php(8): phpCAS::isAuthenticated()\n#3 {main}\n  thrown in /var/www/CAS-1.3.2/CAS/Client.php on line 2764,

any one can help me....?? please


Source: (StackOverflow)

phpCAS integration and SSL issue (Error code: ERR_SSL_PROTOCOL_ERROR)

I need to integrate phpCAS with a server. the problem I am facing is that when I access the CAS(version 3.4.7) server from browser, in http protocol, it opens fine.

When I use phpCAS library the server response is the SSL error "Error code: ERR_SSL_PROTOCOL_ERROR" I am using the tutorials from

https://wiki.jasig.org/display/CASC/phpCAS+examples & http://mediawiki.middlebury.edu/wiki/LIS/CAS

When I use the server given in 2nd link(.crt file included etc.) it takes me from my localhost(http) to the server (https) without any problem.

Why does SSL issue exists on my Client's CAS while accessing from my live server with even https enabled?

I have tried those phpCAS::setNoCasServerValidation(); phpCAS::setServerProxyValidateURL('client's http based url '); Dosent work at all!

Does my client need to add my https server ip/localhost settings etc in his CAS server or what? the CAS server port is 8080 not 443 if that matters.

What am I missing? Please Please please help...


Source: (StackOverflow)

CAS in Rest API

I am building my own application based on an external CAS service. I would like to authenticate the user using the external CAS first then allow them to use my application.

However, I am reading off the documentation on phpCAS but I am not sure how I can do it in a restful way.

What I need is some token to give to my frontend javascript, and each time the user makes a request I would check that token against CAS to make sure the user is authenticated. Is there a way to do that?

I have read about ticket and proxies but I didn't understand... sorry for my newbieness hope you don't mind.


Source: (StackOverflow)

phpCas : How can you force renew authentication without going into a loop

I got regular cas authentication to work using the forceAuthentication function, now I want to block single sign on with renew authentication but it keeps getting stuck in a loop.

Here is my code

require_once 'CAS/CAS.php';
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context, false);
phpCAS::setNoCasServerValidation();
phpCAS::renewAuthentication();
$user = phpCAS::getUser()
echo "welcome $user";

I'm using the latest version of phpcas : 1..33.


Source: (StackOverflow)

phpCAS::getUser() returns false CAS implemented

Below is my code placed in the beginning of index which is a static information webpage.

require_once('functions.php');
require_once('CAS.php');

    phpCAS::setDebug();
    phpCAS::client( //have proper inputs);
    phpCAS::setCasServerCACert(//have proper inputs);
    phpCAS::forceAuthentication();


    if ((isset($_SESSION['started']))) {
    UWNetID_secure_session_start();
     }

    if($_POST){
    $key = $_SESSION['key'];
    $encrypted = hash("sha512", session_id() . $key);
    $encrypted = str_replace ( array('+','=','/'), array('_','~','-'), $encrypted );
    $token = $_POST['CSRFToken'];

    if($encrypted !== $token){
        phpCAS::logout(array('service'=>$CNAME));
        die();
    }else{
        //possibly regenerate key for added security but would make multiple tabs impossible
    }
}

Below is my code which deals with sessions in functions.php file.

<?php
  function secure_session_start(){
            $CNAME = 'ld_develop2.getit.ca';

            $session_name = 'ld-checklst';

            $rootDomain = $CNAME;
            $secure = TRUE;
            $httponly = TRUE;

            session_set_cookie_params(0, '/', $rootDomain, $secure, $httponly);
            session_name($session_name);

            session_start();
            $_SESSION['started'] = "started";

            $expire = 3600*7;

            $bytes = openssl_random_pseudo_bytes(32);
            $key = bin2hex($bytes);

            $_SESSION['key'] = $key;

            $tokenexpire = time() + (7 * 3600);
            $_SESSION['CSRFExpire'] = $tokenexpire;

    $session_sponsor = phpCAS::getUser();

    $_SESSION['REMOTE_USER'] = $session_sponsor;

    $_SESSION['start'] = time();
    $_SESSION['expire'] = $_SESSION['start'] + (7 * 60 * 60) ;
}?>

phpCAS error: phpCAS::getUser(): authentication was checked (by phpCAS::checkAuthentication() at /var/www/html/registerwifimac/index.php:9) but the method returned false in /var/www/html/registerwifimac/functions.php on line 30

The error is resulting from phpCAS::forceAuthentication(); call sinece hte phpCAS::getUser(); is returning false.

Can someone help me to understand why? And How to fix it, Please?


Source: (StackOverflow)

SSO using drupal CAS module from drupal on one system to sample java webapp on another system(having different ip) not happening

I want to achieve SSO for the two system one running on php(drupal) in one system and another running on java on onother server. To achieve this I used the JASIG's CAS (Central authentication service) open source software. I installed JASIG CAS server on the machine where my drupal installation is situated. I also configured the JDBC backend support of CAS server and created an user authentication database on the same machine where drupal is installed. Then I installed the drupal CAS module in my drupal installation. Then on the same machine where drupal is installed I installed a sample java web application on the tomcat server (JASIG CAS is also installed on the same tomcat server on the same drupal machine). In the sample java web application I have configured the web.xml file to include the CAS java client filters as stated in JASIG's website. Then I provided the link of sample java application in the home page of my drupal installation. When I am logging into the drupal site it is getting logged in through CAS server authentication and authenticating the user by consulting CAS server user authentication database. After logging in when I am clicking on the sample java application link on the home page it is not asking me to log in again and opening the sample java application page thus providing SSO. Now when I configured the same sample java application on different machine (having different i.p) and providing the link of the java application of different machine on my drupal home page SSO is not happening and clicking on the link of the java application is redirecting me to the CAS login page even when I am logged in to the drupal installation through CAS. Both the machines are connected through LAN. Please help me in solving the issue. If you need more specific details please let me know. Thanks in advance*strong text*


Source: (StackOverflow)

Drupal phpCAS failing authentication even though CAS server authenticates user account

I am running JASIG CAS in Tomcat and I have it working and authenticating accounts using SSL through the CAS login page at https://cas.dritz.com:8443/login

I have installed phpCAS and the CAS module in Drupal.

When I try to log in using CAS from Drupal I get this error message:

Warning: DOMDocument::loadXML(): Empty string supplied as input in CAS_Client->validateCAS20() (line 3136 of /var/www/web43/web/sites/all/libraries/CAS/CAS/Client.php). CAS_AuthenticationException: in CAS_Client->validateCAS20() (line 3138 of /var/www/web43/web/sites/all/libraries/CAS/CAS/Client.php).

This is the output of my debug log:

6A7D .START phpCAS-1.3.3 ****************** [CAS.php:438]
6A7D .=> phpCAS::client('2.0', 'cas.dritz.com', 8443, '/cas-server/login', false) [cas.module:273]
6A7D .|    => CAS_Client::__construct('2.0', false, 'cas.dritz.com', 8443, '/cas-server/login', false) [CAS.php:340]
6A7D .|    |    Ticket 'ST-1-GyFH5OvsguGMAp5Ni7Sd-cas01.example.org' found [Client.php:988]
6A7D .|    <= ''
6A7D .<= ''
6A7D .=> phpCAS::setNoCasServerValidation() [cas.module:288]
6A7D .|    You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1553]
6A7D .<= ''
6A7D .=> phpCAS::setFixedServiceURL('http://staging.dritz.com/cas/?destination=user') [cas.module:291]
6A7D .<= ''
6A7D .=> phpCAS::forceAuthentication() [cas.module:82]
6A7D .|    => CAS_Client::forceAuthentication() [CAS.php:1015]
6A7D .|    |    => CAS_Client::isAuthenticated() [Client.php:1245]
6A7D .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
6A7D .|    |    |    |    no user found [Client.php:1592]
6A7D .|    |    |    <= false
6A7D .|    |    |    CAS 2.0 ticket `ST-1-GyFH5OvsguGMAp5Ni7Sd-cas01.example.org' is present [Client.php:1406]
6A7D .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409]
6A7D .|    |    |    |     [Client.php:3101]
6A7D .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3108]
6A7D .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
6A7D .|    |    |    |    |    <= 'http://staging.dritz.com/cas/?destination=user'
6A7D .|    |    |    |    <= 'https://cas.dritz.com:8443/cas-server/login/serviceValidate?service=http%3A%2F%2Fstaging.dritz.com%2Fcas%2F%3Fdestination%3Duser'
6A7D .|    |    |    |    => CAS_Client::_readURL('https://cas.dritz.com:8443/cas-server/login/serviceValidate?service=http%3A%2F%2Fstaging.dritz.com%2Fcas%2F%3Fdestination%3Duser&ticket=ST-1-GyFH5OvsguGMAp5Ni7Sd-cas01.example.org', NULL, NULL, NULL) [Client.php:3118]
6A7D .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
6A7D .|    |    |    |    |    |    Response Body: 
6A7D .|    |    |    |    |    |    
6A7D .|    |    |    |    |    |     [CurlRequest.php:84]
6A7D .|    |    |    |    |    <= true
6A7D .|    |    |    |    <= true
6A7D .|    |    |    |    => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://cas.dritz.com:8443/cas-server/login/serviceValidate?service=http%3A%2F%2Fstaging.dritz.com%2Fcas%2F%3Fdestination%3Duser&ticket=ST-1-GyFH5OvsguGMAp5Ni7Sd-cas01.example.org', false, true, '') [Client.php:3141]
6A7D .|    |    |    |    |    => CAS_Client::getURL() [AuthenticationException.php:76]
6A7D .|    |    |    |    |    <= 'http://staging.dritz.com/cas/?destination=user'
6A7D .|    |    |    |    |    CAS URL: https://cas.dritz.com:8443/cas-server/login/serviceValidate?service=http%3A%2F%2Fstaging.dritz.com%2Fcas%2F%3Fdestination%3Duser&ticket=ST-1-GyFH5OvsguGMAp5Ni7Sd-cas01.example.org [AuthenticationException.php:79]
6A7D .|    |    |    |    |    Authentication failure: Ticket not validated [AuthenticationException.php:80]
6A7D .|    |    |    |    |    Reason: bad response from the CAS server [AuthenticationException.php:85]
6A7D .|    |    |    |    |    CAS response:  [AuthenticationException.php:101]
6A7D .|    |    |    |    |    exit()
6A7D .|    |    |    |    |    -
6A7D .|    |    |    |    -
6A7D .|    |    |    -
6A7D .|    |    -
6A7D .|    -

I have searched all of the threads I can find and none of the other solutions have solved the problem.

Does anyone see what the issue is here?


Source: (StackOverflow)

Cas Server Authentication for owncloud

I have installed the CAS version 4.0 server to integrate diverse applications in the same authentication. I have ownCloud and Moodle on MySQL database separately.

I've done basic tests with examples of phpCAS and they work well with plain text passwords.

Now I want to try owncloud ( I installed the application user_cas), but I cannot authenticate users who I have in the database. I'm not using LDAP.

What should be contained in the deployerConfigContext.xml?, I'm a little confused as the authentication process and I have not found anything concrete.

I would like to orient myself first, before the publication errors.


Source: (StackOverflow)