3 months isn't that long to wait. I want to get the system into production but not a potentially unstable version. I'll move forward with v4.2 and they'll just have to wait for v5 for the new oauth feature.
Thanks again for all the help. On Tuesday, June 21, 2016 at 2:16:08 PM UTC-4, Misagh Moayyed wrote: > > I don’t know what far off would be to you. See > https://github.com/apereo/cas/milestones > > > > Basically, examine how 5 works. Make sure it actually works! Then port > back. It will probably be easier if you just started with 5 now and tested > it. M2 is now available. > > > > *From:* cas-...@apereo.org <javascript:> [mailto:cas-...@apereo.org > <javascript:>] *On Behalf Of *John Stevens II > *Sent:* Tuesday, June 21, 2016 11:09 AM > *To:* CAS Community <cas-...@apereo.org <javascript:>> > *Cc:* mmoa...@unicon.net <javascript:> > *Subject:* Re: [cas-user] Rest API Service Ticket Validation Issue > > > > Misagh, > > > > If the release date for version 5 is far off then I wouldn't mind doing > the work, otherwise i'd wait. If so then a point in the right direction in > respect to the changes that need to be made would be helpful. > > > > Thanks > > On Tuesday, June 21, 2016 at 10:59:46 AM UTC-4, Misagh Moayyed wrote: > > It can be done. There are no plans to port this back, but if you’re > willing to do the work that’s perfectly fine. > > > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *John > Stevens II > *Sent:* Monday, June 20, 2016 2:21 PM > *To:* CAS Community <cas-...@apereo.org> > *Cc:* mmoa...@unicon.net > *Subject:* Re: [cas-user] Rest API Service Ticket Validation Issue > > > > So I enabled oauth support but it looks like the user will be required to > login via the GUI. > > > > I do see in the development branch (CAS OAuth Dev Link > <https://apereo.github.io/cas/development/installation/OAuth-OpenId-Authentication.html>) > > for v5 that you can specify grant_type and use resource owner to return an > access token. > > > > Can this be done in v4? Would love to use this option. > > On Monday, June 20, 2016 at 10:55:33 AM UTC-4, Misagh Moayyed wrote: > > You’re thinking about this the right way; just not execution wise. You can > have an ST be valid multiple times of course as this is controlled by its > policy. However, what you’re really doing is treating an ST like an OAuth > access token, which it isn’t….or it’s not meant to be. Your better options > are to use proxying where you get a PGT, and you get PTs based on that PGT > you get. (The PGT becomes your access token). > > > > Or you just use the OAuth support...or some other form of non-interactive > AuthN. > > > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *John > Stevens II > *Sent:* Monday, June 20, 2016 7:04 AM > *To:* CAS Community <cas-...@apereo.org> > *Cc:* mmoa...@unicon.net > *Subject:* Re: [cas-user] Rest API Service Ticket Validation Issue > > > > My thinking is if I have developers who build API's and want to integrate > CAS (not for sso but for centralized authentication) then a user who wants > to use the developers API would authenticate with CAS via the CAS Rest API, > possibly request an ST then use that ST to access the developers API on > every call to the developers API. I say every call (multiple times) because > you would need a way to verify that the user session is still valid right? > Otherwise you would have to authenticate the user on every call to the > developers API vs just verifying a ticket. Maybe i'm thinking about this > the wrong way? > > > > On Monday, June 20, 2016 at 9:23:38 AM UTC-4, Misagh Moayyed wrote: > > Why multiple times? What's the story there? > > --Misagh > > On Sun, Jun 19, 2016 at 2:29 PM, John Stevens II <jstev...@gmail.com> > wrote: > > > > Well not necessarily a third application, all I really want to accomplish > here is to be able to authenticate a user via CAS rest api (which I can), > be a able validate that user via CAS rest api multiple times (which I > can't) and be able to log the user out via CAS rest api (which I can). > > > > Is proxying necessary for this functionality? > > On Friday, June 17, 2016 at 4:41:47 PM UTC-4, Ray Bon wrote: > > A ST is (should be) validated only once and for only one service. Each > service will go through the CAS dance passing in the TGT and service URL to > receive its own ST. > If a third application needs to authenticate to your API, look at > proxying, > https://apereo.github.io/cas/4.2.x/installation/Configuring-Proxy-Authentication.html > > Ray > > On 2016-06-17 13:12, John Stevens II wrote: > > Thank you, I've increased the service ticket timeout value and was able to > validate a ticket via /serviceValidate but I can only validate the ticket > once. > > > > If I am using the CAS Rest API to authenticate API's that we develop I > would want to verify that the service ticket is valid on every call to our > API's. How do I achieve this or is there another recommended way to achieve > this? > > > > I see the option *st.numOfUses *for service tickets but not sure if > unlimited is a valid option or if it's even recommended. > > On Friday, June 17, 2016 at 3:42:22 PM UTC-4, Misagh Moayyed wrote: > > /serviceValidate. > > *From:* cas-...@apereo.org [mailto:cas-...@apereo.org] *On Behalf Of *John > Stevens II > *Sent:* Friday, June 17, 2016 12:10 PM > *To:* CAS Community <cas-...@apereo.org> > *Cc:* jstev...@gmail.com; dkopy...@unicon.net > *Subject:* Re: [cas-user] Rest API Service Ticket Validation Issue > > Ok that may work, is that the recommended way to verify service tickets > for the Rest API (Without using the php client) or should I not be relying > on the actual client? > > On Friday, June 17, 2016 at 2:49:08 PM UTC-4, Dmitriy Kopylenko wrote: > > By the time the /serviceValidate with ST is called, the ST lifetime has > expired (10 seconds default). Increase the ST TTL on the CAS server to > something longer, but reasonable and see if it helps. > > Best, > > D. > > On Jun 17, 2016, at 2:44 PM, John Stevens II <jstev...@gmail.com> wrote: > > Need some insight on how to properly use the Rest API. > > I have a simple php application below castest.php: > > <?php > > require_once '/var/www/sites/CAS-1.3.4/CAS.php'; > > phpCAS::setDebug(); > > // Enable verbose error messages. Disable in production! > > phpCAS::setVerbose(true); > > // Initialize phpCAS > > phpCAS::client(CAS_VERSION_2_0, 'access.example.com', 443, '/cas'); > > > phpCAS::setNoCasServerValidation(); > > // force CAS authentication > > phpCAS::forceAuthentication(); > > echo "It worked"; > > ?> > > > Visiting the php page in the browser works with no problem, I'm able to > authenticate and access the content with no problem. > > I can post to my post server rest url to get my TGT: > > Posting form data: > > username=Randomuser&password=Randompassword > > To: > > https://access.example.com/cas/v1/tickets > > > Data (TGT) returned is: > > https://access.example.com/cas/v1/tickets/ > TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com > > > Now I take my TGT url and post my service to get my ST: > > Posting form data: > > service=http%3A%2F%2Ftest.example.com <http://2ftest.example.com> > %2Fcastest.php > > > To: > > https://access.example.com/cas/v1/tickets/ > TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com > > > Data (ST) returned is: > > 0000: 53 54 2D 32 31 2D 79 47 59 69 57 6E 63 45 62 65 | ST-21-yGYiWncEbe | > > 0010: 70 78 78 71 33 4B 6E 78 4F 52 2D 63 61 73 32 2E | pxxq3KnxOR-cas2. | > > 0020: 69 6E 6D 61 72 2E 63 6F 6D | example.com | > > > All is good so far, I have my TGT and ST now I should be able to access my > castest.php site so I do a get request on this url with my ticket as a > parameter: > > Get: > > http://test.example.com/castest.php?ticket= > ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com > > > Error is returned: > > <html><head><title>CAS Authentication failed!</title></head><body><h1>CAS > Authentication failed!</h1><p>You were not authenticated.</p><p>You may > submit your request again by clicking <a > href="http://test.example.com/castest.php";>here</a>.</p><p>If > the problem persists, you may contact <a href="mailto:ro...@localhost";>the > administrator of this site</a>.</p><hr><address>phpCAS 1.3.4 using server > <a href="https://access.example.com/cas/";>https://access.example.com/cas/</a> > (CAS 2.0)</a></address></body></html><br /> > > <b>Fatal error</b>: Uncaught exception 'CAS_AuthenticationException' in > /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php:3234 > > Stack trace: > > #0 /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php(1419): > CAS_Client->validateCAS20('https://access....', > '\n\n<cas:serviceR...', Object(DOMElement), false) > > #1 /var/www/sites/vmbuild/CAS-1.3.4/CAS.php(1127): > CAS_Client->isAuthenticated() > > #2 /var/www/sites/vmbuild/castest.php(21): phpCAS::isAuthenticated() > > #3 {main} > > thrown in <b>/var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php</b> on line > <b>3234</b><br /> > > > Other things i've tried were to use the validation url to validate the > ticket that way but it says the ticket is not reconigzed: > > Get or Post: > > https://access.example.com/cas/serviceValidate?service=http%3A%2F% > 2Ftest.example.com%2Fcastest.php&ticket= > ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com > > Returned: > > <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas";> > > <cas:authenticationFailure code="INVALID_TICKET"> > > Ticket 'ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com > <http://st-21-ygyiwncebepxxq3knxor-cas2.example.com>' not recognized > > </cas:authenticationFailure> > > </cas:serviceResponse> > > > > Just need to validate service tickets with/for the REST API any help would > be appreciated. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/318d0846-f1b6-4155-8d86-ded2013d2391%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/318d0846-f1b6-4155-8d86-ded2013d2391%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0560d02-aa00-47e0-929c-430f117cde0a%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/d0560d02-aa00-47e0-929c-430f117cde0a%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org. > To post to this group, send email to cas-...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff062091-e5fb-4c39-9bb9-f3c08c4830e7%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/ff062091-e5fb-4c39-9bb9-f3c08c4830e7%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+u...@apereo.org <javascript:>. > To post to this group, send email to cas-...@apereo.org <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/75332a10-7e0c-4878-84ec-98a877815389%40apereo.org > > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/75332a10-7e0c-4878-84ec-98a877815389%40apereo.org?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To post to this group, send email to cas-user@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/ccbb8a2b-182f-49b9-a601-181f3fb25c80%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
