Charli, cas_login_url should end at 'login'. You should not need to add parameters.
Is roundcube configured as a proxy in CAS? Your client is set to proxy imap, so it should. During a login for a proxy client (roundcube), CAS will make a back channel call to the client. (The target may be in your web server access logs.) If this call fails (as it did in the link you provided), CAS will not validate the ST and redirect back to roundcube. Roundcube then calls CAS for log in and the cycle repeats until redirect limit is reached. cas_hostname should begin with https:// cas_uri should be set to cas. This is what you have in cas_login_url. Turn up CAS logging to see what is happening. Turn up CASphp logging as well. If your roundcube certificate is self signed, then it may need to be added to the JVM that is running CAS using keytool. Ray On Mon, 2019-06-17 at 10:03 +0100, charli AGOSSOU wrote: Hi Ray good. Thank you for responding. Yes, I use this plugin https://github.com/ld000/Roundcube-CAS-Authn. I use roundcube 1.3.9 This is my configuration of the cas_authn plugin <?php /** * CAS Authentication configuration file * */ // whether to force all users to use CAS to authenticate. If set to true, // all users trying to load the login form will be redirected to // the CAS login URL. This means nobody will ever see the RC login page. $rcmail_config['cas_force'] = true; // whether to act as a CAS proxy. If set to true, a proxy ticket will be // retrieved from the CAS server to be used as password for logging into // the IMAP server. This is the preferred method of authenticating // to the IMAP backend. // If set to false, the IMAP password specified below will be used. $rcmail_config['cas_proxy'] = true; // phpCAS debug file $rcmail_config['cas_debug_file'] = '/tmp/cas_debug.log'; // directory where PGTs will be temporarily stored. Will only be used if // cas_proxy is set to true. $rcmail_config['cas_pgt_dir'] = '/tmp'; // name of the IMAP service. Will only be used if cas_proxy is set to true. // This service name must be authorized to be used with the CAS server. $rcmail_config['cas_imap_name'] = 'imap://mail.uac.bj<http://mail.uac.bj>'; // name of the SMTP service. Will only be used if cas_proxy is set to true. // This service name must be authorized to be used with the CAS server. $rcmail_config['cas_smtp_name'] = 'smtp://mail.uac.bj<http://mail.uac.bj>'; $rcmail_config['cas_webmail_server_name'] = 'mail.uac.bj<http://mail.uac.bj>'; // whether the IMAP server caches proxy tickets it has received for subsequent // requests. Will only be used if cas_proxy is set to true. If set to true, // proxy tickets will be reused to connect to the IMAP server until an IMAP // connection fails, after which a new proxy ticket will be retrieved. If // set to false, a new proxy ticket will be retrieved before each IMAP // request. Setting this to true and enabling caching on the IMAP server // significantly reduces the number of requests made to the CAS server. $rcmail_config['cas_imap_caching'] = true; // Time (in seconds) before expiration of cached IMAP Proxy Ticket. After expiration the PT is renewed. $rcmail_config['cas_imap_pt_expiration_time'] = 300; // password for logging into the IMAP server. Will only be used if cas_proxy // is set to false. The IMAP backend must accept this password for all // authorized users. $rcmail_config['cas_imap_password'] = ''; // CAS server host name. $rcmail_config['cas_hostname'] = 'cas-server.uac.bj<http://cas-server.uac.bj>'; // CAS server port number. $rcmail_config['cas_port'] = 443; // CAS service URI on the CAS server. $rcmail_config['cas_uri'] = ''; // CAS server SSL validation: 'self' for self-signed certificate, 'ca' for // certificate from a CA, empty for no SSL validation. $rcmail_config['cas_validation'] = ''; // CAS server certificate in PEM format, used when CAS validation is set to // 'self' or 'ca'. $rcmail_config['cas_cert'] = ''; // CAS service login URL. $rcmail_config['cas_login_url'] = 'https://cas-server.uac.bj/cas/login?service=https%3a%2f%2fmail.uac.bj%2f'; // CAS service logout URL. $rcmail_config['cas_logout_url'] = ''; ?> I do not understand why i have this redirect loop. I have the same problem as the https://github.com/ld000/Roundcube-CAS-Authn/issues/1 . I followed the indications of the discussion but still nothing -- Ray Bon Programmer Analyst Development Services, University Systems 2507218831 | CLE 019 | r...@uvic.ca<mailto:r...@uvic.ca> I respectfully acknowledge that my place of work is located within the ancestral, traditional and unceded territory of the Songhees, Esquimalt and WSÁNEĆ Nations. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7400b49fd31d37c7dea1b96a6ad85ff7d925924e.camel%40uvic.ca.
