Thanks to anyone who responded!
I'll try the following things before messagin further:)
1 - non-PEAR CAS (even if at the moment I'm not sure how)
2 - review phpCAS::client() parameters (I've tried version 1.0.1, with
the notorius redirect behaviour, 1.0.0, and 1.0.2RC1, with the same
behaviour)
3 - investigating curl errors as suggested by Marvin
Thanks again, I'll update you any case.
Giuseppe
Julien Gribonvald wrote:
Hi,
Maybe your problem is that phpCAS (which version ?) is trying to
validate a ServiceTicket (prefixe ticket is ST and not PT) with the
ProxyTicket url, you should find why your apps is trying to validate
it like that, see your init phpCAS::client() parameters, in my mind
you should set no proxy ;)
Thanks
Julien
Giuseppe Sollazzo a écrit :
Hi all
I was just wondering if anyone had any hint on this problem - logs
are helpful but I guess I'm missing something.
What happens here I think is that the ticket is not valid - but I
don't know why. In this scenario I have "setNoCasServerValidation".
Here's the log, questions following:
4306 .START ****************** [CAS.php:414]
4306 .=> *phpCAS::setNoCasServerValidation()* [auth.php:152]
4306 .<= ''
4306 .=> phpCAS::checkAuthentication() [auth.php:165]
4306 .| => CASClient::checkAuthentication() [CAS.php:885]
4306 .| | => CASClient::isAuthenticated() [client.php:738]
4306 .| | | => CASClient::wasPreviouslyAuthenticated()
[client.php:797]
4306 .| | | | no user found [client.php:909]
4306 .| | | <= false
4306 .| | | *PT `ST-1-2jUZQ9YulTTTMWCwUZdL-cas' is present*
[client.php:819]
4306 .| | | => CASClient::validatePT('', NULL, NULL)
[client.php:820]
4306 .| | | | => CASClient::getURL() [client.php:396]
4306 .| | | | <=
'https://moodleserver/devmoodle/login/index.php'
4306 .| | | | =>
CASClient::readURL('https://tomtomserver:8443/cas-server-webapp-3.3.4/proxyValidate?service=https%3A%2F%2Fmoodleserver%2Fdevmoodle%2Flogin%2Findex.php&ticket=ST-1-2jUZQ9YulTTTMWCwUZdL-cas',
'', NULL, NULL, NULL) [client.php:2104]
4306 .| | | | | *curl_exec() failed* [client.php:1867]
4306 .| | | | <= false
4306 .| | | | *could not open URL*
'https://tomtomserver:8443/cas-server-webapp-3.3.4/proxyValidate?service=https%3A%2F%2Fmoodleserver%2Fdevmoodle%2Flogin%2Findex.php&ticket=ST-1-2jUZQ9YulTTTMWCwUZdL-cas'
to validate (*CURL error #7: couldn't connect to host*)
[client.php:2105]
4306 .| | | | => CASClient::authError('PT not validated',
'https://tomtomserver:8443/cas-server-webapp-3.3.4/proxyValidate?service=https%3A%2F%2Fmoodleserver%2Fdevmoodle%2Flogin%2Findex.php&ticket=ST-1-2jUZQ9YulTTTMWCwUZdL-cas',
true) [client.php:2108]
4306 .| | | | | => CASClient::getURL() [client.php:2289]
4306 .| | | | | <=
'https://moodleserver/devmoodle/login/index.php'
4306 .| | | | | CAS URL:
https://tomtomserver:8443/cas-server-webapp-3.3.4/proxyValidate?service=https%3A%2F%2Fmoodleserver%2Fdevmoodle%2Flogin%2Findex.php&ticket=ST-1-2jUZQ9YulTTTMWCwUZdL-cas
[client.php:2290]
4306 .| | | | | Authentication failure: PT not
validated [client.php:2291]
4306 .| | | | | Reason: no response from the CAS
server [client.php:2293]
4306 .| | | | | exit()
4306 .| | | | | -
4306 .| | | | -
4306 .| | | -
4306 .| | -
4306 .| -
What I see here is a series of not really clear messages.
For example, curl_exec fails with a "couldn't connect to host"
message. However, if I cut and paste the url, including the ticket, I
actually get an error message - but related to the ticket itself
rather than to the server:
<cas:serviceResponse xmlns:cas='*http://www.yale.edu/tp/cas*'>
<cas:authenticationFailure code='INVALID_TICKET'>
ticket 'ST-1-2jUZQ9YulTTTMWCwUZdL-cas' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
Yale? :-) Is this maybe the problem? Maybe it's just the namespace
definition, but I wonder if it actually does try to validate the
ticket using the yale server? (But if so, where is this specified?)
Moreover, it's not completely clear to me why " *PT
`ST-1-2jUZQ9YulTTTMWCwUZdL-cas' is present"
**
*Any help is greatly appreciated. I think I'm getting to the point
with your help, so thanks a lot!
Giuseppe
Marvin Addison wrote:
--
Giuseppe Sollazzo
Systems Developer / Administrator
Computing Services
St. George's, University of London
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
