Hi Chris, I think you are using the wrong method. See https://wiki.jasig.org/display/CASC/phpCAS+examples. You want to use forceAuthentication() which mandates that the user be authenticated. isAuthenticated() does a CAS Gateway call and a service ticket is only returned if the user is already known to CAS. If they donĀ¹t have an existing CAS session they are immediately returned to the calling app (without the ST).
Hope that helps. -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Christopher Sterling <cwsterl...@georgiasouthern.edu> Reply-To: <cas-user@lists.jasig.org> Date: Friday, May 15, 2015 at 8:35 AM To: <cas-user@lists.jasig.org> Cc: <cas-user@lists.jasig.org> Subject: Re:[cas-user] phpCAS not always returning user So, our security guy wasn't a fan of the paste that I had posted since it did have some information about our server in there (and he likes to err on the side of caution), so here it is, even more stripped: http://pastebin.com/NKpVrM8i So, what is happening is that some of our service tickets are expiring after 10 seconds, but for the most part, they aren't. Since sunday, I can find about 300 or so instances of it expiring early, the log file is almost 400 megs, wasn't going to look at each one to see how quickly they failed, and over 130,000 successful service tickets created and redeemed. Any insight? Chris On Thursday, May 14, 2015 at 9:32:21 PM UTC-4, Christopher Sterling wrote: > So, have a weird issue that is popping up. 99% of the time, our users are > authenticated successfully. There is that 1% where users aren't authenticated. > I'm calling phpCAS::isAuthenticated() before calling the phpCAS::getUser() so > they are authenticated when I'm trying to get their username. > > We do occasionally get this error that I have captured I'm not sure if this is > the error that everybody is throwing. But it's happening frequently enough > that I suspect it. > > When I get into work tomorrow. I'm going to enable cas debugging in php. I'll > give any extra info I can > > > Error is: > > Message: Uncaught exception 'CAS_AuthenticationException' in > /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php:2839 Stack > trace: #0 > /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php(1224): > CAS_Client->validateCAS20('https://cas.geo...', '\n\n\nisAuthenticated() #2 > /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS.php(1101): > CAS_Client->forceAuthentication() #3 > /portal/server/htdocs/portal/globals/template/auth.inc.php(48): > phpCAS::forceAuthentication() #4 > /portal/server/htdocs/portal/globals/template/head.inc.php(61): > include('/portal/server/...') #5 /portal/server/htdocs/portal/portal.php(3): > include('/portal/server/...') #6 {main} thrown > File: /portal/server/htdocs/portal/globals/CAS/CAS-1.3.2/CAS/Client.php > Line Number: 2839 > -- > -- You are currently subscribed to cas-user@lists.jasig.org as: jgas...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
