Hi there, sorry for post this issue, may i don't have enough experience with phpCAS. but i got too many redirects after trying to connect my web service with CAS server ver 4 using this configuration:
{{$phpcas_path = 'vendors/CAS-1.3.5'; // Full Hostname of your CAS Server $cas_host = 'sso.mycasserver.com'; // Context of the CAS Server $cas_context = '/cas'; // Port of your CAS server. Normally for a https server it's 443 $cas_port = 443; // Path to the ca chain that issued the cas server certificate $cas_server_ca_cert_path = 'user/home/mywebsite/ssl/certs/mysslcert.crt';
// The "real" hosts of clustered cas server that send SAML logout messages // Assumes the cas server is load balanced across multiple hosts $cas_real_hosts = array('mycasserver.com'); // $cas_real_hosts = array('aas-cas-01.mycasserver.com', 'aas-cas-02.mycasserver.com');
// access to a single service $serviceUrl = $curbase . $curdir . '?_app=dashboard'; // access to a second service $serviceUrl2 = $curbase . $curdir . '?_app=dashboard';
// Set the session-name to be unique to the current script so that the client script // doesn't share its session with a proxied script. // This is just useful when running the example code, but not normally. session_name( 'session_for:' . preg_replace('/
/i', '_', basename($_SERVER['SCRIPT_NAME'])) ); // Set an UTF-8 encoding header for internation characters (User attributes) // header('Content-Type: text/html; charset=utf-8');}}
my Login Page :
this page has already included CAS library and config file
{{ phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); // at this step, the user has been authenticated by the CAS server // and the user's login name can be read with phpCAS::getUser(). // logout if desired if (isset($_REQUEST['logout'])) { phpCAS::logout(); } $cas_attr = phpCAS::getAttributes(); $cas_ver = phpCAS::getVersion(); $cas_usr = phpCAS::getUser(); echo "CAS v.".$cas_ver.", CAS Attributes: ".$cas_attr.", CAS User: ".$cas_usr;}}
but i got nothing print from those variables $cas_ver, $cas_attr, $cas_usr !
after success cas login the web page https://mywebsite.com/?_app=login stop in loop redirects my phpCAS is ver 1.3.5 @ mywebsite.com my CAS server ver 4 @ sso.mycasserver.com any help please, thanks for that.
Hi there, sorry for post this issue, may i don't have enough experience with phpCAS.
but i got too many redirects after trying to connect my web service with CAS server ver 4 using this configuration:
{{/**
@ file config.php
@ category Authentication
@ package PhpCAS
@ author Joachim Fritschi <jfritschi@freenet.de>
@ author Adam Franco <afranco@middlebury.edu>
@ license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0
@ link https://wiki.jasig.org/display/CASC/phpCAS
**/}}
{{$phpcas_path = 'vendors/CAS-1.3.5';
// Full Hostname of your CAS Server
$cas_host = 'sso.mycasserver.com';
// Context of the CAS Server
$cas_context = '/cas';
// Port of your CAS server. Normally for a https server it's 443
$cas_port = 443;
// Path to the ca chain that issued the cas server certificate
$cas_server_ca_cert_path = 'user/home/mywebsite/ssl/certs/mysslcert.crt';
// The "real" hosts of clustered cas server that send SAML logout messages
// Assumes the cas server is load balanced across multiple hosts
$cas_real_hosts = array('mycasserver.com');
// $cas_real_hosts = array('aas-cas-01.mycasserver.com', 'aas-cas-02.mycasserver.com');
// Client config for cookie hardening
$client_domain = 'mywebsite.com';
$client_path = 'phpcas';
$client_secure = true;
$client_httpOnly = true;
$client_lifetime = 0;
///////////////////////////////////////////
// End Configuration – Don't edit below //
///////////////////////////////////////////
// Generating the URLS for the local cas example services for proxy testing
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$curbase = 'https://' . $_SERVER['SERVER_NAME'];
} else {
$curbase = 'http://' . $_SERVER['SERVER_NAME'];
}
if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
$curbase .= ':' . $_SERVER['SERVER_PORT'];
}
$curdir = dirname($_SERVER['REQUEST_URI']) . "/?_app=dashboard&";
// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest
$rebroadcast_node_1 = 'https://mycasserver.com/logout';
$rebroadcast_node_2 = 'http://mywebsite.com/?_app=logout';
// access to a single service
$serviceUrl = $curbase . $curdir . '?_app=dashboard';
// access to a second service
$serviceUrl2 = $curbase . $curdir . '?_app=dashboard';
$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase . $curdir), '/');
$pgtUrlRegexp = '/^' . $pgtBase . '.*$/';
$cas_url = 'https://' . $cas_host;
if ($cas_port != '443') {
$cas_url = $cas_url . ':' . $cas_port;
}
$cas_url = $cas_url . $cas_context;
// Set the session-name to be unique to the current script so that the client script
// doesn't share its session with a proxied script.
// This is just useful when running the example code, but not normally.
session_name(
'session_for:'
. preg_replace('/
/i', '_', basename($_SERVER['SCRIPT_NAME']))
);
// Set an UTF-8 encoding header for internation characters (User attributes)
// header('Content-Type: text/html; charset=utf-8');}}
my Login Page :
this page has already included CAS library and config file
{{ phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
// at this step, the user has been authenticated by the CAS server
// and the user's login name can be read with phpCAS::getUser().
// logout if desired
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
$cas_attr = phpCAS::getAttributes();
$cas_ver = phpCAS::getVersion();
$cas_usr = phpCAS::getUser();
echo "CAS v.".$cas_ver.", CAS Attributes: ".$cas_attr.", CAS User: ".$cas_usr;}}
but i got nothing print from those variables $cas_ver, $cas_attr, $cas_usr !
this is phpCAS log debug :
{{5A46 .START (2018-05-24 00:27:54) phpCAS-1.3.5+ ****************** [CAS.php:468]
5A46 .=> phpCAS::client('3.0', 'sso.mycasserver.com', 443, '/cas') [login.php:59]
5A46 .| => CAS_Client::__construct('3.0', false, 'sso.mycasserver.com', 443, '/cas', true) [CAS.php:360]
5A46 .| | Session is not authenticated [Client.php:938]
5A46 .| | Ticket 'ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' found [Client.php:1020]
5A46 .| <= ''
5A46 .<= ''
5A46 .=> phpCAS::setNoCasServerValidation() [login.php:60]
5A46 .| You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1644]
5A46 .<= ''
5A46 .=> phpCAS::checkAuthentication() [login.php:79]
5A46 .| => CAS_Client::checkAuthentication() [CAS.php:1078]
5A46 .| | => CAS_Client::isAuthenticated() [Client.php:1331]
5A46 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
5A46 .| | | | no user found [Client.php:1639]
5A46 .| | | <= false
5A46 .| | | CAS 3.0 ticket `ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' is present [Client.php:1447]
5A46 .| | | => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1450]
5A46 .| | | | [Client.php:3174]
5A46 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3181]
5A46 .| | | | | => CAS_Client::getURL() [Client.php:453]
5A46 .| | | | | | Final URI: https://mywebsite.com/?_app=login [Client.php:3553]
5A46 .| | | | | <= 'https://mywebsite.com/?_app=login'
5A46 .| | | | <= 'https://sso.mycasserver.com/cas/p3/serviceValidate?service=https%3A%2F%2Fmywebsite.com%2F%3F_app%3Dlogin'
5A46 .| | | | => CAS_Client::_readURL('https://sso.mycasserver.com/cas/p3/serviceValidate?service=https%3A%2F%2Fmywebsite.com%2F%3F_app%3Dlogin&ticket=ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com', NULL, NULL, NULL) [Client.php:3196]
5A46 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
5A46 .| | | | | | Response Body:
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
5A46 .| | | | | | <cas:authenticationSuccess>
5A46 .| | | | | | <cas:user>falrabei</cas:user>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | <cas:attributes>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | <cas:authenticationDate>2018-05-23T16:35:32.424+03:00</cas:authenticationDate>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | <cas:isFromNewLogin>true</cas:isFromNewLogin>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | </cas:attributes>
5A46 .| | | | | |
5A46 .| | | | | |
5A46 .| | | | | | </cas:authenticationSuccess>
5A46 .| | | | | | </cas:serviceResponse>
5A46 .| | | | | |
5A46 .| | | | | | [CurlRequest.php:84]
5A46 .| | | | | <= true
5A46 .| | | | <= true
5A46 .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3266]
5A46 .| | | | | Found nested jasig style attributes [Client.php:3350]
5A46 .| | | | | Attribute [authenticationDate] = 2018-05-23T16:35:32.424+03:00 [Client.php:3357]
5A46 .| | | | | Attribute [isFromNewLogin] = true [Client.php:3357]
5A46 .| | | | | Attribute [longTermAuthenticationRequestTokenUsed] = false [Client.php:3357]
5A46 .| | | | <= ''
5A46 .| | | | Storing Proxy List [Client.php:3275]
5A46 .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3278]
5A46 .| | | | | No proxies were found in the response [AllowedList.php:81]
5A46 .| | | | <= true
5A46 .| | | | => CAS_Client::_renameSession('ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com') [Client.php:3298]
5A46 .| | | | | Killing session: a1hg6vnqoj9pgtsmbt457h0ie3 [Client.php:3687]
5A46 .| | | | | Starting session: 50707b5d12ecfb29a92af7fec3037f0a1835dc57929802a9b16213b2bfcf52bd [Client.php:3691]
5A46 .| | | | | Restoring old session vars [Client.php:3694]
5A46 .| | | | <= ''
5A46 .| | | <= true
5A46 .| | | CAS 3.0 ticket `ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' was validated [Client.php:1453]
5A46 .| | | => CAS_Client::getURL() [Client.php:1518]
5A46 .| | | <= 'https://mywebsite.com/?_app=login'
5A46 .| | | Prepare redirect to : https://mywebsite.com/?_app=login [Client.php:1518]
5A46 .| | | => CAS_Client::getURL() [Client.php:1524]
5A46 .| | | <= 'https://mywebsite.com/?_app=login'
5A46 .| | | exit()
5A46 .| | | -
5A46 .| | -
5A46 .| -}}
after success cas login the web page https://mywebsite.com/?_app=login stop in loop redirects
my phpCAS is ver 1.3.5 @ mywebsite.com
my CAS server ver 4 @ sso.mycasserver.com
any help please, thanks for that.