Re: Re[cas-user] direction (?) loop of "Granting service ticket"

Tue, 20 Oct 2009 02:23:07 -0700 

Hi Marvin,
I gave a look at the phpCAS examples and it's funny.
The phpCAS methods have no explicit call of any of the certificate dealing functions. 

So I just added a

phpCAS::setNoCasServerValidation();

immediately before of the call to:
if (phpCAS::checkAuthentication()) {
               $frm->username=phpCAS::getUser();
//              if (phpCAS::getUser()=='esup9992')
//                      $frm->username='erhar0062';
               $frm->password="passwdCas";
               return;
        }

What happens is:
- withouth the call to setNoCasServerValidation(), I get the error
phpCAS error: phpCAS::checkAuthentication(): one of the methods phpCAS::setCasServerCert(), phpCAS::setCasServerCACert() or phpCAS::setNoCasServerValidation() must be called. in /www/moodle/auth/cas/auth.php on line 111
- with the call, the browser seems to take the eternity to check it and either stays in "waiting for https://moodle.myserver.../devmoodle/login/index.php"; or - after over 4-5 minutes - "CAS Authentication failed" (despite seeing from the logs that
2009-10-20 10:14:57,978 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-3-MzeLUrYcohZvMaBLBbny-cas] for service [https://moodle.myserver.../devmoodle/login/index.php] for user [user]>
2009-10-20 10:15:08,169 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Reloading registered services.> 2009-10-20 10:15:08,169 INFO [org.jasig.cas.services.DefaultServicesManagerImpl] - <Loaded 0 services.> 

I start being really puzzled -_-

Giuseppe

Marvin Addison wrote:

Or is it maybe a configuration issue? Do I have to activate the certificate
check somewhere?


Yes.  Hopefully someone with Moodle experience can chime in here -- I
didn't even realize Moodle used phpCAS.  Once you find the right place
in Moodle to configure the phpCAS client,
http://www.ja-sig.org/wiki/display/CASC/phpCAS+examples give examples
of both disabling the cert check (not recommended) and enabling an
explicity trust check.

M




--
Giuseppe Sollazzo
Systems Developer / Administrator

Computing Services
St. George's, University of London


--
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to