Why multiple times? What's the story there?
--Misagh On Sun, Jun 19, 2016 at 2:29 PM, John Stevens II <
[email protected] [[email protected]] > wrote:
Well not necessarily a third application, all I really want to accomplish
here is to be able to authenticate a user via CAS rest api (which I can),
be a able validate that user via CAS rest api multiple times (which I
can't) and be able to log the user out via CAS rest api (which I can).
Is proxying necessary for this functionality?
On Friday, June 17, 2016 at 4:41:47 PM UTC-4, Ray Bon wrote: A ST is
(should be) validated only once and for only one service. Each service will
go through the CAS dance passing in the TGT and service URL to receive its
own ST.
If a third application needs to authenticate to your API, look at proxying,
https://apereo.github.io/cas/4.2.x/installation/Configuring-Proxy-Authentication.html
[https://apereo.github.io/cas/4.2.x/installation/Configuring-Proxy-Authentication.html]
Ray
On 2016-06-17 13:12, John Stevens II wrote:
Thank you, I've increased the service ticket timeout value and was able to
validate a ticket via /serviceValidate but I can only validate the ticket
once.
If I am using the CAS Rest API to authenticate API's that we develop I
would want to verify that the service ticket is valid on every call to our
API's. How do I achieve this or is there another recommended way to achieve
this?
I see the option st.numOfUses for service tickets but not sure if unlimited
is a valid option or if it's even recommended.
On Friday, June 17, 2016 at 3:42:22 PM UTC-4, Misagh Moayyed
wrote:/serviceValidate.
From: [email protected] [mailto: [email protected] ] On Behalf Of John
Stevens II
Sent: Friday, June 17, 2016 12:10 PM
To: CAS Community < [email protected] >
Cc: [email protected] ; [email protected]
Subject: Re: [cas-user] Rest API Service Ticket Validation Issue
Ok that may work, is that the recommended way to verify service tickets for
the Rest API (Without using the php client) or should I not be relying on
the actual client?
On Friday, June 17, 2016 at 2:49:08 PM UTC-4, Dmitriy Kopylenko wrote:
By the time the /serviceValidate with ST is called, the ST lifetime has
expired (10 seconds default). Increase the ST TTL on the CAS server to
something longer, but reasonable and see if it helps.
Best,
D.
On Jun 17, 2016, at 2:44 PM, John Stevens II < [email protected] > wrote:
Need some insight on how to properly use the Rest API.
I have a simple php application below castest.php:
<?php
require_once '/var/www/sites/CAS-1.3.4/CAS.php';
phpCAS::setDebug();
// Enable verbose error messages. Disable in production!
phpCAS::setVerbose(true);
// Initialize phpCAS
phpCAS::client(CAS_VERSION_2_0, ' access.example.com
[http://access.example.com] ', 443, '/cas');
phpCAS::setNoCasServerValidation();
// force CAS authentication
phpCAS::forceAuthentication();
echo "It worked";
?>
Visiting the php page in the browser works with no problem, I'm able to
authenticate and access the content with no problem.
I can post to my post server rest url to get my TGT:
Posting form data:
username=Randomuser&password=Randompassword
To:
[https://access.example.com/cas/v1/tickets] https://access.example.com/
[https://access.example.com/] cas/v1/tickets
Data (TGT) returned is:
[https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com]
https://access.example.com/ [https://access.example.com/]
cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com
Now I take my TGT url and post my service to get my ST:
Posting form data:
service=http%3A%2F% 2Ftest.example.com [http://2ftest.example.com]
%2Fcastest.php
To:
[https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com]
https://access.example.com/ [https://access.example.com/]
cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com
Data (ST) returned is:
0000: 53 54 2D 32 31 2D 79 47 59 69 57 6E 63 45 62 65 | ST-21-yGYiWncEbe |
0010: 70 78 78 71 33 4B 6E 78 4F 52 2D 63 61 73 32 2E | pxxq3KnxOR-cas2. |
0020: 69 6E 6D 61 72 2E 63 6F 6D | example.com [http://example.com] |
All is good so far, I have my TGT and ST now I should be able to access my
castest.php site so I do a get request on this url with my ticket as a
parameter:
Get:
[http://test.example.com/castest.php?ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com]
http://test.example.com/ [http://test.example.com/]
castest.php?ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com
Error is returned:
<html><head><title>CAS Authentication failed!</title></head><body><h1>CAS
Authentication failed!</h1><p>You were not authenticated.</p><p>You may
submit your request again by clicking <a href="
[http://test.example.com/castest.php] http://test.example.com/
[http://test.example.com/] castest.php">here</a>.</p><p>If the problem
persists, you may contact <a href="mailto: ro...@localhost ">the
administrator of this site</a>.</p><hr><address>phpCAS 1.3.4 using server
<a href=" [https://access.example.com/cas/] https://access.example
[https://access.example] .com/cas/"> [https://access.example.com/cas/]
https://access [https://access] .example.com/cas/</a> (CAS
2.0)</a></address></body></html><br />
<b>Fatal error</b>: Uncaught exception 'CAS_AuthenticationException' in
/var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php:3234
Stack trace:
#0 /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php(1419):
CAS_Client->validateCAS20(' https://access [https://access] ....',
'\n\n<cas:serviceR...', Object(DOMElement), false)
#1 /var/www/sites/vmbuild/CAS-1.3.4/CAS.php(1127):
CAS_Client->isAuthenticated()
#2 /var/www/sites/vmbuild/castest.php(21): phpCAS::isAuthenticated()
#3 {main}
thrown in <b>/var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php</b> on line
<b>3234</b><br />
Other things i've tried were to use the validation url to validate the
ticket that way but it says the ticket is not reconigzed:
Get or Post:
[https://access.example.com/cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php&ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com]
https://access.example.com/ [https://access.example.com/]
cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php&ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com
Returned:
<cas:serviceResponse xmlns:cas=" [http://www.yale.edu/tp/cas]
http://www.yale.edu/tp/ [http://www.yale.edu/tp/] cas">
<cas:authenticationFailure code="INVALID_TICKET">
Ticket ' ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com
[http://st-21-ygyiwncebepxxq3knxor-cas2.example.com] ' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
Just need to validate service tickets with/for the REST API any help would
be appreciated.
--
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected] .
To post to this group, send email to [email protected] .
Visit this group at
[https://groups.google.com/a/apereo.org/group/cas-user/]
https://groups.google.com/a/ [https://groups.google.com/a/]
apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org
[https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org?utm_medium=email&utm_source=footer]
.
For more options, visit [https://groups.google.com/a/apereo.org/d/optout]
https://groups.google.com/a/ [https://groups.google.com/a/]
apereo.org/d/optout.
--
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected] .
To post to this group, send email to [email protected] .
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
[https://groups.google.com/a/apereo.org/group/cas-user/] .
To view this discussion on the web visit
[https://groups.google.com/a/apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org?utm_medium=email&utm_source=footer]
https://groups.google.com/a/ [https://groups.google.com/a/]
apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org.
For more options, visit https://groups.google.com/a/apereo.org/d/optout
[https://groups.google.com/a/apereo.org/d/optout] .
--
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected] .
To post to this group, send email to [email protected] .
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
[https://groups.google.com/a/apereo.org/group/cas-user/] .
To view this discussion on the web visit
[https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org?utm_medium=email&utm_source=footer]
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org
[https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org]
.
For more options, visit https://groups.google.com/a/apereo.org/d/optout
[https://groups.google.com/a/apereo.org/d/optout] .
--
You received this message because you are subscribed to the Google Groups
"CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to [email protected] [[email protected]]
.
To post to this group, send email to [email protected]
[[email protected]] .
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/
[https://groups.google.com/a/apereo.org/group/cas-user/] .
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/318d0846-f1b6-4155-8d86-ded2013d2391%40apereo.org
[https://groups.google.com/a/apereo.org/d/msgid/cas-user/318d0846-f1b6-4155-8d86-ded2013d2391%40apereo.org?utm_medium=email&utm_source=footer]
.
For more options, visit https://groups.google.com/a/apereo.org/d/optout
[https://groups.google.com/a/apereo.org/d/optout] .
--
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b437139a-54a1-4015-baae-ceb9711bbf4a%40unicon.net.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.
