Its single sign on. I'm not sure what you expected to happen when you had two URLs use the same SSO server? Take a look at our Services Management tool if you want to restrict which services can actually use CAS.
Add renew=true if you want each application to force re-authentication. -Scott On Thu, Feb 26, 2009 at 5:40 AM, Gustavo Hartmann < [email protected]> wrote: > Hi there, > > > > I’m new to CAS so my question may sound silly. I got CAS 3.3.1 package > deployed on Tomcat 6.0.18, Java 1.6.0_06 and Ubuntu JEOS 8.04.1 VM. > Everything seems to work fine, I can ask CAS to log in on behalf a service > using the provided > *SimpleTestUsernamePasswordAuthenticationHandler*authentication handler and > CAS returns me a ticket. I can even simulate the > whole workflow described on CAS walkthrough wiki without a problem. > > > > I then CAS-ified a PHP application we have using the PHPCAS client. It > works fine but there’s something odd going on: it let’s me get the user > details even when I sign-in with a completely different service URL. I’ll > exemplify: > > > > CAS server URL: https://cas-sso.dev:8443/cas/ > > PHP Service URL: https://tsg-portal.dev/cas > > Random service: https://random.dev/service.php > > > > I go to the browser and ask for a ticket to Random service: > https://cas-sso.dev:8443/cas/login?service=https://random.dev/service.phpI > then log in using a username and password and CAS forwards me to random > service with a ticket appended to the URL, so far so good. > > > > I now open another tab and type https://tsg-portal.dev/. My application > has a filter which intercepts the call and checks using PHPCAS whether I got > a valid ticket already. It then tells me that I have an ST or PT and that > there is no need to authenticate. Here’s the PHPCAS debug dump: > > > > D1BA .START ****************** [CAS.php:414] > > D1BA .=> phpCAS::client('2.0', 'cas-sso.dev', 8443, 'cas/') > [actions.class.php:134] > > D1BA .| => CASClient::CASClient('2.0', false, 'cas-sso.dev', 8443, > 'cas/', true) [CAS.php:315] > > D1BA .| | Session ID: ST446sg0mQxTeTxBtgrK4Tmcasssodev > > D1BA .| | => CASClient::getURL() [client.php:517] > > D1BA .| | <= 'https://tsg-portal.dev/cas' > > D1BA .| | ST or PT 'ST-4-46sg0mQxTeTxBtgrK4Tm-cas-sso.dev' found > [client.php:594] > > D1BA .| <= '' > > D1BA .<= '' > > D1BA .=> phpCAS::setNoCasServerValidation() [actions.class.php:137] > > D1BA .<= '' > > D1BA .=> phpCAS::forceAuthentication() [actions.class.php:140] > > D1BA .| => CASClient::forceAuthentication() [CAS.php:911] > > D1BA .| | => CASClient::isAuthenticated() [client.php:686] > > D1BA .| | | => CASClient::wasPreviouslyAuthenticated() > [client.php:791] > > D1BA .| | | | no user found [client.php:895] > > D1BA .| | | <= false > > D1BA .| | | PT `ST-4-46sg0mQxTeTxBtgrK4Tm-cas-sso.dev' is present > [client.php:812] > > D1BA .| | | => CASClient::validatePT('', NULL, NULL) > [client.php:813] > > D1BA .| | | | => CASClient::getURL() [client.php:396] > > D1BA .| | | | <= 'https://tsg-portal.dev/cas' > > D1BA .| | | | => CASClient::readURL(' > https://cas-sso.dev:8443/cas/proxyValidate?service=https%3A%2F%2Ftsg-portal.dev%2Fcas&ticket=ST-4-46sg0mQxTeTxBtgrK4Tm-cas-sso.$ > > D1BA .| | | | <= true > > D1BA .| | | <= true > > D1BA .| | | PT `ST-4-46sg0mQxTeTxBtgrK4Tm-cas-sso.dev' was > validated [client.php:814] > > D1BA .| | <= true > > D1BA .| | no need to authenticate [client.php:688] > > D1BA .| <= true > > D1BA .| no need to authenticate (user `admin' is already authenticated) > [CAS.php:925] > > D1BA .<= '' > > > > I find this strange, not sure I should be able to get details from a user > authenticated under a completely different service URL. > > > > Am I missing something? > > > > Thanks in advance, > > Gustavo > > > > > This message has been scanned for viruses by Viatel MailControl > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
