Hi all, A few months back, i had problems with trying to configure egroupware 1.6 with Jasig CAS in order to get SSO. After a few days dealing with it i was able to get it, but now i'm getting no success with egroupware 1.8.
I downloaded egroupware 1.8 for my environment (Debian Lenny) and installed last version of phpCAS, php5-curl and curl package. When i enter in the setup page of egroupware i put this configuration: [...] Authentication / Accounts Select which type of authentication are you using [ CAS ] Activate safe passwords [ No ] Allow authentication via cookie [ Yes ] [...] if using cas (Central Authentication Service): cas server host name: test.mydomain.com cas server port: 8443 cas server uri: /cas Authentication mode: PHP-Proxy SSL Validation: No In egroupware 1.6 i was able to get it working using PHP Client, but as far as i know, since 1.8 code i have to use PHP Proxy instead. (According also to the VERY LITTLE information that appears regarding this in the egroupware website [1]: I set debug option "on", in the login.php of egroupware to see what is going on and here is the output when i try to authenticate myself to http://test.mydomain.com/egroupware 6641 .START phpCAS-1.1.2 ****************** [CAS.php:494] 6641 .=> phpCAS::proxy('2.0', 'ldap.mydomain.com', 8443, 'cas') [login.php:64] 6641 .| => CASClient::CASClient('2.0', true, 'ldap.mydomain.com', 8443, 'cas', true) [CAS.php:446] 6641 .| | Starting a new session [client.php:599] 6641 .| <= '' 6641 .<= '' 6641 .=> phpCAS::setNoCasServerValidation() [login.php:87] 6641 .<= '' 6641 .=> phpCAS::forceAuthentication() [login.php:90] 6641 .| => CASClient::forceAuthentication() [CAS.php:969] 6641 .| | => CASClient::isAuthenticated() [client.php:868] 6641 .| | | => CASClient::wasPreviouslyAuthenticated() [client.php:973] 6641 .| | | | neither user not PGT found [client.php:1091] 6641 .| | | <= false 6641 .| | | no ticket found [client.php:1024] 6641 .| | <= false 6641 .| | => CASClient::redirectToCas(false) [client.php:877] 6641 .| | | => CASClient::getServerLoginURL(false, false) [client.php:1121] 6641 .| | | | => CASClient::getURL() [client.php:360] 6641 .| | | | | Final URI: https://test.mydomain.com/egroupware/login.php?phpgw_forward=% 2Findex.php [client.php:2653] 6641 .| | | | <= 'https://test.mydomain.com/egroupware/login.php?phpgw_forward=% 2Findex.php' 6641 .| | | <= 'https://ldap.mydomain.com:8443/cas/login?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D% 252Findex.php' 6641 .| | | Redirect to : https://ldap.mydomain.com:8443/cas/login?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D% 252Findex.php 6641 .| | | exit() 6641 .| | | - 6641 .| | - 6641 .| - CA3F .START phpCAS-1.1.2 ****************** [CAS.php:494] CA3F .=> phpCAS::proxy('2.0', 'ldap.mydomain.com', 8443, 'cas') [login.php:64] CA3F .| => CASClient::CASClient('2.0', true, 'ldap.mydomain.com', 8443, 'cas', true) [CAS.php:446] CA3F .| | Starting a new session [client.php:599] CA3F .| | ST or PT 'ST-391-3f4j7TCPhqHyWY3UgrBK-cas' found [client.php:676] CA3F .| <= '' CA3F .<= '' CA3F .=> phpCAS::setNoCasServerValidation() [login.php:87] CA3F .<= '' CA3F .=> phpCAS::forceAuthentication() [login.php:90] CA3F .| => CASClient::forceAuthentication() [CAS.php:969] CA3F .| | => CASClient::isAuthenticated() [client.php:868] CA3F .| | | => CASClient::wasPreviouslyAuthenticated() [client.php:973] CA3F .| | | | neither user not PGT found [client.php:1091] CA3F .| | | <= false CA3F .| | | PT `ST-391-3f4j7TCPhqHyWY3UgrBK-cas' is present [client.php:1002] CA3F .| | | => CASClient::validatePT('', NULL, NULL) [client.php:1003] CA3F .| | | | => CASClient::getURL() [client.php:480] CA3F .| | | | | Final URI: https://test.mydomain.com/egroupware/login.php?phpgw_forward=% 2Findex.php [client.php:2653] CA3F .| | | | <= 'https://test.mydomain.com/egroupware/login.php?phpgw_forward=% 2Findex.php' CA3F .| | | | => CASClient::readURL('https://ldap.mydomain.com:8443/cas/proxyValidate?service=https%3A%2F%2Ftest.mydomain.com%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%252Findex.php&ticket=ST-391-3f4j7TCPhqHyWY3UgrBK-cas&pgtUrl=https%3A%2F%2Ftest.mydomain.com%2Fegroupware%2Flogin.php', '', NULL, NULL, NULL) [client.php:2504] C218 .START phpCAS-1.1.2 ****************** [CAS.php:494] C218 .=> phpCAS::proxy('2.0', 'ldap.mydomain.com', 8443, 'cas') [login.php:64] C218 .| => CASClient::CASClient('2.0', true, 'ldap.mydomain.com', 8443, 'cas', true) [CAS.php:446] C218 .| | Starting a new session [client.php:599] C218 .| <= '' C218 .<= '' C218 .=> phpCAS::setNoCasServerValidation() [login.php:87] C218 .<= '' C218 .=> phpCAS::forceAuthentication() [login.php:90] C218 .| => CASClient::forceAuthentication() [CAS.php:969] C218 .| | => CASClient::isAuthenticated() [client.php:868] C218 .| | | => CASClient::wasPreviouslyAuthenticated() [client.php:973] C218 .| | | | neither user not PGT found [client.php:1091] C218 .| | | <= false C218 .| | | no ticket found [client.php:1024] C218 .| | <= false C218 .| | => CASClient::redirectToCas(false) [client.php:877] C218 .| | | => CASClient::getServerLoginURL(false, false) [client.php:1121] C218 .| | | | => CASClient::getURL() [client.php:360] C218 .| | | | | Final URI: https://test.mydomain.com/egroupware/login.php [client.php:2653] C218 .| | | | <= 'https://test.mydomain.com/egroupware/login.php' C218 .| | | <= 'https://ldap.mydomain.com:8443/cas/login?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php' C218 .| | | Redirect to : https://ldap.mydomain.com:8443/cas/login?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php C218 .| | | exit() C218 .| | | - C218 .| | - C218 .| - CA3F .| | | | <= true CA3F .| | | | => CASClient::renameSession('ST-391-3f4j7TCPhqHyWY3UgrBK-cas') [client.php:2567] CA3F .| | | | | Session ID: ST3913f4j7TCPhqHyWY3UgrBKcas [client.php:737] CA3F .| | | | | Restoring old session vars [client.php:740] CA3F .| | | | <= '' CA3F .| | | <= true CA3F .| | | PT `ST-391-3f4j7TCPhqHyWY3UgrBK-cas' was validated [client.php:1004] CA3F .| | | start validatePGT() CA3F .| | | <proxyGrantingTicket> not found [client.php:1998] CA3F .| | | => CASClient::authError('Ticket validated but no PGT Iou transmitted', 'https://ldap.mydomain.com:8443/cas/proxyValidate?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D% 252Findex.php&ticket=ST-391-3f4j7TCPhqHyWY3UgrBK-cas&pgtUrl=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php', false, false, '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'> <cas:authenticationSuccess> <cas:user>jrosental</cas:user> </cas:authenticationSuccess></cas:serviceResponse>') [client.php:2004] CA3F .| | | | => CASClient::getURL() [client.php:2713] CA3F .| | | | <= 'https://test.mydomain.com/egroupware/login.php?phpgw_forward=% 2Findex.php' CA3F .| | | | CAS URL: https://ldap.mydomain.com:8443/cas/proxyValidate?service=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D% 252Findex.php&ticket=ST-391-3f4j7TCPhqHyWY3UgrBK-cas&pgtUrl=https%3A%2F% 2Ftest.mydomain.com%2Fegroupware%2Flogin.php [client.php:2714] CA3F .| | | | Authentication failure: Ticket validated but no PGT Iou transmitted [client.php:2715] CA3F .| | | | Reason: no CAS error [client.php:2728] CA3F .| | | | CAS response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>jrosental</cas:user> </cas:authenticationSuccess> </cas:serviceResponse> [client.php:2734] CA3F .| | | | exit() CA3F .| | | | - CA3F .| | | - CA3F .| | - CA3F .| - Regards. -- Joel Rosental R. Systems Administrator. GPG Fingerprint = 49AF BC22 A6D1 9833 A421 7330 A0FB E34E AFCB 4CCA Tel: +34 91 481 6987 Fax: + 34 91 481 6987 Web: http://www.networks.imdea.org IMDEA Networks Avda. del Mar Mediterraneo, 22 28918 Leganes (Madrid). Spain
signature.asc
Description: This is a digitally signed message part
