Hi Khurram, I think this is the interesting part of your log:
F3DE .| | | could not open URL 'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>' to validate (CURL error #35: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) [Client.php:2595] F3DE .| | | => CAS_Client::authError('PT not validated', 'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>', true) [Client.php:2598] F3DE .| | | | => CAS_Client::getURL() [Client.php:3014] F3DE .| | | | <= 'http://localhost/testApp/index.php' F3DE .| | | | CAS URL: https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> [Client.php:3015] F3DE .| | | | Authentication failure: PT not validated [Client.php:3016] F3DE .| | | | Reason: no response from the CAS server [Client.php:3018] F3DE .| | | | exit() You aren't properly validating your service ticket because the CURL failed. "URLE_SSL_CONNECT_ERROR (35) A problem occurred somewhere in the SSL/TLS handshake. You really want the error buffer and read the message there as it pinpoints the problem slightly more. Could be certificates (file formats, paths, permissions), passwords, and others." Source: http://curl.haxx.se/libcurl/c/libcurl-errors.html I'm guessing it's a certificate issue. What do you see in cas.log? Matt -- Matthew Selwood [email protected] 250-472-5565 On 03/06/2012 12:37 AM, Khurram Shahzad wrote: > Thanks for all your help, I am looking more into this according to > instructions from 'Joachim' and 'Fredrik', meanwhile may be you can > have a look on my logs to find if something seriously wrong there. So > following are my logs. > > E375 .START phpCAS-1.2.2 ****************** [CAS.php:478] > E375 .=> CAS_Client::__construct('2.0', false, 'localhost', 8443, > 'cas-server-webapp-3.4.11') [index.php:6] > E375 .| Starting a new session [Client.php:710] > E375 .<= '' > E375 .=> CAS_Client::forceAuthentication() [index.php:8] > E375 .| => CAS_Client::isAuthenticated() [Client.php:962] > E375 .| | => CAS_Client::wasPreviouslyAuthenticated() > [Client.php:1058] > E375 .| | | no user found [Client.php:1239] > E375 .| | <= false > E375 .| | no ticket found [Client.php:1120] > E375 .| <= false > E375 .| => CAS_Client::redirectToCas(false) [Client.php:971] > E375 .| | => CAS_Client::getServerLoginURL(false, false) > [Client.php:1255] > E375 .| | | => CAS_Client::getURL() [Client.php:356] > E375 .| | | | Final URI: > http://localhost/testApp/index.php [Client.php:2886] > E375 .| | | <= 'http://localhost/testApp/index.php' > E375 .| | <= > > 'https://localhost:8443/cas-server-webapp-3.4.11/login?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php' > E375 .| | Redirect to : > > https://localhost:8443/cas-server-webapp-3.4.11/login?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php > [Client.php:1257] > E375 .| | exit() > E375 .| | - > E375 .| - > F3DE .START phpCAS-1.2.2 ****************** [CAS.php:478] > F3DE .=> CAS_Client::__construct('2.0', false, 'localhost', 8443, > 'cas-server-webapp-3.4.11') [index.php:6] > F3DE .| Starting a new session [Client.php:710] > F3DE .| ST or PT 'ST-29-1fcy5UPRwNcc7sve4c1L-cas' found > [Client.php:796] > F3DE .<= '' > F3DE .=> CAS_Client::forceAuthentication() [index.php:8] > F3DE .| => CAS_Client::isAuthenticated() [Client.php:962] > F3DE .| | => CAS_Client::wasPreviouslyAuthenticated() > [Client.php:1058] > F3DE .| | | no user found [Client.php:1239] > F3DE .| | <= false > F3DE .| | PT `ST-29-1fcy5UPRwNcc7sve4c1L-cas' is present > [Client.php:1093] > F3DE .| | => CAS_Client::validatePT('', NULL, NULL) > [Client.php:1094] > F3DE .| | | [Client.php:2584] > F3DE .| | | => CAS_Client::getServerProxyValidateURL() > [Client.php:2586] > F3DE .| | | | => CAS_Client::getURL() [Client.php:475] > F3DE .| | | | | Final URI: > http://localhost/testApp/index.php [Client.php:2886] > F3DE .| | | | <= 'http://localhost/testApp/index.php' > F3DE .| | | <= > > 'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php' > F3DE .| | | => CAS_CurlRequest::_sendRequest() > [AbstractRequest.php:191] > F3DE .| | | | curl_exec() failed [CurlRequest.php:128] > F3DE .| | | <= false > F3DE .| | | could not open URL > > 'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas > > <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>' > to validate (CURL error #35: error:14077438:SSL > routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) > [Client.php:2595] > F3DE .| | | => CAS_Client::authError('PT not validated', > > 'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas > > <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>', > true) [Client.php:2598] > F3DE .| | | | => CAS_Client::getURL() [Client.php:3014] > F3DE .| | | | <= 'http://localhost/testApp/index.php' > F3DE .| | | | CAS URL: > > https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas > > <https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas> > [Client.php:3015] > F3DE .| | | | Authentication failure: PT not validated > [Client.php:3016] > F3DE .| | | | Reason: no response from the CAS server > [Client.php:3018] > F3DE .| | | | exit() > F3DE .| | | | - > F3DE .| | | - > F3DE .| | - > F3DE .| - > > > Best Regards, > Khurram Shahzad, > Snr. PHP Developer, > Zepto Systems, > Islamabad, Pakistan. > > On 6 March 2012 12:59, Fredrik Jönsson <[email protected] > <mailto:[email protected]>> wrote: > > Typically, the service url used for validation must be the same as > the URL provided on login, using different service urls for login > and validation is probably the most common issue, in particular > with PHP apps. > > A common scenario is that you want users to enter your PHP app at > some specific url, in which case you need to set it before the > forceAuthentication call with: > > phpCAS::setFixedCallbackURL('http://myserver/my_entry_point.php' > <http://myserver/my_entry_point.php%27>); > > This may or may not apply to your app. > > Regards, > /Fredrik > > 5 mar 2012 kl. 19:22 skrev Joachim Fritschi: > > > Hi Khurram, > > > > have you tried one of the examples? If not please do. This is > the fastest way to check out if your setup work before working on > any advanced integration scenarios. > > > > For troubleshooting please also have a look at: > > > > https://wiki.jasig.org/display/CASC/phpCAS+troubleshooting > > > > If you look at the debug log, the webserver log and system log > you should normally get a clue why your problem occurrs. Usually > it's session troubles, write permissions or missing certificates. > > > > If you have a debug log and can't figure it on you own please > share it with us after replacing all ips and dns name. If you > share it together with the webserver access log i'm pretty sure we > can work out you problem. > > > > Regards, > > > > Joachim > > > > > > > > On 05.03.2012 15:08, Khurram Shahzad wrote: > >> Thanx, Things are now much better but another strange issue, it > directs > >> me to the cas login screen, When I login I know it logs me in > >> successfully because if I provide incorrect credentials it will > stop me > >> on same cas login screen ... but when the credentials are > correct, it > >> does redirect me back with a authentication ticket number but > back on > >> screen where the process was started it says "you were not > >> authenticated" but I does authenticated as it issued a return > ticket.. > >> > >> So in short, authentication is done successfully with cas, but > when it > >> returns me back to original screen with a ticket, it says > authentication > >> failed. > >> > >> Any words on this? > >> > >> > >> > >> On 5 March 2012 16:36, Scott Battaglia > <[email protected] <mailto:[email protected]> > >> <mailto:[email protected] > <mailto:[email protected]>>> wrote: > >> > >> I don't know phpCAS client specifically, but typically the > clients > >> only care about the protocol (i.e. 1.0 or 2.0) and not the > actual > >> server version: > >> > phpCAS::client(CAS_VERSION_2_0,$cas_host,$cas_port,$cas_context); > >> > >> > > https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_simple.php > >> > >> > >> Cheers, > >> Scott > >> > >> > >> On Mon, Mar 5, 2012 at 6:05 AM, Khurram Shahzad > >> <[email protected] > <mailto:[email protected]> > >> <mailto:[email protected] > <mailto:[email protected]>>> wrote: > >> > >> Hi, > >> > >> I have setup the CAS server ver. 3.4.11 via LDAP > authentication > >> method on a local machine. I able to login via default > java client. > >> > >> Now, I needed to authenticate via php so dowloaded the > latest > >> phpCAS ver. 1.2.2, When I wrote some basic > authentication code i > >> got the following error. > >> > >> phpCAS error: phpCAS::?(): this version of CAS > (`3.4.11') is > >> not supported by phpCAS 1.2.2 in ? on line ? > >> > >> > >> My basic test code was as follows > >> > >> include "../CAS-1.2.2/CAS.php"; > >> $obj = new > >> > CAS_Client('3.4.11',false,"localhost",8443,"cas-server-webapp-3.4.11"); > >> $obj->forceAutehentication(); > >> > >> > >> As phpCAS 1.2.2 is latest so it must support latest > 3.4.11, so > >> can any one direct me, is it a false alarm or i really > need to > >> look for another PHP to CAS client? Also can anyone suggest > >> another one. > >> > >> Best Regards, > >> Khurram, > >> Snr. PHP Developer, > >> Zepto Systems, > >> Pakistan. > >> > >> Cell: +923005237149 <tel:%2B923005237149> > <tel:%2B923005237149> > >> > >> -- > >> You are currently subscribed [email protected] > <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>> as:[email protected] > <mailto:as%[email protected]> > <mailto:[email protected] <mailto:[email protected]>> > >> > >> > >> > >> To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> > >> > >> > >> -- > >> You are currently subscribed [email protected] > <mailto:[email protected]> > <mailto:[email protected] > <mailto:[email protected]>> > as:[email protected] > <mailto:as%[email protected]> > <mailto:[email protected] > <mailto:[email protected]>> > >> > >> To unsubscribe, change settings or access archives, > seehttp://www.ja-sig.org/wiki/display/JSG/cas-user > <http://www.ja-sig.org/wiki/display/JSG/cas-user> > >> > >> > >> -- > >> You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] > <mailto:[email protected]> > >> To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > > > > > > -- > > You are currently subscribed to [email protected] > <mailto:[email protected]> as: [email protected] <mailto:[email protected]> > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] > <mailto:[email protected]> as: > [email protected] > <mailto:[email protected]> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
