Hi Khurram,
Matthew has already spotted the error in your debug log.
You seem to have some SSL error during the callback to the cas server to
validate the ticket. This is usually cause by not setting the CA
certificate which signed the CAS server SSL certificate:
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
or not skipping certificate validation (not recommended for production):
phpCAS::setNoCasServerValidation();
Otherwise the curl manual for #35 is a handshake error:
"A problem occurred somewhere in the SSL/TLS handshake. You really want
the error buffer and read the message there as it pinpoints the problem
slightly more. Could be certificates (file formats, paths, permissions),
passwords, and others."
Maybe you have supplied a wrong format as a certificate or something
else went wrong. Try using curl on the commandline to connect to the cas
server. That might give you some hint if you play around with the
parameters. (debug, verbose, setting certificate etc.)
Regards,
Joachim
On 06.03.2012 18:11, Matthew Selwood wrote:
Hi Khurram,
I think this is the interesting part of your log:
F3DE .| | | could not open URL
'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>'
to validate (CURL error #35: error:14077438:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error)
[Client.php:2595]
F3DE .| | | => CAS_Client::authError('PT not validated',
'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>',
true) [Client.php:2598]
F3DE .| | | | => CAS_Client::getURL() [Client.php:3014]
F3DE .| | | | <= 'http://localhost/testApp/index.php'
F3DE .| | | | CAS URL:
https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>
[Client.php:3015]
F3DE .| | | | Authentication failure: PT not validated [Client.php:3016]
F3DE .| | | | Reason: no response from the CAS server [Client.php:3018]
F3DE .| | | | exit()
You aren't properly validating your service ticket because the CURL failed.
"URLE_SSL_CONNECT_ERROR (35)
A problem occurred somewhere in the SSL/TLS handshake. You really want
the error buffer and read the message there as it pinpoints the problem
slightly more. Could be certificates (file formats, paths, permissions),
passwords, and others."
Source: http://curl.haxx.se/libcurl/c/libcurl-errors.html
I'm guessing it's a certificate issue. What do you see in cas.log?
Matt
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
