Hi Khurram,
i just checked you first debug log you sent yesterday. It did not
contain the phpCAS::setNoCasServerValidation().
But anyway your curl ssl problem still persists. Could it be that you
are running into this issue between tomcat7 and ssl:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/861137
can you please try adding the following after the phpCAS:client() call:
phpCAS::setExtraCurlOption(CURLOPT_SSLVERSION,3);
Regards,
Joachim
On 07.03.2012 16:49, Khurram Shahzad wrote:
Hi,
We have further checked the validation URL it gives the following response.
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
ticket'ST-4-IbtqotJxsgntvDnxcxbc-cas' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
As it just generated the ticket a minute ago and successfully
authenticated so how can it be invalid. A word or further instructions
on it.
Again my full log on this is as follows,
8CFD .START phpCAS-1.2.2 ****************** [CAS.php:478]
8CFD .=> phpCAS::client('2.0', 'localhost', 8443,
'/cas-server-webapp-3.4.11') [index.php:15]
8CFD .| => CAS_Client::__construct('2.0', false, 'localhost',
8443, '/cas-server-webapp-3.4.11', true) [CAS.php:379]
8CFD .| | Starting a new session [Client.php:710]
8CFD .| <= ''
8CFD .<= ''
8CFD .=> phpCAS::setNoCasServerValidation() [index.php:18]
8CFD .<= ''
8CFD .=> phpCAS::forceAuthentication() [index.php:19]
8CFD .| => CAS_Client::forceAuthentication() [CAS.php:1081]
8CFD .| | => CAS_Client::isAuthenticated() [Client.php:962]
8CFD .| | | => CAS_Client::wasPreviouslyAuthenticated()
[Client.php:1058]
8CFD .| | | | no user found [Client.php:1239]
8CFD .| | | <= false
8CFD .| | | no ticket found [Client.php:1120]
8CFD .| | <= false
8CFD .| | => CAS_Client::redirectToCas(false) [Client.php:971]
8CFD .| | | => CAS_Client::getServerLoginURL(false, false)
[Client.php:1255]
8CFD .| | | | => CAS_Client::getURL() [Client.php:356]
8CFD .| | | | | Final URI:
http://localhost/testApp/index.php [Client.php:2886]
8CFD .| | | | <= 'http://localhost/testApp/index.php'
8CFD .| | | <=
'https://localhost:8443/cas-server-webapp-3.4.11/login?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php'
8CFD .| | | Redirect to :
https://localhost:8443/cas-server-webapp-3.4.11/login?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php
[Client.php:1257]
8CFD .| | | exit()
8CFD .| | | -
8CFD .| | -
8CFD .| -
ED45 .START phpCAS-1.2.2 ****************** [CAS.php:478]
ED45 .=> phpCAS::client('2.0', 'localhost', 8443,
'/cas-server-webapp-3.4.11') [index.php:15]
ED45 .| => CAS_Client::__construct('2.0', false, 'localhost',
8443, '/cas-server-webapp-3.4.11', true) [CAS.php:379]
ED45 .| | Starting a new session [Client.php:710]
ED45 .| | ST or PT 'ST-4-IbtqotJxsgntvDnxcxbc-cas' found
[Client.php:796]
ED45 .| <= ''
ED45 .<= ''
ED45 .=> phpCAS::setNoCasServerValidation() [index.php:18]
ED45 .<= ''
ED45 .=> phpCAS::forceAuthentication() [index.php:19]
ED45 .| => CAS_Client::forceAuthentication() [CAS.php:1081]
ED45 .| | => CAS_Client::isAuthenticated() [Client.php:962]
ED45 .| | | => CAS_Client::wasPreviouslyAuthenticated()
[Client.php:1058]
ED45 .| | | | no user found [Client.php:1239]
ED45 .| | | <= false
ED45 .| | | PT `ST-4-IbtqotJxsgntvDnxcxbc-cas' is present
[Client.php:1093]
ED45 .| | | => CAS_Client::validatePT('', NULL, NULL)
[Client.php:1094]
ED45 .| | | | [Client.php:2584]
ED45 .| | | | => CAS_Client::getServerProxyValidateURL()
[Client.php:2586]
ED45 .| | | | | => CAS_Client::getURL() [Client.php:475]
ED45 .| | | | | | Final URI:
http://localhost/testApp/index.php [Client.php:2886]
ED45 .| | | | | <= 'http://localhost/testApp/index.php'
ED45 .| | | | <=
'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php'
ED45 .| | | | => CAS_CurlRequest::_sendRequest()
[AbstractRequest.php:191]
ED45 .| | | | | curl_exec() failed [CurlRequest.php:128]
ED45 .| | | | <= false
ED45 .| | | | could not open URL
'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas>'
to validate (CURL error #35: error:14077438:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error)
[Client.php:2595]
ED45 .| | | | => CAS_Client::authError('PT not
validated',
'https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas>',
true) [Client.php:2598]
ED45 .| | | | | => CAS_Client::getURL() [Client.php:3014]
ED45 .| | | | | <= 'http://localhost/testApp/index.php'
ED45 .| | | | | CAS URL:
https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-4-IbtqotJxsgntvDnxcxbc-cas>
[Client.php:3015]
ED45 .| | | | | Authentication failure: PT not
validated [Client.php:3016]
ED45 .| | | | | Reason: no response from the CAS
server [Client.php:3018]
ED45 .| | | | | exit()
ED45 .| | | | | -
ED45 .| | | | -
ED45 .| | | -
ED45 .| | -
ED45 .| -
Best Regards,
Khurram Shahzad.
---------- Forwarded message ----------
From: *Khurram Shahzad* <[email protected]
<mailto:[email protected]>>
Date: 7 March 2012 18:54
Subject: Re: [cas-user] phpCAS support for CAS Server issue
To: [email protected] <mailto:[email protected]>
Hi Matthew, Joachim and community,
As its a local dev machine so I am using the
phpCAS::setNoCasServerValidation(); , so I am not sure why i am
repeatedly hit by this error. Also my certs are self generated keystore
for tomcat, so that tomcat ssl is working good. Also client php is
placed at apache which now also have their certs and stuff.
Still I am unable to reach the cause of this error. Can you direct me
further on where to look to find and resolve the issue.
Best regards,
Khurram.
On 7 March 2012 01:02, Joachim Fritschi <[email protected]
<mailto:[email protected]>> wrote:
Hi Khurram,
Matthew has already spotted the error in your debug log.
You seem to have some SSL error during the callback to the cas
server to validate the ticket. This is usually cause by not setting
the CA certificate which signed the CAS server SSL certificate:
phpCAS::setCasServerCACert($__cas_server_ca_cert_path);
or not skipping certificate validation (not recommended for production):
phpCAS::__setNoCasServerValidation();
Otherwise the curl manual for #35 is a handshake error:
"A problem occurred somewhere in the SSL/TLS handshake. You really
want the error buffer and read the message there as it pinpoints the
problem slightly more. Could be certificates (file formats, paths,
permissions), passwords, and others."
Maybe you have supplied a wrong format as a certificate or something
else went wrong. Try using curl on the commandline to connect to the
cas server. That might give you some hint if you play around with
the parameters. (debug, verbose, setting certificate etc.)
Regards,
Joachim
On 06.03.2012 18:11, Matthew Selwood wrote:
Hi Khurram,
I think this is the interesting part of your log:
F3DE .| | | could not open URL
'https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>
<https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>>'
to validate (CURL error #35: error:14077438:SSL
routines:SSL23_GET_SERVER___HELLO:tlsv1 alert internal error)
[Client.php:2595]
F3DE .| | | => CAS_Client::authError('PT not validated',
'https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>
<https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>>',
true) [Client.php:2598]
F3DE .| | | | => CAS_Client::getURL() [Client.php:3014]
F3DE .| | | | <= 'http://localhost/testApp/__index.php
<http://localhost/testApp/index.php>'
F3DE .| | | | CAS URL:
https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>
<https://localhost:8443/cas-__server-webapp-3.4.11/__proxyValidate?service=http%3A%__2F%2Flocalhost%2FtestApp%__2Findex.php&ticket=ST-29-__1fcy5UPRwNcc7sve4c1L-cas
<https://localhost:8443/cas-server-webapp-3.4.11/proxyValidate?service=http%3A%2F%2Flocalhost%2FtestApp%2Findex.php&ticket=ST-29-1fcy5UPRwNcc7sve4c1L-cas>>
[Client.php:3015]
F3DE .| | | | Authentication failure: PT not validated
[Client.php:3016]
F3DE .| | | | Reason: no response from the CAS server
[Client.php:3018]
F3DE .| | | | exit()
You aren't properly validating your service ticket because the
CURL failed.
"URLE_SSL_CONNECT_ERROR (35)
A problem occurred somewhere in the SSL/TLS handshake. You
really want
the error buffer and read the message there as it pinpoints the
problem
slightly more. Could be certificates (file formats, paths,
permissions),
passwords, and others."
Source: http://curl.haxx.se/libcurl/c/__libcurl-errors.html
<http://curl.haxx.se/libcurl/c/libcurl-errors.html>
I'm guessing it's a certificate issue. What do you see in cas.log?
Matt
--
You are currently subscribed to [email protected]
<mailto:[email protected]> as:
khurram.shahzad@zeptosystems.__com
<mailto:[email protected]>
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/__display/JSG/cas-user
<http://www.ja-sig.org/wiki/display/JSG/cas-user>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
