Here is a copy of the logs from the client application. You can see about half
way down, that there's nothing in the response body. The vendor claims that
there should be attributes in this section and has sent me a log clip from
their test server that has this information there.
I enabled the attributes management when I configured the service in the CAS
Services Management portal. So, if that article doesn't apply to my situation,
I'm not sure what the problem is.
Does this log reveal the silver bullet that I just don't see?
Geoff
FD8A .START phpCAS-1.3.1 ****************** [CAS.php:450]
FD8A .=> phpCAS::client('S1', 'myserver.mydomain.unf.edu', 443, 'login')
[casAuthBackend.php:35]
FD8A .| => CAS_Client::__construct('S1', false, 'myserver.mydomain.unf.edu',
443, 'login', true) [CAS.php:347]
FD8A .| | Ticket 'ST-2-rfP6EGq4tZpwUyVgSYnf-myserver.mydomain.unf.edu'
found [Client.php:868]
FD8A .| <= ''
FD8A .<= ''
FD8A .=>
phpCAS::setCasServerCACert('/var/www/erezlife/unf_staging/uploads/erez6NPuqg')
[casAuthBackend.php:45]
FD8A .<= ''
FD8A .=> phpCAS::isAuthenticated() [casAuthBackend.php:49]
FD8A .| => CAS_Client::isAuthenticated() [CAS.php:1150]
FD8A .| | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1187]
FD8A .| | | no user found [Client.php:1373]
FD8A .| | <= false
FD8A .| | SAML 1.1 ticket
`ST-2-rfP6EGq4tZpwUyVgSYnf-myserver.mydomain.unf.edu' is present
[Client.php:1242]
FD8A .| | => CAS_Client::validateSA('', NULL, NULL) [Client.php:1243]
FD8A .| | | => CAS_Client::getServerSamlValidateURL() [Client.php:1745]
FD8A .| | | | => CAS_Client::getURL() [Client.php:436]
FD8A .| | | | | Final URI:
https://florida.erezlife.com/unf_staging/one.php?outputter=loginManager&purpose=login
[Client.php:3060]
FD8A .| | | | <=
'https://florida.erezlife.com/unf_staging/one.php?outputter=loginManager&purpose=login'
FD8A .| | | <=
'https://myserver.mydomain.unf.edu/login/samlValidate?TARGET=https%3A%2F%2Fflorida.erezlife.com%2Funf_staging%2Fone.php%3Foutputter%3DloginManager%26purpose%3Dlogin'
FD8A .| | | =>
CAS_Client::_readURL('https://myserver.mydomain.unf.edu/login/samlValidate?TARGET=https%3A%2F%2Fflorida.erezlife.com%2Funf_staging%2Fone.php%3Foutputter%3DloginManager%26purpose%3Dlogin',
NULL, NULL, NULL) [Client.php:1748]
FD8A .| | | | => CAS_Client::_buildSAMLPayload() [Client.php:2432]
FD8A .| | | | <= '<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1"
MinorVersion="1" RequestID="_192.168.16.51.1024506224022"
IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-2-rfP6EGq4tZpwUyVgSYnf-myserver.mydomain.unf.edu</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>'
FD8A .| | | | => CAS_Request_CurlRequest::sendRequest()
[AbstractRequest.php:218]
FD8A .| | | | | CURL: Set CURLOPT_CAINFO [CurlRequest.php:123]
FD8A .| | | | | Response Body:
FD8A .| | | | | <Should have
attributes here>
FD8A .| | | | | [CurlRequest.php:82]
FD8A .| | | | <= true
FD8A .| | | <= true
FD8A .| | | server version: S1 [Client.php:1753]
FD8A .| | | dom->loadXML() failed [Client.php:1764]
FD8A .| | | => CAS_AuthenticationException::__construct(CAS_Client,
'SA not validated',
'https://myserver.mydomain.unf.edu/login/samlValidate?TARGET=https%3A%2F%2Fflorida.erezlife.com%2Funf_staging%2Fone.php%3Foutputter%3DloginManager%26purpose%3Dlogin',
false, true, '') [Client.php:1769]
FD8A .| | | | => CAS_Client::getURL()
[AuthenticationException.php:76]
FD8A .| | | | <=
'https://florida.erezlife.com/unf_staging/one.php?outputter=loginManager&purpose=login'
FD8A .| | | | CAS URL:
https://myserver.mydomain.unf.edu/login/samlValidate?TARGET=https%3A%2F%2Fflorida.erezlife.com%2Funf_staging%2Fone.php%3Foutputter%3DloginManager%26purpose%3Dlogin
[AuthenticationException.php:79]
FD8A .| | | | Authentication failure: SA not validated
[AuthenticationException.php:80]
FD8A .| | | | Reason: bad response from the CAS server
[AuthenticationException.php:85]
FD8A .| | | | CAS response: [AuthenticationException.php:100]
FD8A .| | | | exit()
FD8A .| | | | -
FD8A .| | | -
FD8A .| | -
FD8A .|
------Original Message-----
From: Marvin S. Addison [mailto:[email protected]]
Sent: Thursday, April 25, 2013 3:49 PM
To: [email protected]
Subject: Re: [cas-user] CAS Server Sending Empty Response Body
> The vendor has reported that they are
> getting an empty response body where they should be getting the SOAP
> envelope containing attributes, etc.
We need some log information to troubleshoot. A common cause of no attributes
is not authorizing the service to access CAS via the service manager
components. The response body would not be empty in that case, though. It could
be a ticket validation error; that would certainly not produce a SAML attribute
statement. Logs will help us say further. I would imagine phpCAS logs on the
client would be more meaningful, but server logs may provide some insight as
well.
> I have tried adding the foreach loop as outlined in the wiki here:
> https://wiki.jasig.org/display/CASUM/Attributes with no success.
That's somewhat confusing. The paragraph you're referring to discusses how to
send attributes via a customization to the CAS 2.0 XML protocol.
That has no effect on tickets validated at /samlValidate, which is what sends a
SAML 1.1 assertion.
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
