Hi All, I'm hoping you can help me with a problem. I'm new to CAS and PHP, learning all of this so that I can manage clients onto CAS. I am a seasoned Java/Enterprise Web Developer though, so not a complete novice.
I'm setting up CAS on development server using phpCAS Details about my system: PHP version 5.5 (installed from source using: --prefix=/opt/apache --with-apxs2=/opt/apache/bin/apxs --with-curl --with-openssl --with-dom --with-zlib) Apache version 2.4 Linux 2.6.32-220.13.1.el6.x86_64 x86_64 CAS Package obtained from here: https://confluence.id.ubc.ca:8443/download/attachments/36187758/ubc_cas_pkg.tar.gz?version=1&modificationDate=1369547200000 My index.php (where the call fails from): <?php // Load the settings from the central config file // Place this files in the server root or list the paths require_once 'config.php'; // Load the CAS lib require_once $phpcas_path . '/CAS.php'; // Uncomment to enable debugging phpCAS::setDebug(); // Initialize phpCAS // These values are set in 'config.php' phpCAS::client(SAML_VERSION_1_1, $cas_host, $cas_port, $cas_context); // For production use set the CA certificate that is the issuer of the cert // on the CAS server and uncomment the line below phpCAS::setCasServerCACert($cas_server_ca_cert_path); // Not to be used at the University of British Columbia // phpCAS::setNoCasServerValidation(); // Handle SAML logout requests that emanate from the CAS host exclusively. // Failure to restrict SAML logout requests to authorized hosts could // allow denial of service attacks where at the least the server is // tied up parsing bogus XML messages. phpCAS::handleLogoutRequests(true, $cas_real_hosts); // Force CAS authentication on any page that includes this file phpCAS::forceAuthentication(); // Some small code triggered by the logout button if (isset($_REQUEST['logout'])) { phpCAS::logout(); } ?> <html> <head> <title>Sample PHP CAS Client - The University of Britsih Columbia</title> </head> <body> <h2>CWL Account Attributes for the Authenticated Account</h2> <?php require 'script_info.php' ?> CWL login of account authenticated: <strong><?php echo phpCAS::getUser(); ?></strong>. <h3>CWL Account Attributes</h3> <ul> <?php foreach (phpCAS::getAttributes() as $key => $value) { if (is_array($value)) { echo '<li>', $key, ':<ol>'; foreach ($value as $item) { echo '<li><strong>', $item, '</strong></li>'; } echo '</ol></li>'; } else { echo '<li>', $key, ': <strong>', $value, '</strong></li>' . PHP_EOL; } } ?> </ul> <p><a href="?logout=">Logout</a></p> </body> </html> Note: I know that I have a userId and password setup on our CAS server (tried it elsewhere and works). Accessing my server via: https://<servername>/index.php,<https://%3cserver%3e/index.php,> and entering my login id and password, I get the following: CAS Authentication failed! You were not authenticated. You may submit your request again by clicking here<https://int2-cas.id-dev.ubc.ca/>. If the problem persists, you may contact the administrator of this site<mailto:[email protected]>. ________________________________ phpCAS 1.3.2 using server https://cas.id-dev.ubc.ca/ubc-cas/ (CAS S1) Fatal error: Uncaught exception 'CAS_AuthenticationException' in /var/www/html/testcas2/CAS/Client.php:1761 Stack trace: #0 /var/www/html/testcas2/CAS/Client.php(1245): CAS_Client->validateSA('https://cas.id-...', '', NULL) #1 /var/www/html/testcas2/CAS/Client.php(1083): CAS_Client->isAuthenticated() #2 /var/www/html/testcas2/CAS.php(1101): CAS_Client->forceAuthentication() #3 /var/www/html/testcas2/index.php(46): phpCAS::forceAuthentication() #4 {main} thrown in /var/www/html/testcas2/CAS/Client.php on line 1761 _________________________________________ Neelam Haer Identity and Access Management Information Technology | Engage. Envision. Enable. The University of British Columbia Web: www.it.ubc.ca<http://www.it.ubc.ca/> _________________________________________ Neelam Haer Identity and Access Management Information Technology | Engage. Envision. Enable. The University of British Columbia Web: www.it.ubc.ca<http://www.it.ubc.ca/> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
