I’m using phpCAS client from a zend php app that lives on a http server. Https is not possible at this time
(CAS lives on another server, using https with no problems) The issue is when php cas client redirects to cas, it is appending service=https://etcetc rather than service=http://etcetc Have I missed a configuration somewhere? Furthermore When I manually edit the browser address bar for the service to read http:// (instead of https) and then login via CAS successfully, I am redirected back just fine, but then phpCAS says: CAS Authentication failed! You were not authenticated. I wonder if it has to do with our network topology. I am noticing in cas.log the final client ip address is different… Cas.log: 2015-06-05 19:56:49,656 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: supplied credentials: [[email protected]+password] ACTION: AUTHENTICATION_SUCCESS APPLICATION: CAS WHEN: Fri Jun 05 19:56:49 UTC 2015 CLIENT IP ADDRESS: 10.6.1.108 SERVER IP ADDRESS: 10.30.3.54 ============================================================= > 2015-06-05 19:56:49,657 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: TGT-8-YHiU4X5nCIjtGFt5xdwIQB19njsm9IPisKXV2vUpYIYce4e9NM-cas.bigdev ACTION: TICKET_GRANTING_TICKET_CREATED APPLICATION: CAS WHEN: Fri Jun 05 19:56:49 UTC 2015 CLIENT IP ADDRESS: 10.6.1.108 SERVER IP ADDRESS: 10.30.3.54 ============================================================= > 2015-06-05 19:56:49,657 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-8-74yrzbxhWKj9Q6nsqnGg-cas.bigdev] for service [http://zendserver:10094/index.php/MyCoolApp] for user [[email protected]]> 2015-06-05 19:56:49,657 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: [email protected] WHAT: ST-8-74yrzbxhWKj9Q6nsqnGg-cas.bigdev for http://zendserver:10094/index.php/MyCoolApp ACTION: SERVICE_TICKET_CREATED APPLICATION: CAS WHEN: Fri Jun 05 19:56:49 UTC 2015 CLIENT IP ADDRESS: 10.6.1.108 SERVER IP ADDRESS: 10.30.3.54 ============================================================= > 2015-06-05 19:56:49,832 ERROR [org.jasig.cas.CentralAuthenticationServiceImpl] - <ServiceTicket [ST-8-74yrzbxhWKj9Q6nsqnGg-cas.bigdev] with service [http://zendserver:10094/index.php/MyCoolApp] does not match supplied service [https://zendserver:10094/index.php/MyCoolApp]> 2015-06-05 19:56:49,832 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: ST-8-74yrzbxhWKj9Q6nsqnGg-cas.bigdev ACTION: SERVICE_TICKET_VALIDATE_FAILED APPLICATION: CAS WHEN: Fri Jun 05 19:56:49 UTC 2015 CLIENT IP ADDRESS: 10.2.3.7 SERVER IP ADDRESS: 10.30.3.54 ============================================================= > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
