Dear Master,
please your solution about my error.
i dont khow where is the problem about my ssl cert.
I make it by keytool command. the keystone for CAS server and pem file for
CAS client.
please your help master.
_____________________________________________________________________________________________________________________________________
Log File :
------------------------------
B4B0 .START phpCAS-1.3.3 ****************** [CAS.php:440]
B4B0 .=> phpCAS::client('2.0', '10.0.12.81', 8443, '') [index.php:26]
B4B0 .| => CAS_Client::__construct('2.0', false, '10.0.12.81', 8443, '',
true) [CAS.php:342]
B4B0 .| | Starting a new session pgs43b7b91du7aihq0hn9aim37 [Client.php:906]
B4B0 .| <= ''
B4B0 .<= ''
B4B0 .=> phpCAS::setExtraCurlOption(41, true) [index.php:28]
B4B0 .<= ''
B4B0 .=> phpCAS::setCasServerCACert('cas-server.pem') [index.php:33]
B4B0 .<= ''
B4B0 .=> phpCAS::forceAuthentication() [index.php:43]
B4B0 .| => CAS_Client::forceAuthentication() [CAS.php:1017]
B4B0 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
B4B0 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
B4B0 .| | | | no user found [Client.php:1592]
B4B0 .| | | <= false
B4B0 .| | | no ticket found [Client.php:1453]
B4B0 .| | <= false
B4B0 .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
B4B0 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
B4B0 .| | | | => CAS_Client::getURL() [Client.php:342]
B4B0 .| | | | | Final URI: http://localhost/demo/ta/cas5/ [Client.php:3466]
B4B0 .| | | | <= 'http://localhost/demo/ta/cas5/'
B4B0 .| | | <= '
https://10.0.12.81:8443/login?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F
'
B4B0 .| | | Redirect to :
https://10.0.12.81:8443/login?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F
[Client.php:1620]
B4B0 .| | | exit()
B4B0 .| | | -
B4B0 .| | -
B4B0 .| -
2A59 .START phpCAS-1.3.3 ****************** [CAS.php:440]
2A59 .=> phpCAS::client('2.0', '10.0.12.81', 8443, '') [index.php:26]
2A59 .| => CAS_Client::__construct('2.0', false, '10.0.12.81', 8443, '',
true) [CAS.php:342]
2A59 .| | Starting a new session pgs43b7b91du7aihq0hn9aim37 [Client.php:906]
2A59 .| | Ticket 'ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id' found
[Client.php:988]
2A59 .| <= ''
2A59 .<= ''
2A59 .=> phpCAS::setExtraCurlOption(41, true) [index.php:28]
2A59 .<= ''
2A59 .=> phpCAS::setCasServerCACert('cas-server.pem') [index.php:33]
2A59 .<= ''
2A59 .=> phpCAS::forceAuthentication() [index.php:43]
2A59 .| => CAS_Client::forceAuthentication() [CAS.php:1017]
2A59 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
2A59 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
2A59 .| | | | no user found [Client.php:1592]
2A59 .| | | <= false
2A59 .| | | CAS 2.0 ticket `ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id'
is present [Client.php:1406]
2A59 .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409]
2A59 .| | | | [Client.php:3101]
2A59 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108]
2A59 .| | | | | => CAS_Client::getURL() [Client.php:453]
2A59 .| | | | | | Final URI: http://localhost/demo/ta/cas5/
[Client.php:3466]
2A59 .| | | | | <= 'http://localhost/demo/ta/cas5/'
2A59 .| | | | <= '
https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F
'
2A59 .| | | | => CAS_Client::_readURL('
https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id',
NULL, NULL, NULL) [Client.php:3118]
2A59 .| | | | | => CAS_Request_CurlRequest::sendRequest()
[AbstractRequest.php:242]
2A59 .| | | | | | CURL: Set CURLOPT_CAINFO cas-server.pem
[CurlRequest.php:135]
2A59 .| | | | | | curl_exec() failed [CurlRequest.php:77]
2A59 .| | | | | <= false
2A59 .| | | | <= false
2A59 .| | | | could not open URL '
https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id'
to validate (CURL error #77 <https://github.com/Jasig/phpCAS/pull/77>:
error setting certificate verify locations:
2A59 .| | | | CAfile: cas-server.pem
2A59 .| | | | CApath: none) [Client.php:3121]
2A59 .| | | | => CAS_AuthenticationException::__construct(CAS_Client,
'Ticket not validated', '
https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id',
true) [Client.php:3125]
2A59 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
2A59 .| | | | | <= 'http://localhost/demo/ta/cas5/'
2A59 .| | | | | CAS URL:
https://10.0.12.81:8443/serviceValidate?service=http%3A%2F%2Flocalhost%2Fdemo%2Fta%2Fcas5%2F&ticket=ST-16-1KRXCdvZsaTaJRBf5a9B-cas.poliupg.ac.id
[AuthenticationException.php:79]
2A59 .| | | | | Authentication failure: Ticket not validated
[AuthenticationException.php:80]
2A59 .| | | | | Reason: no response from the CAS server
[AuthenticationException.php:82]
2A59 .| | | | | exit()
2A59 .| | | | | -
2A59 .| | | | -
2A59 .| | | -
2A59 .| | -
2A59 .| -
------------------------------
My Keytool Command :
------------------------------
keytool -genkey -alias cas-server -validity 7000 -keyalg RSA -keypass
changeit -storepass changeit -keystore cas-server.keystore
keytool -export -alias cas-server -keypass changeit -file cas-server.crt
-keystore cas-server.keystore -storepass changeit
keytool -import -file cas-server.crt -alias cas-server -keypass changeit
-keystore ...\jre\lib\security\cacerts -storepass changeit
keytool -exportcert -alias cas-server -keypass changeit -keystore
cas.keystore -storepass changeit -file cas-server.der
keytool -exportcert -alias cas-server -keypass changeit keystore
cas-server.keystore -storepass changeit -rfc -file cas-server.pem
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=ANDIZULFADLI, OU=ITCENTER, O=PNUP, L=MKS, ST=SULSEL, C=IN correct?
------------------------------
in my phpCAS Script
------------------------------
$cas_server_ca_cert_path = 'cas-server.pem';
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
------------------------------
My Tomcat SSL Configuration
------------------------------
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/usr/lib/jvm/java-6-openjdk/bin/cas-server.keystore"
keystorePass="changeit" truststoreFile="/etc/ssl/certs/java/cacerts" />
------------------------------
Thank you very much for your help and good response.
Thank you.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
