Re: [cas-user] CAS 2 protocol ticket validation issue

[Juan Quintanilla]

Thanks, we reverted one the files on the cas server back to the default 
"casServiceValidationSuccess.jsp" it was modified to pass attributes back to 
the client. One of our vendors was requiring cas2 protocol with attributes and 
it seemed to work for them but it does not seem to work with the phpcas client. 
 The changes that I added were:

+    <cas:attributes>
+<c:forEach var="auth" items="${assertion.chainedAuthentications}">
+<c:forEach var="attr" items="${auth.principal.attributes}">
+    
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
+</c:forEach>
+</c:forEach>
+    </cas:attributes>


When I removed those changes I was able to authenticate again on the phpcas 
client.  In the logs I see that its passing the attributes but it just fails on 
the ticket validation.  Has anybody had success with passing attributes using 
the CAS 2 protocol?

Thanks!


___________________
Juan Quintanilla
UTS - Enterprise Group
305-348-6573
jquin...@fiu.edu
________________________________________
From: Waldbieser, Carl <waldb...@lafayette.edu>
Sent: Wednesday, August 26, 2015 2:09 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] CAS 2 protocol ticket validation issue

I forget whether the PHP CAS client DEBUG mode has a setting where you can see 
the raw response.  That would be the thing to see.
Otherwise, you make a cURL request with a valid TGC cookie to request an ST.  
Once you have it, you can make a second cURL request to validate it and see the 
response.
If your ST lifetimes are faily quick, you can do this by having the 2nd command 
ready to go in another terminal an quickly pasting in the result.

Alternatively, you can have some kind of script parse the ST from the first 
result and immediately execute the 2nd cURL.

Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College

----- Original Message -----
From: "Juan Quintanilla" <jquin...@fiu.edu>
To: "cas-user" <cas-user@lists.jasig.org>
Sent: Wednesday, August 26, 2015 1:42:10 PM
Subject: [cas-user] CAS 2 protocol ticket validation issue

Hi,


I'm running into an issue with ticketvalidation when using the cas2.0 protocol. 
 The client is phpcas 1.3.2, when I use the saml1 protocol no problem what so 
ever but when I switch to the cas 2.0 protocol I encounter the following error:


4D11 .|    |    |    |    => 
CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 
'https://urldefense.proofpoint.com/v2/url?u=https-3A__hostname_cas_login_serviceValidate-3Fservice-3Dhttp-253A-252F-252Foestest-252Fcastest-252Fsimple-5Flogin.php-26ticket-3DST-2D23-2DAfzljX3nI9TSddUCgISF-2Dhostname&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=kK2xzLnaaqqcQnLZcGKwJ9LPII9lKu93zyvWlRBbSHg&e=
 ', false, true, '') [Client.php:2783]
4D11 .|    |    |    |    |    => CAS_Client::getURL() 
[AuthenticationException.php:76]
4D11 .|    |    |    |    |    <= 
'http://oestest.fiu.edu/castest/simple_login.php'
4D11 .|    |    |    |    |    CAS URL: 
https://urldefense.proofpoint.com/v2/url?u=https-3A__hostname_cas_login_serviceValidate-3Fservice-3Dhttp-253A-252F-252Foestest-252Fcastest-252Fsimple-5Flogin.php-26ticket-3DST-2D23-2DAfzljX3nI9TSddUCgISF-2Dhostname&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=kK2xzLnaaqqcQnLZcGKwJ9LPII9lKu93zyvWlRBbSHg&e=
  [AuthenticationException.php:79]
4D11 .|    |    |    |    |    Authentication failure: Ticket not validated 
[AuthenticationException.php:80]
4D11 .|    |    |    |    |    Reason: bad response from the CAS server 
[AuthenticationException.php:85]


So wondering if anybody has encountered the problem, I'm running cas 3.4.7. 
what logs can I enable on the server side to get more details about why it 
might be failing validation.

Thanks!

___________________
Juan Quintanilla
UTS - Enterprise Group
305-348-6573
jquin...@fiu.edu<mailto:jquin...@fiu.edu>

--
You are currently subscribed to cas-user@lists.jasig.org as: 
waldb...@lafayette.edu
To unsubscribe, change settings or access archives, see 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duser&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=Gv-Kvgv4gBTxKFLdTRQgiazUp-CgbJC2PMJjRMgFF-Y&e=

--
You are currently subscribed to cas-user@lists.jasig.org as: jquin...@fiu.edu
To unsubscribe, change settings or access archives, see 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duser&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=Gv-Kvgv4gBTxKFLdTRQgiazUp-CgbJC2PMJjRMgFF-Y&e=

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user