Hi,
So I followed the instructions on the wiki for attribute release on CAS 2
protocol adding the entries below to the casServiceValidationSuccess.jsp
<cas:attributes>
<c:forEach var="auth" items="${assertion.chainedAuthentications}">
<c:forEach var="attr" items="${auth.principal.attributes}" >
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
</c:forEach>
</c:forEach>
</cas:attributes>
It seems to work for the outside vendor but when I try to use it with phpcas
1.3.2 I get a 'Ticket not validated' error. Has anybody encountered this issue
with CAS 2 protocol. I see the attributes being released in the debug log but
it fails authentication because it can't finish validating the ticket. Saml1
works just fine with no problem, I'm trying this on CAS 3.4.7. I have an
install of CAS 3.6.0 but I have not tried it on that installation.
Any help is appreciated.
Thanks!
___________________
Juan Quintanilla
UTS - Enterprise Group
305-348-6573
[email protected]
________________________________________
From: Juan Quintanilla <[email protected]>
Sent: Wednesday, August 26, 2015 2:15 PM
To: [email protected]
Subject: Re: [cas-user] CAS 2 protocol ticket validation issue
Thanks, we reverted one the files on the cas server back to the default
"casServiceValidationSuccess.jsp" it was modified to pass attributes back to
the client. One of our vendors was requiring cas2 protocol with attributes and
it seemed to work for them but it does not seem to work with the phpcas client.
The changes that I added were:
+ <cas:attributes>
+<c:forEach var="auth" items="${assertion.chainedAuthentications}">
+<c:forEach var="attr" items="${auth.principal.attributes}">
+
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>
+</c:forEach>
+</c:forEach>
+ </cas:attributes>
When I removed those changes I was able to authenticate again on the phpcas
client. In the logs I see that its passing the attributes but it just fails on
the ticket validation. Has anybody had success with passing attributes using
the CAS 2 protocol?
Thanks!
___________________
Juan Quintanilla
UTS - Enterprise Group
305-348-6573
[email protected]
________________________________________
From: Waldbieser, Carl <[email protected]>
Sent: Wednesday, August 26, 2015 2:09 PM
To: [email protected]
Subject: Re: [cas-user] CAS 2 protocol ticket validation issue
I forget whether the PHP CAS client DEBUG mode has a setting where you can see
the raw response. That would be the thing to see.
Otherwise, you make a cURL request with a valid TGC cookie to request an ST.
Once you have it, you can make a second cURL request to validate it and see the
response.
If your ST lifetimes are faily quick, you can do this by having the 2nd command
ready to go in another terminal an quickly pasting in the result.
Alternatively, you can have some kind of script parse the ST from the first
result and immediately execute the 2nd cURL.
Thanks,
Carl Waldbieser
ITS Systems Programmer
Lafayette College
----- Original Message -----
From: "Juan Quintanilla" <[email protected]>
To: "cas-user" <[email protected]>
Sent: Wednesday, August 26, 2015 1:42:10 PM
Subject: [cas-user] CAS 2 protocol ticket validation issue
Hi,
I'm running into an issue with ticketvalidation when using the cas2.0 protocol.
The client is phpcas 1.3.2, when I use the saml1 protocol no problem what so
ever but when I switch to the cas 2.0 protocol I encounter the following error:
4D11 .| | | | =>
CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated',
'https://urldefense.proofpoint.com/v2/url?u=https-3A__hostname_cas_login_serviceValidate-3Fservice-3Dhttp-253A-252F-252Foestest-252Fcastest-252Fsimple-5Flogin.php-26ticket-3DST-2D23-2DAfzljX3nI9TSddUCgISF-2Dhostname&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=kK2xzLnaaqqcQnLZcGKwJ9LPII9lKu93zyvWlRBbSHg&e=
', false, true, '') [Client.php:2783]
4D11 .| | | | | => CAS_Client::getURL()
[AuthenticationException.php:76]
4D11 .| | | | | <=
'http://oestest.fiu.edu/castest/simple_login.php'
4D11 .| | | | | CAS URL:
https://urldefense.proofpoint.com/v2/url?u=https-3A__hostname_cas_login_serviceValidate-3Fservice-3Dhttp-253A-252F-252Foestest-252Fcastest-252Fsimple-5Flogin.php-26ticket-3DST-2D23-2DAfzljX3nI9TSddUCgISF-2Dhostname&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=kK2xzLnaaqqcQnLZcGKwJ9LPII9lKu93zyvWlRBbSHg&e=
[AuthenticationException.php:79]
4D11 .| | | | | Authentication failure: Ticket not validated
[AuthenticationException.php:80]
4D11 .| | | | | Reason: bad response from the CAS server
[AuthenticationException.php:85]
So wondering if anybody has encountered the problem, I'm running cas 3.4.7.
what logs can I enable on the server side to get more details about why it
might be failing validation.
Thanks!
___________________
Juan Quintanilla
UTS - Enterprise Group
305-348-6573
[email protected]<mailto:[email protected]>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duser&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=Gv-Kvgv4gBTxKFLdTRQgiazUp-CgbJC2PMJjRMgFF-Y&e=
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duser&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=XxkIzjIoqjHkRHVjE1q9LjVtIsLhHDseNg4fNtAR0v8&s=Gv-Kvgv4gBTxKFLdTRQgiazUp-CgbJC2PMJjRMgFF-Y&e=
--
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.ja-2Dsig.org_wiki_display_JSG_cas-2Duser&d=AwICAg&c=1QsCMERiq7JOmEnKpsSyjg&r=NauC5-J1X4CCd25sdSxQCA&m=GDcdLiwSBvCNwsV0FV3lCfR3X7GwIHmXwfpx6eYitDo&s=ROahb8-IbdF0itvOIP1t5FIXfIpXRrs5-DTFEAAPXtY&e=
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
