Hi all, i have a php application running inside an apache webserver and authenticating through phpCAS 0.6.0-RC5 to a cas server 3.0. Sometimes when I use the php application I get this error:
CAS Authentication failed! You were not authenticated. You may submit your request again by clicking here. If the problem persists, you may contact the administrator of this site. phpCAS 0.6.0-RC5 using server https://portale.inca.it:443/cas/ (CAS 2.0) If I reload the page or hit the back button I can continue using the app without really needing to re-authenticate, because the browser still has the TGT ticket and it's not expired. I've noticed that as soon as phpCAS ask the cas server a ticket, this happens: 2007-10-23 13:56:32,147 DEBUG [ org.jasig.cas.ticket.registry.JBossCacheTicketRegistry] - <Retrieving ticket from registry for: TGT-19-FKqcgYBbhqoIyaUmoWqaJ7qHpM7EaCtTQY1-inca-portal2.inca.it> 2007-10-23 13:56:32,148 DEBUG [ org.jasig.cas.ticket.registry.JBossCacheTicketRegistry] - <Adding ticket to registry for: ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it > 2007-10-23 13:56:32,149 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it] for service [https://portale.inca.it/incadoc/index.php] for user [EMAIL PROTECTED]> 2007-10-23 13:56:32,149 DEBUG [ org.jasig.cas.web.flow.GenerateServiceTicketAction] - <Action 'GenerateServiceTicketAction' completed execution; result is 'success'> 2007-10-23 13:56:32,149 DEBUG [org.jasig.cas.web.flow.WarnAction] - <Action 'WarnAction' beginning execution> 2007-10-23 13:56:32,149 DEBUG [org.jasig.cas.web.flow.WarnAction] - <Action 'WarnAction' completed execution; result is 'redirect'> 2007-10-23 13:56:35,145 DEBUG [ org.jasig.cas.ticket.registry.JBossCacheTicketRegistry] - <Retrieving ticket from registry for: ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it> 2007-10-23 13:56:35,145 DEBUG [ org.jasig.cas.ticket.registry.JBossCacheTicketRegistry] - <Removing ticket from registry for: ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it> So, cas gives me the ST (ST-42), and then immediately removes this ticket from the registry. My succeeding GETs still use the same ticket in the URL, and the phpCAS.log show this: 169E .START ****************** [CAS.php:398] 169E .=> phpCAS::client('2.0', 'portale.inca.it', 443, '/cas') [auth.inc.php :38] 169E .| => CASClient::CASClient('2.0', false, 'portale.inca.it', 443, '/cas', true) [CAS.php:299] 169E .| | ST or PT ' ST-42-c9Wbi41ncdJedyc5llqGd7x2urdDgAgSr4R-inca-portal1.inca.it' found [ client.php:555] 169E .| <= '' 169E .<= '' 169E .=> phpCAS::forceAuthentication() [auth.inc.php:43] 169E .| => CASClient::forceAuthentication() [CAS.php:895] 169E .| | => CASClient::isAuthenticated() [client.php:627] 169E .| | | => CASClient::wasPreviouslyAuthenticated() [client.php :730] 169E .| | | | no user found [client.php:834] 169E .| | | <= false 169E .| | | PT `ST- 42-c9Wbi41ncdJedyc5llqGd7x2urdDgAgSr4R-inca-portal1.inca.it' is present [ client.php:751] 169E .| | | => CASClient::validatePT('', NULL, NULL) [client.php :752] 169E .| | | | => CASClient::getURL() [client.php:390] 169E .| | | | <= 'https://portale.inca.it/incadoc/index.php' 169E .| | | | => CASClient::readURL(' https://portale.inca.it:443/cas/proxyValidate?service=https%3A%2F%2Fportale.inca.it%2Fincadoc%2Findex.php&ticket=ST-42-c9Wbi41ncdJedyc5llqGd7x2urdDgAgSr4R-inca-portal1.inca.it', '', NULL, NULL, NULL) [client.php:1852] 169E .| | | | <= true 169E .| | | <= true 169E .| | | PT `ST- 42-c9Wbi41ncdJedyc5llqGd7x2urdDgAgSr4R-inca-portal1.inca.it' was validated [ client.php:753] 169E .| | <= true 169E .| | no need to authenticate [client.php:629] 169E .| <= true 169E .| no need to authenticate (user [EMAIL PROTECTED]' is already authenticated) [CAS.php:909] 169E .<= '' but at a certain moment which I can't sistematically reproduce, I have this in the phpCAS.log: A404 .START ****************** [CAS.php:398] A404 .=> phpCAS::client('2.0', 'portale.inca.it', 443, '/cas') [auth.inc.php :40] A404 .| => CASClient::CASClient('2.0', false, 'portale.inca.it', 443, '/cas', true) [CAS.php:299] A404 .| | ST or PT ' ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it' found [ client.php:557] A404 .| <= '' A404 .<= '' A404 .=> phpCAS::setNoCasServerValidation() [auth.inc.php:44] A404 .<= '' A404 .=> phpCAS::forceAuthentication() [auth.inc.php:46] A404 .| => CASClient::forceAuthentication() [CAS.php:897] A404 .| | => CASClient::isAuthenticated() [client.php:629] A404 .| | | => CASClient::wasPreviouslyAuthenticated() [client.php :732] A404 .| | | | Non sono un proxy... sono un client [client.php :830] A404 .| | | | no user found [client.php:838] A404 .| | | <= false A404 .| | | PT `ST- 42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it' is present [ client.php:753] A404 .| | | => CASClient::validatePT('', NULL, NULL) [client.php :754] A404 .| | | | => CASClient::getURL() [client.php:392] A404 .| | | | <= 'https://portale.inca.it/incadoc/index.php' A404 .| | | | => CASClient::readURL(' https://portale.inca.it:443/cas/proxyValidate?service=https%3A%2F%2Fportale.inca.it%2Fincadoc%2Findex.php&ticket=ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it', '', NULL, NULL, NULL) [client.php:1920] A404 .| | | | <= true A404 .| | | | => CASClient::authError('PT not validated', ' https://portale.inca.it:443/cas/proxyValidate?service=https%3A%2F%2Fportale.inca.it%2Fincadoc%2Findex.php&ticket=ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it', false, false, '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'>^M <cas:authenticationFailure code=\'INVALID_TICKET\'>^M Il ticket \'ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it\' non è stato riconosciuto^M </cas:authenticationFailure>^M</cas:serviceResponse>', 'INVALID_TICKET', 'Il ticket \'ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-tal2.inca.it\' non è stato riconosciuto') [client.php:1974] A404 .| | | | | => CASClient::getURL() [client.php:2105] A404 .| | | | | <= 'https://portale.inca.it/incadoc/index.php ' A404 .| | | | | CAS URL: https://portale.inca.it:443/cas/proxyValidate?service=https%3A%2F%2Fportale.inca.it%2Fincadoc%2Findex.php&ticket=ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it[ client.php:2106] A404 .| | | | | Authentication failure: PT not validated [ client.php:2107] A404 .| | | | | Reason: [INVALID_TICKET] CAS error: Il ticket 'ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it' non è stato osciuto [client.php:2122] A404 .| | | | | CAS response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>^M <cas:authenticationFailure code='INVALID_TICKET'>^M Il ticket ' ST-42-DNoseFna6V6uVLX3yjug4RzcvF556xFDXjU-inca-portal2.inca.it' non è stato riconosciuto^M </cas:authenticationFailure>^M </cas:serviceResponse> [client.php:2126] A404 .| | | | | exit() A404 .| | | | | - A404 .| | | | - A404 .| | | - A404 .| | - A404 .| - saying that the ST is no longer valid for the service, and so I get the error. After a refresh or so, i got a new ST ticket from CAS and this work until I get the error again. Any help? -- Claudio Tassini
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
