dfwarden / roundcube-cas-authn Goto Github PK
View Code? Open in Web Editor NEWAdditional login path for Roundcube, goes against CAS server.
Additional login path for Roundcube, goes against CAS server.
If you aren't sure what CAS is, check out: http://www.jasig.org/cas This is a fork of Alex Li's cas_authentication plugin. (http://code.google.com/p/rc-cas-plugin) We share some of the same config names so we should not be run together. The main differences are: - This plugin should work with stock Roundcube 0.6+ - This plugin can be configured to not force all users to have to use CAS - This plugin supports using a CAS proxy ticket for SMTP authn This plugin has been tested and works with the following: - Roundcube 0.6-0.8 - RHEL (specifically, Oracle Enterprise Linux) 6.1-6.2 x64 - DEBIAN Squeeze 2.6.26 x64 - JASIG CAS 3.3.2, 3.4.11, 3.4.14 (http://www.jasig.org/cas) - pam_cas (https://sourcesup.cru.fr/frs/?group_id=213, Pam_cas-2.0.11-esup-2.0.5.tar.gz) - phpCAS 1.3.x - There was a function signature change between 1.2.x and 1.3.x! Please use 1.3.x - up-imapproxy 1.2.7 (http://www.imapproxy.org) - Dovecot 2.0.13 (http://dovecot.org) Setup is very similar to most Roundcube plugins. Copy cas_authn to your Roundcube plugin directory. Then, copy config.inc.php.dist to config.inc.php, edit for your environment, and activate the plugin. Some things to be aware of: - This plugin assumes your IMAP server can authenticate (a) CAS proxy tickets (if cas_proxy is true) - or - (b) any user using the "master" password (if cas_proxy is false and cas_imap_password is set). For (a), the most common way to do this is with pam_cas. See http://www.esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_pam.html for help configuring and testing that. (It is in French, but Google Translate does a good job.) - If cas_proxy is true and Roundcube is set to authenticate to SMTP, this plugin will generate a PT for your SMTP service and send that to the SMTP server. As with IMAP, you should test this via telnet to make sure your SMTP server is validating CAS tickets. - If you are running Roundcube on multiple servers behind a load balancer and cas_proxy is true, your PGTIOU storage must be shared; when the CAS server does the PGT callback there is no guarantee (unless you do something special) that it will hit the same host the user is on. And if you're not sure what "PGT callback" is, check out https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough especially the PDF linked at the bottom.
Hi dfwarden,
I had an issue related to the first process of CAS Client while validating ST. It was the fact that curl could not open the url responsed by CAS Server while verifying SSL Certificate of CAS Server (using CA Certs). The main logs said that:
...
D367 .| | | | => CAS_Client::_readURL('https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118]
D367 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
D367 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/obm/certs/cas_server_certs.pem [CurlRequest.php:129]
D367 .| | | | | | curl_exec() failed [CurlRequest.php:77]
D367 .| | | | | <= false
D367 .| | | | <= false
D367 .| | | | could not open URL 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:3121]
D367 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', true) [Client.php:3125]
D367 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
D367 .| | | | | <= 'https://mailobm.openroad.vn/webmail/?_action=caslogin'
D367 .| | | | | CAS URL: https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback [AuthenticationException.php:79]
D367 .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:80]
D367 .| | | | | Reason: no response from the CAS server [AuthenticationException.php:82]
D367 .| | | | | exit()
...
P.S. Our testing environment:
Any suggestions for me? Thanks.
Hi all,
I've got a problem when trying to move to production RC1.1.1 with this CAS plugin. What has happened until now it is that everytime I wanted to test my changes, I was clearing the cache of my web browser and then testing the modifications, which was good. But now that I've done a pre-released, the users have complained because they were getting :
CAS Authentication failed!You were not authenticated.You may submit your request again by clicking here.If the problem persists, you may contact the administrator of this site.
phpCAS 1.3.3 using server https://cas.mydomain.es/cas/ (CAS 2.0)
I assume that this is due them to have a valid cookie in their browser already loaded, because if I clear the cache, everthing works as expected, it takes nearly 18 seconds to show the page, but it is not so bad. I am pasting a trace(good one):
EC7B .START phpCAS-1.3.3 ****************** [CAS.php:438]
EC7B .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
EC7B .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
EC7B .| | Starting a new session c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:906]
EC7B .| <= ''
EC7B .<= ''
EC7B .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
EC7B .<= ''
EC7B .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
EC7B .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
EC7B .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
EC7B .| | <= ''
EC7B .| <= ''
EC7B .<= ''
EC7B .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
EC7B .<= ''
EC7B .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
EC7B .<= ''
EC7B .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
EC7B .<= ''
EC7B .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
EC7B .<= ''
EC7B .=> phpCAS::forceAuthentication() [cas_authn.php:103]
EC7B .| => CAS_Client::forceAuthentication() [CAS.php:1015]
EC7B .| | => CAS_Client::isAuthenticated() [Client.php:1245]
EC7B .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
EC7B .| | | | neither user nor PGT found [Client.php:1569]
EC7B .| | | <= false
EC7B .| | | no ticket found [Client.php:1453]
EC7B .| | <= false
EC7B .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
EC7B .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
EC7B .| | | | => CAS_Client::getURL() [Client.php:342]
EC7B .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
EC7B .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
EC7B .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
EC7B .| | | exit()
EC7B .| | | -
EC7B .| | -
EC7B .| -
213B .START phpCAS-1.3.3 ****************** [CAS.php:438]
213B .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
213B .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
213B .| | Starting a new session c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:906]
213B .| | Ticket 'ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' found [Client.php:988]
213B .| <= ''
213B .<= ''
213B .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
213B .<= ''
213B .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
213B .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
213B .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
213B .| | <= ''
213B .| <= ''
213B .<= ''
213B .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
213B .<= ''
213B .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
213B .<= ''
213B .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
213B .<= ''
213B .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
213B .<= ''
213B .=> phpCAS::forceAuthentication() [cas_authn.php:103]
213B .| => CAS_Client::forceAuthentication() [CAS.php:1015]
213B .| | => CAS_Client::isAuthenticated() [Client.php:1245]
213B .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
213B .| | | | neither user nor PGT found [Client.php:1569]
213B .| | | <= false
213B .| | | CAS 2.0 ticket ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' is present [Client.php:1406] 213B .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409] 213B .| | | | [Client.php:3101] 213B .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108] 213B .| | | | | => CAS_Client::getURL() [Client.php:453] 213B .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | | <= 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' 213B .| | | | => CAS_Client::_readURL('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118028-vqSGMVAcKxWutD6ZAcsj-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118] 213B .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 213B .| | | | | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 7DE2 .START phpCAS-1.3.3 ****************** [CAS.php:438] 7DE2 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322] 7DE2 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384] 7DE2 .| | Starting a new session 2lhnmgci4ck6faik31el8s7g7ng7hdku [Client.php:906] 7DE2 .| <= '' 7DE2 .<= '' 7DE2 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 7DE2 .<= '' 7DE2 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 7DE2 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 7DE2 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 7DE2 .| | <= '' 7DE2 .| <= '' 7DE2 .<= '' 7DE2 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 7DE2 .<= '' 7DE2 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 7DE2 .<= '' 7DE2 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 7DE2 .<= '' 7DE2 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 7DE2 .<= '' 7DE2 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193] 7DE2 .| Not a logout request [Client.php:1689] 7DE2 .<= '' 7DE2 .=> phpCAS::forceAuthentication() [cas_authn.php:64] 7DE2 .| => CAS_Client::forceAuthentication() [CAS.php:1015] 7DE2 .| | => CAS_Client::isAuthenticated() [Client.php:1245] 7DE2 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 7DE2 .| | | | neither user nor PGT found [Client.php:1569] 7DE2 .| | | <= false 7DE2 .| | | no ticket found [Client.php:1453] 7DE2 .| | <= false 7DE2 .| | => CAS_Client::redirectToCas(false) [Client.php:1254] 7DE2 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613] 7DE2 .| | | | => CAS_Client::getURL() [Client.php:342] 7DE2 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 7DE2 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' 7DE2 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620] 7DE2 .| | | exit() 7DE2 .| | | - 7DE2 .| | - 7DE2 .| - 9D5A .START phpCAS-1.3.3 ****************** [CAS.php:438] 9D5A .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322] 9D5A .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384] 9D5A .| | Starting a new session e2fm14lcqa58077a4o3ikkc3b3n36hqs [Client.php:906] 9D5A .| <= '' 9D5A .<= '' 9D5A .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 9D5A .<= '' 9D5A .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 9D5A .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 9D5A .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 9D5A .| | <= '' 9D5A .| <= '' 9D5A .<= '' 9D5A .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 9D5A .<= '' 9D5A .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 9D5A .<= '' 9D5A .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 9D5A .<= '' 9D5A .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 9D5A .<= '' 9D5A .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193] 9D5A .| Not a logout request [Client.php:1689] 9D5A .<= '' 9D5A .=> phpCAS::forceAuthentication() [cas_authn.php:64] 9D5A .| => CAS_Client::forceAuthentication() [CAS.php:1015] 9D5A .| | => CAS_Client::isAuthenticated() [Client.php:1245] 9D5A .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 9D5A .| | | | => CAS_Client::_callback() [Client.php:1515] 9D5A .| | | | | Storing PGT
TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' (id=PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2341] 9D5A .| | | | | => CAS_PGTStorage_File::init() [Client.php:2396] 9D5A .| | | | | <= '' 9D5A .| | | | | => CAS_PGTStorage_File::write('TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', 'PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2412] 9D5A .| | | | | | => CAS_PGTStorage_File::getPGTIouFilename('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [File.php:202] 9D5A .| | | | | | <= '/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' 9D5A .| | | | | | Successful write of PGT to
/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' [File.php:211]
9D5A .| | | | | <= ''
9D5A .| | | | | exit()
9D5A .| | | | | -
9D5A .| | | | -
9D5A .| | | -
9D5A .| | -
9D5A .| -
213B .| | | | | | Response Body:
213B .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
213B .| | | | | | cas:authenticationSuccess
213B .| | | | | | cas:usermyusername/cas:user
213B .| | | | | |
213B .| | | | | |
213B .| | | | | | cas:proxyGrantingTicketPGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas/cas:proxyGrantingTicket
213B .| | | | | |
213B .| | | | | |
213B .| | | | | | /cas:authenticationSuccess
213B .| | | | | | /cas:serviceResponse
213B .| | | | | |
213B .| | | | | | [CurlRequest.php:84]
213B .| | | | | <= true
213B .| | | | <= true
213B .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3176]
213B .| | | | | Testing for rubycas style attributes [Client.php:3294]
213B .| | | | <= ''
213B .| | | | Storing Proxy List [Client.php:3185]
213B .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3188]
213B .| | | | | No proxies were found in the response [AllowedList.php:81]
213B .| | | | <= true
213B .| | | | => CAS_Client::_renameSession('ST-118028-vqSGMVAcKxWutD6ZAcsj-cas') [Client.php:3220]
213B .| | | | | Killing session: c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:3582]
213B .| | | | | Starting session: ST-118028-vqSGMVAcKxWutD6ZAcsj-cas [Client.php:3586]
213B .| | | | | Restoring old session vars [Client.php:3589]
213B .| | | | <= ''
213B .| | | <= true
213B .| | | CAS 2.0 ticket ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' was validated [Client.php:1412] 213B .| | | => CAS_Client::_validatePGT('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118028-vqSGMVAcKxWutD6ZAcsj-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'> <cas:authenticationSuccess> <cas:user>myusername</cas:user> <cas:proxyGrantingTicket>PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas</cas:proxyGrantingTicket> </cas:authenticationSuccess></cas:serviceResponse>', DOMElement) [Client.php:1416] 213B .| | | | => CAS_PGTStorage_File::init() [Client.php:2396] 213B .| | | | <= '' 213B .| | | | => CAS_PGTStorage_File::read('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2428] 213B .| | | | | => CAS_PGTStorage_File::getPGTIouFilename('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [File.php:236] 213B .| | | | | <= '/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' 213B .| | | | | Successful read of PGT to
/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' [File.php:244]
213B .| | | | <= 'TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas'
213B .| | | <= true
213B .| | | PGT TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' was validated [Client.php:1417] 213B .| | | => CAS_Client::getURL() [Client.php:1472] 213B .| | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | Prepare redirect to : https://webmail03.mydomain.es/?_action=caslogin [Client.php:1472] 213B .| | | => CAS_Client::getURL() [Client.php:1474] 213B .| | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | exit() 213B .| | | - 213B .| | - 213B .| - 3537 .START phpCAS-1.3.3 ****************** [CAS.php:438] 3537 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 3537 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 3537 .| <= '' 3537 .<= '' 3537 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 3537 .<= '' 3537 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 3537 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 3537 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 3537 .| | <= '' 3537 .| <= '' 3537 .<= '' 3537 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 3537 .<= '' 3537 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 3537 .<= '' 3537 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 3537 .<= '' 3537 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 3537 .<= '' 3537 .=> phpCAS::forceAuthentication() [cas_authn.php:103] 3537 .| => CAS_Client::forceAuthentication() [CAS.php:1015] 3537 .| | => CAS_Client::isAuthenticated() [Client.php:1245] 3537 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 3537 .| | | | user =
myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 3537 .| | | <= true 3537 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 3537 .| | <= true 3537 .| | no need to authenticate [Client.php:1247] 3537 .| <= true 3537 .<= '' 3537 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 3537 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 3537 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 3537 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 3537 .| | | Response Body: 3537 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> 3537 .| | | <cas:proxySuccess> 3537 .| | | <cas:proxyTicket>ST-118031-tWRSXoFm4QpXJTRystEw-cas</cas:proxyTicket> 3537 .| | | </cas:proxySuccess> 3537 .| | | </cas:serviceResponse> 3537 .| | | [CurlRequest.php:84] 3537 .| | <= true 3537 .| <= true 3537 .| original PT: ST-118031-tWRSXoFm4QpXJTRystEw-cas [Client.php:2665] 3537 .<= 'ST-118031-tWRSXoFm4QpXJTRystEw-cas' 3537 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 3537 .| => CAS_Client::checkAuthentication() [CAS.php:995] 3537 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 3537 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 3537 .| | | | user =
myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 3537 .| | | <= true 3537 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 3537 .| | <= true 3537 .| | user is authenticated [Client.php:1297] 3537 .| <= true 3537 .<= true 3537 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 3537 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 3537 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 3537 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 3537 .| | | Response Body: 3537 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> 3537 .| | | <cas:proxySuccess> 3537 .| | | <cas:proxyTicket>ST-118033-9YsxF67IIhNWGRBwmKx6-cas</cas:proxyTicket> 3537 .| | | </cas:proxySuccess> 3537 .| | | </cas:serviceResponse> 3537 .| | | [CurlRequest.php:84] 3537 .| | <= true 3537 .| <= true 3537 .| original PT: ST-118033-9YsxF67IIhNWGRBwmKx6-cas [Client.php:2665] 3537 .<= 'ST-118033-9YsxF67IIhNWGRBwmKx6-cas' DB38 .START phpCAS-1.3.3 ****************** [CAS.php:438] DB38 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] DB38 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] DB38 .| <= '' DB38 .<= '' DB38 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] DB38 .<= '' DB38 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] DB38 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] DB38 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] DB38 .| | <= '' DB38 .| <= '' DB38 .<= '' DB38 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] DB38 .<= '' DB38 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] DB38 .<= '' DB38 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] DB38 .<= '' DB38 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] DB38 .<= '' DB38 .=> phpCAS::checkAuthentication() [cas_authn.php:178] DB38 .| => CAS_Client::checkAuthentication() [CAS.php:995] DB38 .| | => CAS_Client::isAuthenticated() [Client.php:1296] DB38 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] DB38 .| | | | user =
myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] DB38 .| | | <= true DB38 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] DB38 .| | <= true DB38 .| | user is authenticated [Client.php:1297] DB38 .| <= true DB38 .<= true DB38 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] DB38 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] DB38 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] DB38 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] DB38 .| | | Response Body: DB38 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> DB38 .| | | <cas:proxySuccess> DB38 .| | | <cas:proxyTicket>ST-118034-okcARh7LIQZf4MA2y23t-cas</cas:proxyTicket> DB38 .| | | </cas:proxySuccess> DB38 .| | | </cas:serviceResponse> DB38 .| | | [CurlRequest.php:84] DB38 .| | <= true DB38 .| <= true DB38 .| original PT: ST-118034-okcARh7LIQZf4MA2y23t-cas [Client.php:2665] DB38 .<= 'ST-118034-okcARh7LIQZf4MA2y23t-cas' 41A5 .START phpCAS-1.3.3 ****************** [CAS.php:438] 41A5 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 41A5 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 41A5 .| <= '' 41A5 .<= '' 41A5 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 41A5 .<= '' 41A5 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 41A5 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 41A5 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 41A5 .| | <= '' 41A5 .| <= '' 41A5 .<= '' 41A5 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 41A5 .<= '' 41A5 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 41A5 .<= '' 41A5 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 41A5 .<= '' 41A5 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 41A5 .<= '' 41A5 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 41A5 .| => CAS_Client::checkAuthentication() [CAS.php:995] 41A5 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 41A5 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 41A5 .| | | | user =
myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 41A5 .| | | <= true 41A5 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 7E49 .START phpCAS-1.3.3 ****************** [CAS.php:438] 41A5 .| | <= true 41A5 .| | user is authenticated [Client.php:1297] 41A5 .| <= true 41A5 .<= true 41A5 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 41A5 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 7E49 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 41A5 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 41A5 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 7E49 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 7E49 .| <= '' 7E49 .<= '' 7E49 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 7E49 .<= '' 7E49 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 7E49 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 7E49 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 7E49 .| | <= '' 7E49 .| <= '' 7E49 .<= '' 7E49 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 7E49 .<= '' 7E49 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 7E49 .<= '' 7E49 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 7E49 .<= '' 7E49 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 7E49 .<= '' 7E49 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 7E49 .| => CAS_Client::checkAuthentication() [CAS.php:995] 7E49 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 7E49 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 7E49 .| | | | user =
myusername', PGT = `TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534]
7E49 .| | | <= true
7E49 .| | | user was already authenticated, no need to look for tickets [Client.php:1380]
7E49 .| | <= true
7E49 .| | user is authenticated [Client.php:1297]
7E49 .| <= true
7E49 .<= true
7E49 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514]
7E49 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610]
7E49 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
7E49 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129]
41A5 .| | | Response Body:
41A5 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
41A5 .| | | cas:proxySuccess
41A5 .| | | cas:proxyTicketST-118035-v7neEXzn53pEl7AgWxYN-cas/cas:proxyTicket
41A5 .| | | /cas:proxySuccess
41A5 .| | | /cas:serviceResponse
41A5 .| | | [CurlRequest.php:84]
41A5 .| | <= true
41A5 .| <= true
41A5 .| original PT: ST-118035-v7neEXzn53pEl7AgWxYN-cas [Client.php:2665]
41A5 .<= 'ST-118035-v7neEXzn53pEl7AgWxYN-cas'
7E49 .| | | Response Body:
7E49 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
7E49 .| | | cas:proxySuccess
7E49 .| | | cas:proxyTicketST-118036-geVrSbctauCrtUkAvexZ-cas/cas:proxyTicket
7E49 .| | | /cas:proxySuccess
7E49 .| | | /cas:serviceResponse
7E49 .| | | [CurlRequest.php:84]
7E49 .| | <= true
7E49 .| <= true
7E49 .| original PT: ST-118036-geVrSbctauCrtUkAvexZ-cas [Client.php:2665]
7E49 .<= 'ST-118036-geVrSbctauCrtUkAvexZ-cas'
And here I attach a trace obtained after getting the error aboved shown, I mean, I can reach the loggin boxes where I put my credentials and after that I get the error, and this is the trace:
65C3 .START phpCAS-1.3.3 ****************** [CAS.php:438]
65C3 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322]
65C3 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384]
65C3 .| <= ''
65C3 .<= ''
65C3 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
65C3 .<= ''
65C3 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
65C3 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
65C3 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
65C3 .| | <= ''
65C3 .| <= ''
65C3 .<= ''
65C3 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
65C3 .<= ''
65C3 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
65C3 .<= ''
65C3 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
65C3 .<= ''
65C3 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
65C3 .<= ''
65C3 .=> phpCAS::forceAuthentication() [cas_authn.php:103]
65C3 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
65C3 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
65C3 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
65C3 .| | | | neither user nor PGT found [Client.php:1569]
65C3 .| | | <= false
65C3 .| | | no ticket found [Client.php:1453]
65C3 .| | <= false
65C3 .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
65C3 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
65C3 .| | | | => CAS_Client::getURL() [Client.php:342]
65C3 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
65C3 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
65C3 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
65C3 .| | | exit()
65C3 .| | | -
65C3 .| | -
65C3 .| -
DDF9 .START phpCAS-1.3.3 ****************** [CAS.php:438]
DDF9 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322]
DDF9 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384]
DDF9 .| | Ticket 'ST-118039-r7ccAUSM2joSCfJrMryk-cas' found [Client.php:988]
DDF9 .| <= ''
DDF9 .<= ''
DDF9 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
DDF9 .<= ''
DDF9 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
DDF9 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
DDF9 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
DDF9 .| | <= ''
DDF9 .| <= ''
DDF9 .<= ''
DDF9 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
DDF9 .<= ''
DDF9 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
DDF9 .<= ''
DDF9 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
DDF9 .<= ''
DDF9 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
DDF9 .<= ''
DDF9 .=> phpCAS::forceAuthentication() [cas_authn.php:103]
DDF9 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
DDF9 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
DDF9 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
DDF9 .| | | | neither user nor PGT found [Client.php:1569]
DDF9 .| | | <= false
DDF9 .| | | CAS 2.0 ticket ST-118039-r7ccAUSM2joSCfJrMryk-cas' is present [Client.php:1406] DDF9 .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409] DDF9 .| | | | [Client.php:3101] DDF9 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108] DDF9 .| | | | | => CAS_Client::getURL() [Client.php:453] DDF9 .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' DDF9 .| | | | <= 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' DDF9 .| | | | => CAS_Client::_readURL('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118] DDF9 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] DDF9 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] DDF9 .| | | | | | Response Body: DDF9 .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> DDF9 .| | | | | | <cas:authenticationSuccess> DDF9 .| | | | | | <cas:user>myusername</cas:user> DDF9 .| | | | | | DDF9 .| | | | | | DDF9 .| | | | | | DDF9 .| | | | | | </cas:authenticationSuccess> DDF9 .| | | | | | </cas:serviceResponse> DDF9 .| | | | | | DDF9 .| | | | | | [CurlRequest.php:84] DDF9 .| | | | | <= true DDF9 .| | | | <= true DDF9 .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3176] DDF9 .| | | | | Testing for rubycas style attributes [Client.php:3294] DDF9 .| | | | <= '' DDF9 .| | | | Storing Proxy List [Client.php:3185] DDF9 .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3188] DDF9 .| | | | | No proxies were found in the response [AllowedList.php:81] DDF9 .| | | | <= true DDF9 .| | | | => CAS_Client::_renameSession('ST-118039-r7ccAUSM2joSCfJrMryk-cas') [Client.php:3220] DDF9 .| | | | | Skipping session rename since phpCAS is not handling the session. [Client.php:3599] DDF9 .| | | | <= '' DDF9 .| | | <= true DDF9 .| | | CAS 2.0 ticket
ST-118039-r7ccAUSM2joSCfJrMryk-cas' was validated [Client.php:1412]
DDF9 .| | | => CAS_Client::_validatePGT('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', '<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:usermyusername/cas:user /cas:authenticationSuccess/cas:serviceResponse', DOMElement) [Client.php:1416]
DDF9 .| | | | not found [Client.php:2541]
DDF9 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket validated but no PGT Iou transmitted', 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', false, false, '<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:usermyusername/cas:user /cas:authenticationSuccess/cas:serviceResponse') [Client.php:2547]
DDF9 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
DDF9 .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
DDF9 .| | | | | CAS URL: https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback [AuthenticationException.php:79]
DDF9 .| | | | | Authentication failure: Ticket validated but no PGT Iou transmitted [AuthenticationException.php:80]
DDF9 .| | | | | Reason: no CAS error [AuthenticationException.php:94]
DDF9 .| | | | | CAS response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
DDF9 .| | | | | cas:authenticationSuccess
DDF9 .| | | | | cas:usermyusername/cas:user
DDF9 .| | | | |
DDF9 .| | | | |
DDF9 .| | | | |
DDF9 .| | | | | /cas:authenticationSuccess
DDF9 .| | | | | /cas:serviceResponse
DDF9 .| | | | | [AuthenticationException.php:101]
DDF9 .| | | | | exit()
DDF9 .| | | | | -
DDF9 .| | | | -
DDF9 .| | | -
DDF9 .| | -
DDF9 .| -
1982 .START phpCAS-1.3.3 ****************** [CAS.php:438]
1982 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
1982 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
1982 .| | Starting a new session veen0f0gj1hm79c6kqq30v709g07gm0c [Client.php:906]
1982 .| <= ''
1982 .<= ''
1982 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
1982 .<= ''
1982 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
1982 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
1982 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
1982 .| | <= ''
1982 .| <= ''
1982 .<= ''
1982 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
1982 .<= ''
1982 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
1982 .<= ''
1982 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
1982 .<= ''
1982 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
1982 .<= ''
1982 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193]
1982 .| Not a logout request [Client.php:1689]
1982 .<= ''
1982 .=> phpCAS::forceAuthentication() [cas_authn.php:64]
1982 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
1982 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
1982 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
1982 .| | | | neither user nor PGT found [Client.php:1569]
1982 .| | | <= false
1982 .| | | no ticket found [Client.php:1453]
1982 .| | <= false
1982 .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
1982 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
1982 .| | | | => CAS_Client::getURL() [Client.php:342]
1982 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
1982 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
1982 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
1982 .| | | exit()
1982 .| | | -
1982 .| | -
1982 .| -
I would really appreciate if anyone can give me a hand.
I suspect that it might be due to certificates issue, but I am not sure, because the second certificate I use it to reach the new webmail instalation from a diferent vhost.
Thank you very much.
I'm getting an error saying "handleCasLogin" does not exist.
Roundcube-CAS-Authn/cas_authn/cas_authn.php
Line 334 in bf09aae
Hi dfwarden,
I have an "blank page" issue when accessing CAS server:
https://cas-server-hostname/webmail/?_action=caslogin
CAS server uses self-signed certs and I set correctly the roundcube plugin's parameters:
$rcmail_config['cas_validation'] = 'self';
$rcmail_config['cas_cert'] = 'path-to-certs.pem';
PS. If changing 'self' to 'ca', I can access to CAS server's login page normally.
Any suggestions for me? Thanks in advance.
Hi dfwarden,
We had the following issue when using CAS Proxy with pam_cas module:
When accessing the URL "https:///webmail/?_action=caslogin, we see an error:
"phpCAS error: phpCAS::setPGTStorageFile(): an absolute path is needed for PGT storage to file in /cas_authn.php on line 326"
We used the default setting "$rcmail_config['cas_pgt_dir'] = '/tmp';".
Any suggestions for us? Thanks in advance.
The setPGTStorageFile() call issued in cas_init() uses a deprecated signature.
The format argument was removed in 1.3, now it should only take a path argument.
Upon initial login a PT is retrieved and sent to IMAP. When loading the "main" page, a new one is retrieved and sent to IMAP because it could not find the old one in PHP's session. If authn caching is set up in a certain way this is not fatal, but it should be fixed.
There are an ugly mix of spaces/tabs, inconsistent use of brackets, Poorly worded/useless comments and the README is not friendly to new CAS users. This should be fixed without breaking anything, unlike my attempt from earlier today.
Hi David,
i followed your blog casifying of roundcube (http://dfwarden.blogspot.de/2012/01/cas-ifying-roundcube.html). Its very good documented, and 99% of the howto was also succesful in my case.
But on one thing i have problems. the proxy feature. you write something about the use of the proxy. But i have got no idea how to solve or implement this proxy. Or is this proxy functionality already implemented in the cas plugin for roundcube? I have searched round the web and also posted some issues on the php-cas-list, without the final success. I have searched for some proxy examples, but i failed to trick this out.
Now i have a little hope that you could give me an advice that can help me.
We are using Dovecot 2.1.3, Roundcube 0.7.2 and phpCas 1.3.1 and pam_cas 2.0.5.
I already can login to roundcube via cas. But after several minutes the ST expires and the reconnection to the imap server fails. -think thats an proxy issue-
Could you give me an advice on this, please?
Thanks
Andy
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.