Giter Site home page Giter Site logo

roundcube-cas-authn's Introduction

If you aren't sure what CAS is, check out: http://www.jasig.org/cas

This is a fork of Alex Li's cas_authentication plugin. (http://code.google.com/p/rc-cas-plugin)
We share some of the same config names so we should not be run together.

The main differences are:
 - This plugin should work with stock Roundcube 0.6+
 - This plugin can be configured to not force all users to have to use CAS
 - This plugin supports using a CAS proxy ticket for SMTP authn

This plugin has been tested and works with the following:
 - Roundcube 0.6-0.8
 - RHEL (specifically, Oracle Enterprise Linux) 6.1-6.2 x64 - DEBIAN Squeeze 2.6.26 x64
 - JASIG CAS 3.3.2, 3.4.11, 3.4.14 (http://www.jasig.org/cas)
 - pam_cas (https://sourcesup.cru.fr/frs/?group_id=213, Pam_cas-2.0.11-esup-2.0.5.tar.gz)
 - phpCAS 1.3.x
   - There was a function signature change between 1.2.x and 1.3.x! Please use 1.3.x
 - up-imapproxy 1.2.7 (http://www.imapproxy.org)
 - Dovecot 2.0.13 (http://dovecot.org)

Setup is very similar to most Roundcube plugins. Copy cas_authn to your 
Roundcube plugin directory. Then, copy config.inc.php.dist to config.inc.php,
edit for your environment, and activate the plugin. 

Some things to be aware of:

  - This plugin assumes your IMAP server can authenticate 
    (a) CAS proxy tickets (if cas_proxy is true) 
	- or - 
    (b) any user using the "master" password (if cas_proxy is false and 
        cas_imap_password is set). 
    For (a), the most common way to do this is with pam_cas. See
    http://www.esup-portail.org/consortium/espace/SSO_1B/tech/cas/cas_pam.html 
    for help configuring and testing that. (It is in French, but Google 
    Translate does a good job.)

  - If cas_proxy is true and Roundcube is set to authenticate to SMTP, 
    this plugin will generate a PT for your SMTP service and send that to 
    the SMTP server. As with IMAP, you should test this via telnet to make 
    sure your SMTP server is validating CAS tickets.

  - If you are running Roundcube on multiple servers behind a load balancer
    and cas_proxy is true, your PGTIOU storage must be shared; when the CAS
    server does the PGT callback there is no guarantee (unless you do 
    something special) that it will hit the same host the user is on. And 
    if you're not sure what "PGT callback" is, check out 
    https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
    especially the PDF linked at the bottom.

roundcube-cas-authn's People

Contributors

dfwarden avatar jgribonvald avatar michaelbailly avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

jgribonvald linagora xavrsl 3rwww1 quatre mabes mdcurtis frzleaf mephi-ut ld000 gip-recia lanin01 mwithheld

roundcube-cas-authn's Issues

CURL Could Not Open URL While Verifying SSL Certs

Hi dfwarden,

I had an issue related to the first process of CAS Client while validating ST. It was the fact that curl could not open the url responsed by CAS Server while verifying SSL Certificate of CAS Server (using CA Certs). The main logs said that:
...
D367 .| | | | => CAS_Client::_readURL('https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118]
D367 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
D367 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/obm/certs/cas_server_certs.pem [CurlRequest.php:129]
D367 .| | | | | | curl_exec() failed [CurlRequest.php:77]
D367 .| | | | | <= false
D367 .| | | | <= false
D367 .| | | | could not open URL 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback' to validate (CURL error #60: SSL certificate problem: unable to get local issuer certificate) [Client.php:3121]
D367 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', true) [Client.php:3125]
D367 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
D367 .| | | | | <= 'https://mailobm.openroad.vn/webmail/?_action=caslogin'
D367 .| | | | | CAS URL: https://cas.openroad.vn:8443/cas/serviceValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-224-TewfaZvNsvmbS7SNDgy7-cas.openroad.vn&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback [AuthenticationException.php:79]
D367 .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:80]
D367 .| | | | | Reason: no response from the CAS server [AuthenticationException.php:82]
D367 .| | | | | exit()
...

P.S. Our testing environment:

  • OS: CentOS 6.4
  • phpCAS: 1.3.3
  • Roundcube: 0.8.7
  • Roundcube-CAS-Authn: the latest version on Github

Any suggestions for me? Thanks.

CAS not working when browser cache is not cleared.

Hi all,
I've got a problem when trying to move to production RC1.1.1 with this CAS plugin. What has happened until now it is that everytime I wanted to test my changes, I was clearing the cache of my web browser and then testing the modifications, which was good. But now that I've done a pre-released, the users have complained because they were getting :

CAS Authentication failed!You were not authenticated.You may submit your request again by clicking here.If the problem persists, you may contact the administrator of this site.

phpCAS 1.3.3 using server https://cas.mydomain.es/cas/ (CAS 2.0)

I assume that this is due them to have a valid cookie in their browser already loaded, because if I clear the cache, everthing works as expected, it takes nearly 18 seconds to show the page, but it is not so bad. I am pasting a trace(good one):

EC7B .START phpCAS-1.3.3 ****************** [CAS.php:438]
EC7B .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
EC7B .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
EC7B .| | Starting a new session c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:906]
EC7B .| <= ''
EC7B .<= ''
EC7B .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
EC7B .<= ''
EC7B .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
EC7B .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
EC7B .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
EC7B .| | <= ''
EC7B .| <= ''
EC7B .<= ''
EC7B .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
EC7B .<= ''
EC7B .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
EC7B .<= ''
EC7B .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
EC7B .<= ''
EC7B .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
EC7B .<= ''
EC7B .=> phpCAS::forceAuthentication() [cas_authn.php:103]
EC7B .| => CAS_Client::forceAuthentication() [CAS.php:1015]
EC7B .| | => CAS_Client::isAuthenticated() [Client.php:1245]
EC7B .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
EC7B .| | | | neither user nor PGT found [Client.php:1569]
EC7B .| | | <= false
EC7B .| | | no ticket found [Client.php:1453]
EC7B .| | <= false
EC7B .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
EC7B .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
EC7B .| | | | => CAS_Client::getURL() [Client.php:342]
EC7B .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
EC7B .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
EC7B .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
EC7B .| | | exit()
EC7B .| | | -
EC7B .| | -
EC7B .| -
213B .START phpCAS-1.3.3 ****************** [CAS.php:438]
213B .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
213B .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
213B .| | Starting a new session c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:906]
213B .| | Ticket 'ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' found [Client.php:988]
213B .| <= ''
213B .<= ''
213B .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
213B .<= ''
213B .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
213B .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
213B .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
213B .| | <= ''
213B .| <= ''
213B .<= ''
213B .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
213B .<= ''
213B .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
213B .<= ''
213B .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
213B .<= ''
213B .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
213B .<= ''
213B .=> phpCAS::forceAuthentication() [cas_authn.php:103]
213B .| => CAS_Client::forceAuthentication() [CAS.php:1015]
213B .| | => CAS_Client::isAuthenticated() [Client.php:1245]
213B .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
213B .| | | | neither user nor PGT found [Client.php:1569]
213B .| | | <= false
213B .| | | CAS 2.0 ticket ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' is present [Client.php:1406] 213B .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409] 213B .| | | | [Client.php:3101] 213B .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108] 213B .| | | | | => CAS_Client::getURL() [Client.php:453] 213B .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | | <= 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' 213B .| | | | => CAS_Client::_readURL('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118028-vqSGMVAcKxWutD6ZAcsj-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118] 213B .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 213B .| | | | | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 7DE2 .START phpCAS-1.3.3 ****************** [CAS.php:438] 7DE2 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322] 7DE2 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384] 7DE2 .| | Starting a new session 2lhnmgci4ck6faik31el8s7g7ng7hdku [Client.php:906] 7DE2 .| <= '' 7DE2 .<= '' 7DE2 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 7DE2 .<= '' 7DE2 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 7DE2 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 7DE2 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 7DE2 .| | <= '' 7DE2 .| <= '' 7DE2 .<= '' 7DE2 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 7DE2 .<= '' 7DE2 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 7DE2 .<= '' 7DE2 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 7DE2 .<= '' 7DE2 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 7DE2 .<= '' 7DE2 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193] 7DE2 .| Not a logout request [Client.php:1689] 7DE2 .<= '' 7DE2 .=> phpCAS::forceAuthentication() [cas_authn.php:64] 7DE2 .| => CAS_Client::forceAuthentication() [CAS.php:1015] 7DE2 .| | => CAS_Client::isAuthenticated() [Client.php:1245] 7DE2 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 7DE2 .| | | | neither user nor PGT found [Client.php:1569] 7DE2 .| | | <= false 7DE2 .| | | no ticket found [Client.php:1453] 7DE2 .| | <= false 7DE2 .| | => CAS_Client::redirectToCas(false) [Client.php:1254] 7DE2 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613] 7DE2 .| | | | => CAS_Client::getURL() [Client.php:342] 7DE2 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 7DE2 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' 7DE2 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620] 7DE2 .| | | exit() 7DE2 .| | | - 7DE2 .| | - 7DE2 .| - 9D5A .START phpCAS-1.3.3 ****************** [CAS.php:438] 9D5A .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322] 9D5A .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384] 9D5A .| | Starting a new session e2fm14lcqa58077a4o3ikkc3b3n36hqs [Client.php:906] 9D5A .| <= '' 9D5A .<= '' 9D5A .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 9D5A .<= '' 9D5A .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 9D5A .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 9D5A .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 9D5A .| | <= '' 9D5A .| <= '' 9D5A .<= '' 9D5A .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 9D5A .<= '' 9D5A .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 9D5A .<= '' 9D5A .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 9D5A .<= '' 9D5A .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 9D5A .<= '' 9D5A .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193] 9D5A .| Not a logout request [Client.php:1689] 9D5A .<= '' 9D5A .=> phpCAS::forceAuthentication() [cas_authn.php:64] 9D5A .| => CAS_Client::forceAuthentication() [CAS.php:1015] 9D5A .| | => CAS_Client::isAuthenticated() [Client.php:1245] 9D5A .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 9D5A .| | | | => CAS_Client::_callback() [Client.php:1515] 9D5A .| | | | | Storing PGTTGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' (id=PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2341] 9D5A .| | | | | => CAS_PGTStorage_File::init() [Client.php:2396] 9D5A .| | | | | <= '' 9D5A .| | | | | => CAS_PGTStorage_File::write('TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', 'PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2412] 9D5A .| | | | | | => CAS_PGTStorage_File::getPGTIouFilename('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [File.php:202] 9D5A .| | | | | | <= '/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' 9D5A .| | | | | | Successful write of PGT to/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' [File.php:211]
9D5A .| | | | | <= ''
9D5A .| | | | | exit()
9D5A .| | | | | -
9D5A .| | | | -
9D5A .| | | -
9D5A .| | -
9D5A .| -
213B .| | | | | | Response Body:
213B .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
213B .| | | | | | cas:authenticationSuccess
213B .| | | | | | cas:usermyusername/cas:user
213B .| | | | | |
213B .| | | | | |
213B .| | | | | | cas:proxyGrantingTicketPGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas/cas:proxyGrantingTicket
213B .| | | | | |
213B .| | | | | |
213B .| | | | | | /cas:authenticationSuccess
213B .| | | | | | /cas:serviceResponse
213B .| | | | | |
213B .| | | | | | [CurlRequest.php:84]
213B .| | | | | <= true
213B .| | | | <= true
213B .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3176]
213B .| | | | | Testing for rubycas style attributes [Client.php:3294]
213B .| | | | <= ''
213B .| | | | Storing Proxy List [Client.php:3185]
213B .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3188]
213B .| | | | | No proxies were found in the response [AllowedList.php:81]
213B .| | | | <= true
213B .| | | | => CAS_Client::_renameSession('ST-118028-vqSGMVAcKxWutD6ZAcsj-cas') [Client.php:3220]
213B .| | | | | Killing session: c24cdf0q727sivjqfthdnnmi8k7cqmh1 [Client.php:3582]
213B .| | | | | Starting session: ST-118028-vqSGMVAcKxWutD6ZAcsj-cas [Client.php:3586]
213B .| | | | | Restoring old session vars [Client.php:3589]
213B .| | | | <= ''
213B .| | | <= true
213B .| | | CAS 2.0 ticket ST-118028-vqSGMVAcKxWutD6ZAcsj-cas' was validated [Client.php:1412] 213B .| | | => CAS_Client::_validatePGT('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118028-vqSGMVAcKxWutD6ZAcsj-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'> <cas:authenticationSuccess> <cas:user>myusername</cas:user> <cas:proxyGrantingTicket>PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas</cas:proxyGrantingTicket> </cas:authenticationSuccess></cas:serviceResponse>', DOMElement) [Client.php:1416] 213B .| | | | => CAS_PGTStorage_File::init() [Client.php:2396] 213B .| | | | <= '' 213B .| | | | => CAS_PGTStorage_File::read('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [Client.php:2428] 213B .| | | | | => CAS_PGTStorage_File::getPGTIouFilename('PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas') [File.php:236] 213B .| | | | | <= '/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' 213B .| | | | | Successful read of PGT to/tmp/wpgt/PGTIOU-4113-nONUxjJ6V92Kx9xCZ7eb-cas.plain' [File.php:244]
213B .| | | | <= 'TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas'
213B .| | | <= true
213B .| | | PGT TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' was validated [Client.php:1417] 213B .| | | => CAS_Client::getURL() [Client.php:1472] 213B .| | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | Prepare redirect to : https://webmail03.mydomain.es/?_action=caslogin [Client.php:1472] 213B .| | | => CAS_Client::getURL() [Client.php:1474] 213B .| | | <= 'https://webmail03.mydomain.es/?_action=caslogin' 213B .| | | exit() 213B .| | | - 213B .| | - 213B .| - 3537 .START phpCAS-1.3.3 ****************** [CAS.php:438] 3537 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 3537 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 3537 .| <= '' 3537 .<= '' 3537 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 3537 .<= '' 3537 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 3537 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 3537 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 3537 .| | <= '' 3537 .| <= '' 3537 .<= '' 3537 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 3537 .<= '' 3537 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 3537 .<= '' 3537 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 3537 .<= '' 3537 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 3537 .<= '' 3537 .=> phpCAS::forceAuthentication() [cas_authn.php:103] 3537 .| => CAS_Client::forceAuthentication() [CAS.php:1015] 3537 .| | => CAS_Client::isAuthenticated() [Client.php:1245] 3537 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 3537 .| | | | user =myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 3537 .| | | <= true 3537 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 3537 .| | <= true 3537 .| | no need to authenticate [Client.php:1247] 3537 .| <= true 3537 .<= '' 3537 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 3537 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 3537 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 3537 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 3537 .| | | Response Body: 3537 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> 3537 .| | | <cas:proxySuccess> 3537 .| | | <cas:proxyTicket>ST-118031-tWRSXoFm4QpXJTRystEw-cas</cas:proxyTicket> 3537 .| | | </cas:proxySuccess> 3537 .| | | </cas:serviceResponse> 3537 .| | | [CurlRequest.php:84] 3537 .| | <= true 3537 .| <= true 3537 .| original PT: ST-118031-tWRSXoFm4QpXJTRystEw-cas [Client.php:2665] 3537 .<= 'ST-118031-tWRSXoFm4QpXJTRystEw-cas' 3537 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 3537 .| => CAS_Client::checkAuthentication() [CAS.php:995] 3537 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 3537 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 3537 .| | | | user =myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 3537 .| | | <= true 3537 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 3537 .| | <= true 3537 .| | user is authenticated [Client.php:1297] 3537 .| <= true 3537 .<= true 3537 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 3537 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 3537 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 3537 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 3537 .| | | Response Body: 3537 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> 3537 .| | | <cas:proxySuccess> 3537 .| | | <cas:proxyTicket>ST-118033-9YsxF67IIhNWGRBwmKx6-cas</cas:proxyTicket> 3537 .| | | </cas:proxySuccess> 3537 .| | | </cas:serviceResponse> 3537 .| | | [CurlRequest.php:84] 3537 .| | <= true 3537 .| <= true 3537 .| original PT: ST-118033-9YsxF67IIhNWGRBwmKx6-cas [Client.php:2665] 3537 .<= 'ST-118033-9YsxF67IIhNWGRBwmKx6-cas' DB38 .START phpCAS-1.3.3 ****************** [CAS.php:438] DB38 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] DB38 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] DB38 .| <= '' DB38 .<= '' DB38 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] DB38 .<= '' DB38 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] DB38 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] DB38 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] DB38 .| | <= '' DB38 .| <= '' DB38 .<= '' DB38 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] DB38 .<= '' DB38 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] DB38 .<= '' DB38 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] DB38 .<= '' DB38 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] DB38 .<= '' DB38 .=> phpCAS::checkAuthentication() [cas_authn.php:178] DB38 .| => CAS_Client::checkAuthentication() [CAS.php:995] DB38 .| | => CAS_Client::isAuthenticated() [Client.php:1296] DB38 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] DB38 .| | | | user =myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] DB38 .| | | <= true DB38 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] DB38 .| | <= true DB38 .| | user is authenticated [Client.php:1297] DB38 .| <= true DB38 .<= true DB38 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] DB38 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] DB38 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] DB38 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] DB38 .| | | Response Body: DB38 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> DB38 .| | | <cas:proxySuccess> DB38 .| | | <cas:proxyTicket>ST-118034-okcARh7LIQZf4MA2y23t-cas</cas:proxyTicket> DB38 .| | | </cas:proxySuccess> DB38 .| | | </cas:serviceResponse> DB38 .| | | [CurlRequest.php:84] DB38 .| | <= true DB38 .| <= true DB38 .| original PT: ST-118034-okcARh7LIQZf4MA2y23t-cas [Client.php:2665] DB38 .<= 'ST-118034-okcARh7LIQZf4MA2y23t-cas' 41A5 .START phpCAS-1.3.3 ****************** [CAS.php:438] 41A5 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 41A5 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 41A5 .| <= '' 41A5 .<= '' 41A5 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 41A5 .<= '' 41A5 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 41A5 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 41A5 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 41A5 .| | <= '' 41A5 .| <= '' 41A5 .<= '' 41A5 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 41A5 .<= '' 41A5 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 41A5 .<= '' 41A5 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 41A5 .<= '' 41A5 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 41A5 .<= '' 41A5 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 41A5 .| => CAS_Client::checkAuthentication() [CAS.php:995] 41A5 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 41A5 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 41A5 .| | | | user =myusername', PGT = TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534] 41A5 .| | | <= true 41A5 .| | | user was already authenticated, no need to look for tickets [Client.php:1380] 7E49 .START phpCAS-1.3.3 ****************** [CAS.php:438] 41A5 .| | <= true 41A5 .| | user is authenticated [Client.php:1297] 41A5 .| <= true 41A5 .<= true 41A5 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514] 41A5 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610] 7E49 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322] 41A5 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 41A5 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] 7E49 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384] 7E49 .| <= '' 7E49 .<= '' 7E49 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325] 7E49 .<= '' 7E49 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328] 7E49 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516] 7E49 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119] 7E49 .| | <= '' 7E49 .| <= '' 7E49 .<= '' 7E49 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340] 7E49 .<= '' 7E49 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347] 7E49 .<= '' 7E49 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354] 7E49 .<= '' 7E49 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355] 7E49 .<= '' 7E49 .=> phpCAS::checkAuthentication() [cas_authn.php:178] 7E49 .| => CAS_Client::checkAuthentication() [CAS.php:995] 7E49 .| | => CAS_Client::isAuthenticated() [Client.php:1296] 7E49 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356] 7E49 .| | | | user =myusername', PGT = `TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas' [Client.php:1534]
7E49 .| | | <= true
7E49 .| | | user was already authenticated, no need to look for tickets [Client.php:1380]
7E49 .| | <= true
7E49 .| | user is authenticated [Client.php:1297]
7E49 .| <= true
7E49 .<= true
7E49 .=> CAS_Client::retrievePT('imaps://opsmail01.mydomain.es', NULL, NULL) [CAS.php:1514]
7E49 .| => CAS_Client::_readURL('https://cas.mydomain.es/cas/proxy?targetService=imaps%3A%2F%2Fopsmail01.mydomain.es&pgt=TGT-12578-h7XX612rTAML5RS6KbqzDyaeQ5pOAbeyCQ3QCMeJbzhnlE6TzJ-cas', NULL, NULL, '') [Client.php:2610]
7E49 .| | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
7E49 .| | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129]
41A5 .| | | Response Body:
41A5 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
41A5 .| | | cas:proxySuccess
41A5 .| | | cas:proxyTicketST-118035-v7neEXzn53pEl7AgWxYN-cas/cas:proxyTicket
41A5 .| | | /cas:proxySuccess
41A5 .| | | /cas:serviceResponse
41A5 .| | | [CurlRequest.php:84]
41A5 .| | <= true
41A5 .| <= true
41A5 .| original PT: ST-118035-v7neEXzn53pEl7AgWxYN-cas [Client.php:2665]
41A5 .<= 'ST-118035-v7neEXzn53pEl7AgWxYN-cas'
7E49 .| | | Response Body:
7E49 .| | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
7E49 .| | | cas:proxySuccess
7E49 .| | | cas:proxyTicketST-118036-geVrSbctauCrtUkAvexZ-cas/cas:proxyTicket
7E49 .| | | /cas:proxySuccess
7E49 .| | | /cas:serviceResponse
7E49 .| | | [CurlRequest.php:84]
7E49 .| | <= true
7E49 .| <= true
7E49 .| original PT: ST-118036-geVrSbctauCrtUkAvexZ-cas [Client.php:2665]
7E49 .<= 'ST-118036-geVrSbctauCrtUkAvexZ-cas'

And here I attach a trace obtained after getting the error aboved shown, I mean, I can reach the loggin boxes where I put my credentials and after that I get the error, and this is the trace:

65C3 .START phpCAS-1.3.3 ****************** [CAS.php:438]
65C3 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322]
65C3 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384]
65C3 .| <= ''
65C3 .<= ''
65C3 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
65C3 .<= ''
65C3 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
65C3 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
65C3 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
65C3 .| | <= ''
65C3 .| <= ''
65C3 .<= ''
65C3 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
65C3 .<= ''
65C3 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
65C3 .<= ''
65C3 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
65C3 .<= ''
65C3 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
65C3 .<= ''
65C3 .=> phpCAS::forceAuthentication() [cas_authn.php:103]
65C3 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
65C3 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
65C3 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
65C3 .| | | | neither user nor PGT found [Client.php:1569]
65C3 .| | | <= false
65C3 .| | | no ticket found [Client.php:1453]
65C3 .| | <= false
65C3 .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
65C3 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
65C3 .| | | | => CAS_Client::getURL() [Client.php:342]
65C3 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
65C3 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
65C3 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
65C3 .| | | exit()
65C3 .| | | -
65C3 .| | -
65C3 .| -
DDF9 .START phpCAS-1.3.3 ****************** [CAS.php:438]
DDF9 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', false) [cas_authn.php:322]
DDF9 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', false) [CAS.php:384]
DDF9 .| | Ticket 'ST-118039-r7ccAUSM2joSCfJrMryk-cas' found [Client.php:988]
DDF9 .| <= ''
DDF9 .<= ''
DDF9 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
DDF9 .<= ''
DDF9 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
DDF9 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
DDF9 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
DDF9 .| | <= ''
DDF9 .| <= ''
DDF9 .<= ''
DDF9 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
DDF9 .<= ''
DDF9 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
DDF9 .<= ''
DDF9 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
DDF9 .<= ''
DDF9 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
DDF9 .<= ''
DDF9 .=> phpCAS::forceAuthentication() [cas_authn.php:103]
DDF9 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
DDF9 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
DDF9 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
DDF9 .| | | | neither user nor PGT found [Client.php:1569]
DDF9 .| | | <= false
DDF9 .| | | CAS 2.0 ticket ST-118039-r7ccAUSM2joSCfJrMryk-cas' is present [Client.php:1406] DDF9 .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409] DDF9 .| | | | [Client.php:3101] DDF9 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3108] DDF9 .| | | | | => CAS_Client::getURL() [Client.php:453] DDF9 .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin' DDF9 .| | | | <= 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin' DDF9 .| | | | => CAS_Client::_readURL('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', NULL, NULL, NULL) [Client.php:3118] DDF9 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] DDF9 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/tls/cacert/terena2.crt [CurlRequest.php:129] DDF9 .| | | | | | Response Body: DDF9 .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> DDF9 .| | | | | | <cas:authenticationSuccess> DDF9 .| | | | | | <cas:user>myusername</cas:user> DDF9 .| | | | | | DDF9 .| | | | | | DDF9 .| | | | | | DDF9 .| | | | | | </cas:authenticationSuccess> DDF9 .| | | | | | </cas:serviceResponse> DDF9 .| | | | | | DDF9 .| | | | | | [CurlRequest.php:84] DDF9 .| | | | | <= true DDF9 .| | | | <= true DDF9 .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3176] DDF9 .| | | | | Testing for rubycas style attributes [Client.php:3294] DDF9 .| | | | <= '' DDF9 .| | | | Storing Proxy List [Client.php:3185] DDF9 .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3188] DDF9 .| | | | | No proxies were found in the response [AllowedList.php:81] DDF9 .| | | | <= true DDF9 .| | | | => CAS_Client::_renameSession('ST-118039-r7ccAUSM2joSCfJrMryk-cas') [Client.php:3220] DDF9 .| | | | | Skipping session rename since phpCAS is not handling the session. [Client.php:3599] DDF9 .| | | | <= '' DDF9 .| | | <= true DDF9 .| | | CAS 2.0 ticketST-118039-r7ccAUSM2joSCfJrMryk-cas' was validated [Client.php:1412]
DDF9 .| | | => CAS_Client::_validatePGT('https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', '<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:usermyusername/cas:user /cas:authenticationSuccess/cas:serviceResponse', DOMElement) [Client.php:1416]
DDF9 .| | | | not found [Client.php:2541]
DDF9 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket validated but no PGT Iou transmitted', 'https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback', false, false, '<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:usermyusername/cas:user /cas:authenticationSuccess/cas:serviceResponse') [Client.php:2547]
DDF9 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
DDF9 .| | | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
DDF9 .| | | | | CAS URL: https://cas.mydomain.es/cas/serviceValidate?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin&ticket=ST-118039-r7ccAUSM2joSCfJrMryk-cas&pgtUrl=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dpgtcallback [AuthenticationException.php:79]
DDF9 .| | | | | Authentication failure: Ticket validated but no PGT Iou transmitted [AuthenticationException.php:80]
DDF9 .| | | | | Reason: no CAS error [AuthenticationException.php:94]
DDF9 .| | | | | CAS response: <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
DDF9 .| | | | | cas:authenticationSuccess
DDF9 .| | | | | cas:usermyusername/cas:user
DDF9 .| | | | |
DDF9 .| | | | |
DDF9 .| | | | |
DDF9 .| | | | | /cas:authenticationSuccess
DDF9 .| | | | | /cas:serviceResponse
DDF9 .| | | | | [AuthenticationException.php:101]
DDF9 .| | | | | exit()
DDF9 .| | | | | -
DDF9 .| | | | -
DDF9 .| | | -
DDF9 .| | -
DDF9 .| -
1982 .START phpCAS-1.3.3 ****************** [CAS.php:438]
1982 .=> phpCAS::proxy('2.0', 'cas.mydomain.es', 443, '/cas', true) [cas_authn.php:322]
1982 .| => CAS_Client::__construct('2.0', true, 'cas.mydomain.es', 443, '/cas', true) [CAS.php:384]
1982 .| | Starting a new session veen0f0gj1hm79c6kqq30v709g07gm0c [Client.php:906]
1982 .| <= ''
1982 .<= ''
1982 .=> phpCAS::setFixedCallbackURL('https://webmail03.mydomain.es/?_action=pgtcallback') [cas_authn.php:325]
1982 .<= ''
1982 .=> phpCAS::setPGTStorageFile('/tmp/wpgt') [cas_authn.php:328]
1982 .| => CAS_PGTStorage_File::__construct(CAS_Client, '/tmp/wpgt') [Client.php:2516]
1982 .| | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
1982 .| | <= ''
1982 .| <= ''
1982 .<= ''
1982 .=> phpCAS::setFixedServiceURL('https://webmail03.mydomain.es/?_action=caslogin') [cas_authn.php:340]
1982 .<= ''
1982 .=> phpCAS::setCasServerCACert('/etc/tls/cacert/terena2.crt') [cas_authn.php:347]
1982 .<= ''
1982 .=> phpCAS::setServerLoginURL('') [cas_authn.php:354]
1982 .<= ''
1982 .=> phpCAS::setServerLogoutURL('') [cas_authn.php:355]
1982 .<= ''
1982 .=> CAS_Client::handleLogoutRequests(false, false) [CAS.php:1193]
1982 .| Not a logout request [Client.php:1689]
1982 .<= ''
1982 .=> phpCAS::forceAuthentication() [cas_authn.php:64]
1982 .| => CAS_Client::forceAuthentication() [CAS.php:1015]
1982 .| | => CAS_Client::isAuthenticated() [Client.php:1245]
1982 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
1982 .| | | | neither user nor PGT found [Client.php:1569]
1982 .| | | <= false
1982 .| | | no ticket found [Client.php:1453]
1982 .| | <= false
1982 .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
1982 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
1982 .| | | | => CAS_Client::getURL() [Client.php:342]
1982 .| | | | <= 'https://webmail03.mydomain.es/?_action=caslogin'
1982 .| | | <= 'https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin'
1982 .| | | Redirect to : https://cas.mydomain.es/cas/login?service=https%3A%2F%2Fwebmail03.mydomain.es%2F%3F_action%3Dcaslogin [Client.php:1620]
1982 .| | | exit()
1982 .| | | -
1982 .| | -
1982 .| -

I would really appreciate if anyone can give me a hand.
I suspect that it might be due to certificates issue, but I am not sure, because the second certificate I use it to reach the new webmail instalation from a diferent vhost.

Thank you very much.

"blank page" error when setting parameter $rcmail_config['cas_validation']

Hi dfwarden,

I have an "blank page" issue when accessing CAS server:
https://cas-server-hostname/webmail/?_action=caslogin

CAS server uses self-signed certs and I set correctly the roundcube plugin's parameters:
$rcmail_config['cas_validation'] = 'self';
$rcmail_config['cas_cert'] = 'path-to-certs.pem';

PS. If changing 'self' to 'ca', I can access to CAS server's login page normally.

Any suggestions for me? Thanks in advance.

phpCAS error: phpCAS::setPGTStorageFile(): an absolute path is needed for PGT storage to file

Hi dfwarden,

We had the following issue when using CAS Proxy with pam_cas module:

When accessing the URL "https:///webmail/?_action=caslogin, we see an error:
"phpCAS error: phpCAS::setPGTStorageFile(): an absolute path is needed for PGT storage to file in /cas_authn.php on line 326"

We used the default setting "$rcmail_config['cas_pgt_dir'] = '/tmp';".

Any suggestions for us? Thanks in advance.

Our testing environment

  • OS CentOS 6.4
  • Roundcube 0.8.7
  • phpCAS 1.3.2
  • pam_cas Pam_cas-2.0.11-esup-2.0.5.tar.gz
  • Cyrus 2.3.16
  • No error logs of phpCAS (debug mode)

Initial Login Creates and Sends 2 CAS Tickets

Upon initial login a PT is retrieved and sent to IMAP. When loading the "main" page, a new one is retrieved and sent to IMAP because it could not find the old one in PHP's session. If authn caching is set up in a certain way this is not fatal, but it should be fixed.

Clean Up Formatting, Style, Comments, README

There are an ugly mix of spaces/tabs, inconsistent use of brackets, Poorly worded/useless comments and the README is not friendly to new CAS users. This should be fixed without breaking anything, unlike my attempt from earlier today.

imap proxy feature

Hi David,

i followed your blog casifying of roundcube (http://dfwarden.blogspot.de/2012/01/cas-ifying-roundcube.html). Its very good documented, and 99% of the howto was also succesful in my case.
But on one thing i have problems. the proxy feature. you write something about the use of the proxy. But i have got no idea how to solve or implement this proxy. Or is this proxy functionality already implemented in the cas plugin for roundcube? I have searched round the web and also posted some issues on the php-cas-list, without the final success. I have searched for some proxy examples, but i failed to trick this out.
Now i have a little hope that you could give me an advice that can help me.
We are using Dovecot 2.1.3, Roundcube 0.7.2 and phpCas 1.3.1 and pam_cas 2.0.5.
I already can login to roundcube via cas. But after several minutes the ST expires and the reconnection to the imap server fails. -think thats an proxy issue-

Could you give me an advice on this, please?
Thanks
Andy

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.