Comments (10)
Please check #195 and test one of our examples https://github.com/apereo/phpCAS/blob/master/docs/examples/example_logout.php
Apereo PHP CAS Client. Contribute to apereo/phpCAS development by creating an account on GitHub.
from phpcas.
And also #212
from phpcas.
Typically the connection from the CAS server to the phpCAS service is not working: (flow of the logout signal is from client -> CAS server -> phpCAS service)
- You need working HTTPS
- You need a Certificate trusted by the CAS server
- Your need working network connection/routing/dns between the systems (loadbalancers or network topology may get in the way)
from phpcas.
Thank you for your quick answer.
I doubt it is a HTTPS or certificate issue : the app has worked up to now (before I implemented the central logout feature). Besides when I look at the log files, no error message. Just a :
CD4E .=> CAS_Client::handleLogoutRequests(true, array ()) [CAS.php:1298]
CD4E .| Not a logout request [Client.php:1744]
CD4E .<= ''
Which seems strange because the guy who are managing the CAS server assured me that a logout request was send to my application.
Here's the code for the index.php :
`<?php
require_once 'config.php';
require_once $phpcas_path . '/CAS.php';
phpCAS::client(CAS_VERSION_3_0, $cas_host, $cas_port, $cas_context);
phpCAS::setCasServerCACert($cas_server_ca_cert_path);
phpCAS::handleLogoutRequests();
phpCAS::forceAuthentication();
if (isset($_REQUEST['logout'])) {
phpCAS::logout();
}
include 'webapp.php';
?>`
from phpcas.
There is a big difference from a HTTPS certificate working in your browser (with populated trusted certificate authorities) and the certificate being accepted as "trusted" by the java library on the CAS server itself. It's not uncommon for a trust store file of a java installation to be empty....
Ask your CAS admin to check if he sees a connection denied or similar entry in the CAS server logs. Without specific ssl debugging enabled any un-trusted certificate shows up as a connection error.
I have also seen many cases were CAS servers were behind load balancers and could not initiate any outgoing TCP connections or routing/DNS was not working fully. Ask your CAS admin to use any commandline web clients to connect your application (wget, curl...)
You can also use wireshark or any network monitoring to check if any connection is established on your end. If the SSL handshake fails it will not even register in your webserver or phpCAS logs but it would be visible in the network data.
from phpcas.
Thank you very much.
I'll see with the admin then.
from phpcas.
So, I contacted the adminstrator of the CAS server, and the only thing he told me was that he's seeing a logout request sent by the CAS server (image in attachment). And he asked me to see if I received that request on my server.
Not really knowing what I was doing, I did a tcpdump listening to port 443 and I see indeed the logging into my app, and also a request with a F flag when I logout of the CAS server.
Don't know if it is of any help, neither what I'm really supposed to do now...
from phpcas.
Have you checked the debug log of phpCAS? I typically just "tail -f" the debug log and than issue a logout... You can then follow the trace what phpCAS is doing with any incoming request.
If you cannot see anything in the logs the issue is outside of phpCAS....
I can only recommend that you start debugging issues like this with our simple examples to avoid to much complexity. If the session handling is not done by phpCAS itself a logout will only work if configure a custom callback handler to do whatever magic is needed in your application phpCAS::setSingleSignoutCallback()
from phpcas.
Issue has been resolved. Here's what I did :
Using SSLLabs I've tested the SSL certificate. The result was an "Incomplete Certificate". Apparently browser can overcome this issue, but it wasn't the case of the CAS server (or Curl, or Python).
I had to complete the apache ssl.conf file with the SSLCertificateChainFile option.
That being done, I could send a secure POST request with curl and python. But the logout function still wasn't working.
The phpCAS logout file showed that now the logout request was received but the server sending it was different than the one responsible for the login, so I had to add it in the phpCAS::handleLogoutRequest options.
And now, finally, it all works.
Thank you very much for all your help jfritschi (and indeed, as you stated at the beginning, it was a SSL issue) !
from phpcas.
Glad you figured it out!
from phpcas.
Related Issues (20)
- No ability to disable displaying errors directly into the response. HOT 2
- Differentiate ErrorException from GracefullTerminationException HOT 1
- deprecation warning in php 8.1.2 HOT 2
- time for new release? HOT 3
- Is there a way to use phpCAS within a Symfony API REST? HOT 1
- Endless Loop, ticket not found HOT 5
- Autoload.php should not emit a composer-preferred warning HOT 3
- Version 1.6.0 is a breaking upgrade and is not compatible with older versions HOT 7
- jasig/phpcas package should be abandoned in favor of apereo/phpcas HOT 9
- login with 1.6.0 wrong redirection HOT 2
- Non-empty $_SESSION array disrupts page caching techniques
- DOMDocument::loadXML(): Argument #1 ($source) must not be empty HOT 2
- phpCAS relies on curl being available HOT 1
- Alternate URL for logout requests HOT 4
- GracefullTerminationException : warning with PHP 8.0 HOT 3
- renewAuthentication doesn't force renew if user already authenticated
- Issue with User Attribute Retrieval in phpCAS Versions Beyond 1.3.8 HOT 1
- Any plans on upgrading to PHP 8.0 or above ? HOT 2
- Firefox stalls on redirect to CAS HOT 1
- E_DEPRECATED messages when running against PHP 8.4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from phpcas.