eGroupware 1.8 and CAS - infinite loop redirection error

karl32 2013-01-14 11:49:15 UTC #1

Hi,

im trying to casifying egroupware but without success.
Authentication cookies: yes
Mode: PHPclient
SSL Authentication: No
phpCAS-1.3.2

When i go to login page i have “infinite loop redirection error”. Debug log phpcas contains:

BBC9 .START phpCAS-1.3.2 ****************** [CAS.php:450]
BBC9 .=> phpCAS::client(‘2.0’, ‘demo.server.cz’, 8443, ‘/cas-web’) [login.php:71]
BBC9 .| => CAS_Client::__construct(‘2.0’, false, ‘demo.server.cz’, 8443, ‘/cas-web’, true) [CAS.php:347]
BBC9 .| | Starting a new session [Client.php:792]
BBC9 .| | Ticket ‘ST-953-dtVCDxb5O9btrsrDp3d9-cas’ found [Client.php:870]
BBC9 .| <= ''
BBC9 .<= ''
BBC9 .=> phpCAS::setNoCasServerValidation() [login.php:87]
BBC9 .| You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1669]
BBC9 .<= '‘
BBC9 .=> phpCAS::forceAuthentication() [login.php:90]
BBC9 .| => CAS_Client::forceAuthentication() [CAS.php:1101]
BBC9 .| | => CAS_Client::isAuthenticated() [Client.php:1083]
BBC9 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1189]
BBC9 .| | | | no user found [Client.php:1375]
BBC9 .| | | <= false
BBC9 .| | | CAS 2.0 ticket ST-953-dtVCDxb5O9btrsrDp3d9-cas' is present [Client.php:1223] BBC9 .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1224] BBC9 .| | | | [Client.php:2747] BBC9 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:2753] BBC9 .| | | | | => CAS_Client::getURL() [Client.php:417] BBC9 .| | | | | | Final URI: https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php [Client.php:3071] BBC9 .| | | | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php' BBC9 .| | | | <= 'https://demo.server.cz:8443/cas-web/serviceValidate?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%252Fhome%252Findex.php' BBC9 .| | | | => CAS_Client::_readURL('https://demo.server.cz:8443/cas-web/serviceValidate?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%252Fhome%252Findex.php&ticket=ST-953-dtVCDxb5O9btrsrDp3d9-cas', NULL, NULL, NULL) [Client.php:2762] BBC9 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:220] BBC9 .| | | | | | Response Body: BBC9 .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> BBC9 .| | | | | | <cas:authenticationSuccess> BBC9 .| | | | | | <cas:user>jaluvka</cas:user> BBC9 .| | | | | | BBC9 .| | | | | | BBC9 .| | | | | | </cas:authenticationSuccess> BBC9 .| | | | | | </cas:serviceResponse> BBC9 .| | | | | | [CurlRequest.php:82] BBC9 .| | | | | <= true BBC9 .| | | | <= true BBC9 .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:2813] BBC9 .| | | | | Testing for rubycas style attributes [Client.php:2923] BBC9 .| | | | <= '' BBC9 .| | | | Storing Proxy List [Client.php:2822] BBC9 .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:2825] BBC9 .| | | | | No proxies were found in the response [AllowedList.php:81] BBC9 .| | | | <= true BBC9 .| | | | => CAS_Client::_renameSession('ST-953-dtVCDxb5O9btrsrDp3d9-cas') [Client.php:2856] BBC9 .| | | | | Session ID: ST-953-dtVCDxb5O9btrsrDp3d9-cas [Client.php:3180] BBC9 .| | | | | Restoring old session vars [Client.php:3183] BBC9 .| | | | <= '' BBC9 .| | | <= true BBC9 .| | | CAS 2.0 ticketST-953-dtVCDxb5O9btrsrDp3d9-cas’ was validated [Client.php:1225]
BBC9 .| | | => CAS_Client::getURL() [Client.php:1279]
BBC9 .| | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
BBC9 .| | | Prepare redirect to : https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php [Client.php:1279]
BBC9 .| | | => CAS_Client::getURL() [Client.php:1280]
BBC9 .| | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
BBC9 .| | | exit()
BBC9 .| | | -
BBC9 .| | -
BBC9 .| -
1426 .START phpCAS-1.3.2 ****************** [CAS.php:450]
1426 .=> phpCAS::client(‘2.0’, ‘demo.server.cz’, 8443, ‘/cas-web’) [login.php:71]
1426 .| => CAS_Client::__construct(‘2.0’, false, ‘demo.server.cz’, 8443, ‘/cas-web’, true) [CAS.php:347]
1426 .| | Starting a new session [Client.php:792]
1426 .| <= ''
1426 .<= ''
1426 .=> phpCAS::setNoCasServerValidation() [login.php:87]
1426 .| You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1669]
1426 .<= ''
1426 .=> phpCAS::forceAuthentication() [login.php:90]
1426 .| => CAS_Client::forceAuthentication() [CAS.php:1101]
1426 .| | => CAS_Client::isAuthenticated() [Client.php:1083]
1426 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1189]
1426 .| | | | no user found [Client.php:1375]
1426 .| | | <= false
1426 .| | | no ticket found [Client.php:1258]
1426 .| | <= false
1426 .| | => CAS_Client::redirectToCas(false) [Client.php:1092]
1426 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1396]
1426 .| | | | => CAS_Client::getURL() [Client.php:328]
1426 .| | | | | Final URI: https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php [Client.php:3071]
1426 .| | | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
1426 .| | | <= 'https://demo.server.cz:8443/cas-web/login?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%2Fhome%2Findex.php’
1426 .| | | Redirect to : https://demo.server.cz:8443/cas-web/login?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%2Fhome%2Findex.php [Client.php:1402]
1426 .| | | exit()

Log from CAS Server: without error, only information about succesfully granted tickets:

2013-01-14 11:41:13,085 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-953-dtVCDxb5O9btrsrDp3d9-cas] for service [https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php] for user [jaluvka]>
2013-01-14 11:41:13,484 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-954-0Y1f7rof6QoximI9dg9z-cas] for service [https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php] for user [jaluvka]>

Please, what im doing wrong?

Thanks for your help

Karel

karl32 2013-01-14 13:58:24 UTC #2

Next try with registered service https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php on CAS server

Authentication cookies: yes
Mode: PHPproxy
SSL Authentication: Yes
phpCAS-1.3.2

same effect - infinite loop redirection error

PHPCas log:

7DDE .START phpCAS-1.3.2 ****************** [CAS.php:450]
7DDE .=> phpCAS::proxy(‘2.0’, ‘demo.server.cz’, 8443, ‘/cas-web’) [login.php:64]
7DDE .| => CAS_Client::__construct(‘2.0’, true, ‘demo.server.cz’, 8443, ‘/cas-web’, true) [CAS.php:399]
7DDE .| | Starting a new session [Client.php:792]
7DDE .| <= ''
7DDE .<= ‘‘
7DDE .=> phpCAS::setCasServerCACert(’/etc/ssl/certs/apache.crt’) [login.php:82]
7DDE .<= '‘
7DDE .=> phpCAS::forceAuthentication() [login.php:90]
7DDE .| => CAS_Client::forceAuthentication() [CAS.php:1101]
7DDE .| | => CAS_Client::isAuthenticated() [Client.php:1083]
7DDE .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1189]
7DDE .| | | | => CAS_Client::_callback() [Client.php:1319]
7DDE .| | | | | Storing PGT TGT-45-NpdIji6iu3Cz2e3HLO77gAXS9WEp9gxz0wLYLpifmJtNiOeqQH-cas' (id=PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas’) [Client.php:2075]
7DDE .| | | | | => CAS_PGTStorage_File::__construct(CAS_Client, ‘’) [Client.php:2223]
7DDE .| | | | | | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
7DDE .| | | | | | <= ''
7DDE .| | | | | <= ''
7DDE .| | | | | => CAS_PGTStorage_File::init() [Client.php:2130]
7DDE .| | | | | <= ''
7DDE .| | | | | => CAS_PGTStorage_File::write(‘TGT-45-NpdIji6iu3Cz2e3HLO77gAXS9WEp9gxz0wLYLpifmJtNiOeqQH-cas’, ‘PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas’) [Client.php:2146]
7DDE .| | | | | | => CAS_PGTStorage_File::getPGTIouFilename(‘PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas’) [File.php:202]
7DDE .| | | | | | <= ‘/var/lib/php5/PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas.plain’
7DDE .| | | | | | Successful write of PGT to /var/lib/php5/PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas.plain' [File.php:211] 7DDE .| | | | | <= '' 7DDE .| | | | | exit() 7DDE .| | | | | - 7DDE .| | | | - 7DDE .| | | - 7DDE .| | - 7DDE .| - 14AA .| | | | | | Response Body: 14AA .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> 14AA .| | | | | | <cas:authenticationSuccess> 14AA .| | | | | | <cas:user>balac</cas:user> 14AA .| | | | | | 14AA .| | | | | | <cas:proxyGrantingTicket>PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas</cas:proxyGrantingTicket> 14AA .| | | | | | 14AA .| | | | | | 14AA .| | | | | | </cas:authenticationSuccess> 14AA .| | | | | | </cas:serviceResponse> 14AA .| | | | | | [CurlRequest.php:82] 14AA .| | | | | <= true 14AA .| | | | <= true 14AA .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:2813] 14AA .| | | | | Testing for rubycas style attributes [Client.php:2923] 14AA .| | | | <= '' 14AA .| | | | Storing Proxy List [Client.php:2822] 14AA .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:2825] 14AA .| | | | | No proxies were found in the response [AllowedList.php:81] 14AA .| | | | <= true 14AA .| | | | => CAS_Client::_renameSession('ST-60-yNcZPfezre3Qa6j5seae-cas') [Client.php:2856] 14AA .| | | | | Session ID: ST-60-yNcZPfezre3Qa6j5seae-cas [Client.php:3180] 14AA .| | | | | Restoring old session vars [Client.php:3183] 14AA .| | | | <= '' 14AA .| | | <= true 14AA .| | | CAS 2.0 ticketST-60-yNcZPfezre3Qa6j5seae-cas’ was validated [Client.php:1225]
14AA .| | | => CAS_Client::_validatePGT(‘https://demo.server.cz:8443/cas-web/serviceValidate?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%2Fhome%2Findex.php&ticket=ST-60-yNcZPfezre3Qa6j5seae-cas&pgtUrl=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php’, ‘<cas:serviceResponse xmlns:cas=‘http://www.yale.edu/tp/cas’> cas:authenticationSuccess cas:userbalac</cas:user> cas:proxyGrantingTicketPGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas</cas:proxyGrantingTicket> </cas:authenticationSuccess></cas:serviceResponse>’, DOMElement) [Client.php:1227]
14AA .| | | | => CAS_PGTStorage_File::__construct(CAS_Client, ‘’) [Client.php:2223]
14AA .| | | | | => CAS_PGTStorage_AbstractStorage::__construct(CAS_Client) [File.php:119]
14AA .| | | | | <= ''
14AA .| | | | <= ''
14AA .| | | | => CAS_PGTStorage_File::init() [Client.php:2130]
14AA .| | | | <= ''
14AA .| | | | => CAS_PGTStorage_File::read(‘PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas’) [Client.php:2162]
14AA .| | | | | => CAS_PGTStorage_File::getPGTIouFilename(‘PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas’) [File.php:236]
14AA .| | | | | <= ‘/var/lib/php5/PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas.plain’
14AA .| | | | | Successful read of PGT to /var/lib/php5/PGTIOU-38-Sz6YWJWrS4hkqq4DXtF7-cas.plain' [File.php:244] 14AA .| | | | <= 'TGT-45-NpdIji6iu3Cz2e3HLO77gAXS9WEp9gxz0wLYLpifmJtNiOeqQH-cas' 14AA .| | | <= true 14AA .| | | PGTTGT-45-NpdIji6iu3Cz2e3HLO77gAXS9WEp9gxz0wLYLpifmJtNiOeqQH-cas’ was validated [Client.php:1228]
14AA .| | | => CAS_Client::getURL() [Client.php:1279]
14AA .| | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
14AA .| | | Prepare redirect to : https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php [Client.php:1279]
14AA .| | | => CAS_Client::getURL() [Client.php:1280]
14AA .| | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
14AA .| | | exit()
14AA .| | | -
14AA .| | -
14AA .| -
45BB .START phpCAS-1.3.2 ****************** [CAS.php:450]
45BB .=> phpCAS::proxy(‘2.0’, ‘demo.server.cz’, 8443, ‘/cas-web’) [login.php:64]
45BB .| => CAS_Client::__construct(‘2.0’, true, ‘demo.server.cz’, 8443, ‘/cas-web’, true) [CAS.php:399]
45BB .| | Starting a new session [Client.php:792]
45BB .| <= ''
45BB .<= ‘‘
45BB .=> phpCAS::setCasServerCACert(’/etc/ssl/certs/apache.crt’) [login.php:82]
45BB .<= ''
45BB .=> phpCAS::forceAuthentication() [login.php:90]
45BB .| => CAS_Client::forceAuthentication() [CAS.php:1101]
45BB .| | => CAS_Client::isAuthenticated() [Client.php:1083]
45BB .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1189]
45BB .| | | | neither user nor PGT found [Client.php:1355]
45BB .| | | <= false
45BB .| | | no ticket found [Client.php:1258]
45BB .| | <= false
45BB .| | => CAS_Client::redirectToCas(false) [Client.php:1092]
45BB .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1396]
45BB .| | | | => CAS_Client::getURL() [Client.php:328]
45BB .| | | | | Final URI: https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php [Client.php:3071]
45BB .| | | | <= 'https://demo.server.cz/egroupware/login.php?phpgw_forward=%2Fhome%2Findex.php’
45BB .| | | <= 'https://demo.server.cz:8443/cas-web/login?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%2Fhome%2Findex.php’
45BB .| | | Redirect to : https://demo.server.cz:8443/cas-web/login?service=https%3A%2F%2Fdemo.server.cz%2Fegroupware%2Flogin.php%3Fphpgw_forward%3D%2Fhome%2Findex.php [Client.php:1402]
45BB .| | | exit()

Someone please help