phpCAS :: isAuthenticated在登录不同的服务后返回false

时间:2014-03-12 15:59:22

标签: spring-security single-sign-on cas phpcas

I've configured the CAS login page so that it accepts the username and password as GET parameters如果提供了这些,则会自动提交登录表单。这看起来在从网站进行身份验证时甚至没有触及CAS登录页面。

网站正在使用phpCAS版本1.3.2与CAS进行通信。如果我直接通过表单登录,它按预期工作:浏览器从CAS正确重定向回来,isAuthenticated()返回true。但是,如果我事先登录到其他服务,isAuthenticated()将返回false。如果我没弄错,这是因为如果auth很好,我必须用CAS进行实际检查,因此我也试过checkAuthentication(),但是我得到以下错误:

[error] [client 192.168.12.120] PHP Fatal error:  Uncaught exception 'CAS_AuthenticationException' in /home/dev/www/CAS-1.3.2/CAS/Client.php:2248
Stack trace:
#0 /home/dev/www/CAS-1.3.2/CAS/Client.php(1227): CAS_Client->_validatePGT('https://192.168...', '????<cas:servic...', Object(DOMElement))
#1 /home/dev/www/CAS-1.3.2/CAS/Client.php(1131): CAS_Client->isAuthenticated()
#2 /home/dev/www/CAS-1.3.2/CAS.php(1078): CAS_Client->checkAuthentication()
#3 /home/dev/www/redir.php(39): phpCAS::checkAuthentication()
#4 {main}
thrown in /home/dev/www/CAS-1.3.2/CAS/Client.php on line 2248, referer: https://192.168.10.144:8181/cas/login?username=myUser&password=testpassword&auto=true&service=https%3A%2F%2F192.168.12.120%2Fredir.php

CAS server log

phpCAS debug log

PHP代码:

<?php

function pageURL() {
    $PROTOCOL = "http";
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
        $PROTOCOL = "https";
    }
    $url = "$PROTOCOL://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
    $url = strtok($url, '?');
    return $url;
}

// Configuration
$phpcas_path = "CAS-1.3.2";

$cas_host = "192.168.10.144";
$cas_port = 8181;
$cas_context = "/cas";

// Load the CAS lib
require_once $phpcas_path . "/CAS.php";

// Enable debugging
phpCAS::setDebug ();

// Initialize phpCAS
phpCAS::proxy ( CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context );

phpCAS::setNoCasServerValidation ();

// check CAS authentication
$auth = phpCAS::checkAuthentication();

// logout if desired
if (isset ( $_REQUEST ['logout'] )) {
    phpCAS::logout ();
}

$serviceUrl = "https://192.168.10.144:8181/accessrights/";
?>

<html>
<head>
<title>CAS form login</title>
</head>
<body>

<?php if ($auth) { 
    phpCAS::serviceWeb($serviceUrl, $err_code, $accessrights); 
?>

    <p>Hello <strong><?php echo phpCAS::getUser(); ?></strong>! You have been authenticated with CAS. Your access rights are: <?php echo $accessrights; ?></p> 

<?php } else { ?>

<h3>User login</h3>
<div>Enter your username and password here in order to log in on the website:</div>
<!-- ###LOGIN_FORM### -->
<form method="GET" action="https://192.168.10.144:8181/cas/">
    <p>Username : <input type="text" name="username" /></p>
    <p>Password : <input type="password" name="password" /></p>
    <p>Remember me : <input type="checkbox" name="rememberMe" value="true" /></p>
    <p><input type="submit" value="Login !" /></p>
    <input type="hidden" name="auto" value="true" />
    <input type="hidden" name="service" value="<?php echo pageURL(); ?>" />
</form>
<!-- ###LOGIN_FORM### -->

<?php } ?>

</body>
</html>

我看到checkAuthentication()无法检索代理授予故障单,但我不知道原因。有任何想法吗?我还有一个forceAuthentication()页面,它完美无瑕。

1 个答案:

答案 0 :(得分:1)

根据您服务器的日志,CAS正试图通过&#34; https://xxx.xx.xx.xx/redir.php&#34;回复您的应用程序。但他遇到了SSL问题&#34; TicketCreationException:error.authentication.credentials.bad&#34;

相关问题
最新问题