cmbnl2121

Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Forum: Plugins
    In reply to: [Authorizer] Cas authentication redirect to logout page
    cmbnl2121

    (@cmbnl2121)

    5 years, 1 month ago

    Thanks for pointing me in the right direction. I’ve managed to find a solution suitable for local development.

    First I enabled logging by un-commenting this line:
    https://github.com/uhm-coe/authorizer/blob/6a4848030c45a34ad33376c288191d10d6673e0a/src/authorizer/class-authentication.php#L780

    Reading through the logs reveals that it’s phpCAS related. The request here:
    https://github.com/apereo/phpCAS/blob/master/source/CAS/Client.php#L3042
    fails with (CURL error #60: SSL certificate problem: self signed certificate).

    My CAS is running on localhost with a self signed certificate.
    After exporting my certificate on https://localhost:8445/cas and appending it to wp-includes/certificates/ca-bundle.crt, everything works as expected.

    For production I’ll use a real certificate ofcourse.

    The log:

    6751 .START (2021-04-29 11:06:01) phpCAS-1.3.8 ****************** [CAS.php:475]
6751 .=> phpCAS::forceAuthentication() [class-authentication.php:781]
6751 .|    => CAS_Client::forceAuthentication() [CAS.php:1120]
6751 .|    |    => CAS_Client::isAuthenticated() [Client.php:1286]
6751 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1398]
6751 .|    |    |    |    no user found [Client.php:1640]
6751 .|    |    |    <= false
6751 .|    |    |    CAS 3.0 ticket
ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu' is present [Client.php:1451]
6751 .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1454]
6751 .|    |    |    |     [Client.php:3216]
6751 .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3222]
6751 .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
6751 .|    |    |    |    |    <= 'http://127.0.0.1:8080/wordpress/wp-login.php?external=cas'
6751 .|    |    |    |    <= 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas'
6751 .|    |    |    |    => CAS_Client::_readURL('https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu', NULL, NULL, NULL) [Client.php:3237]
6751 .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
6751 .|    |    |    |    |    |    CURL: Set CURLOPT_CAINFO /home/bjz/wordpress-5.7-2/apps/wordpress/htdocs/wp-includes/certificates/ca-bundle.crt [CurlRequest.php:129]
6751 .|    |    |    |    |    |    curl_exec() failed [CurlRequest.php:77]
6751 .|    |    |    |    |    <= false
6751 .|    |    |    |    <= false
6751 .|    |    |    |    could not open URL 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu' to validate (CURL error #60: SSL certificate problem: self signed certificate) [Client.php:3239]
6751 .|    |    |    |    => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu', true) [Client.php:3243]
6751 .|    |    |    |    |    => CAS_Client::getURL() [AuthenticationException.php:77]
6751 .|    |    |    |    |    <= 'http://127.0.0.1:8080/wordpress/wp-login.php?external=cas'
6751 .|    |    |    |    |    CAS URL: https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu [AuthenticationException.php:80]
6751 .|    |    |    |    |    Authentication failure: Ticket not validated [AuthenticationException.php:81]
6751 .|    |    |    |    |    Reason: no response from the CAS server [AuthenticationException.php:83]
6751 .|    |    |    |    |    exit()
6751 .|    |    |    |    |    -
6751 .|    |    |    |    -
6751 .|    |    |    -
6751 .|    |    -
6751 .|    -
6751 .=> phpCAS::logoutWithRedirectService('http://127.0.0.1:8080/wordpress/wp-login.php') [class-authentication.php:790]
6751 .|    => CAS_Client::logout(array (  'service' => 'http://127.0.0.1:8080/wordpress/wp-login.php',)) [CAS.php:1491]
6751 .|    |    Prepare redirect to : https://localhost:8445/cas/logout?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php [Client.php:1701]
6751 .|    |    Destroying session : otkcqgo5e69ok6d0ufor0lmnj5 [Client.php:1703]
6751 .|    |    Session terminated [Client.php:1707]
6751 .|    |    exit()
6751 .|    |    -
6751 .|    -
    • This reply was modified 5 years, 1 month ago by cmbnl2121. Reason: add code block
    • This reply was modified 5 years, 1 month ago by Yui.
    Forum: Plugins
    In reply to: [Authorizer] Cas authentication redirect to logout page
    cmbnl2121

    (@cmbnl2121)

    5 years, 1 month ago

    I ran into the same issue.

    When WordPress redirects you to CAS, it sets the current URL as the service parameter. CAS uses this URL to redirect you back to WordPress. For example when you login you get redirected to:

    https://cas.example.com/cas/login?service=your-domain/wp-login.php?external=cas

    After authentication, CAS redirects you back to WordPress. However the redirect makes you visit /wp-login.php again, which causes a logout.

    I solved it by specifying a redirect URL line to my config in the CAS JSON Service Registry:

    {
  @class: org.apereo.cas.services.RegexRegisteredService
  // name, description, etc
  redirectUrl: http://my-domain.com // note the lack of /wp-login.php here
}
    • This reply was modified 5 years, 1 month ago by cmbnl2121.
    • This reply was modified 5 years, 1 month ago by cmbnl2121.
Viewing 2 replies - 1 through 2 (of 2 total)