No PGT/PGTiou transmitted after the validating ST process with CAS Server

[thangnguyennang]

I have another issue related to validating PGT/PGTiou process between CAS server and client.

After the validating PT process between CAS server and client, CAS client says that: "Authentication failure: Ticket validated but no PGT Iou transmitted"

Due to the shown error logs, I found that CAS server may not trust CAS client via SSL [1] or CAS server is simply not delivering the PGT/PGTiou in either the xml answer or in a callback [2].

@hoangclinh please investigate my issue and support me solve the problem.

[1] http://jasig.275507.n4.nabble.com/https-via-Nginx-says-Bad-response-from-server-td2316576.html [2] https://github.com/jasig/phpcas/issues/19

Thanks in advance.

[thangnguyennang]

@hoangclinh I have some key log information in phpCAS's debug mode: 63BD .| | | PT `ST-17-7X7OXNrEHn1pJ6ie04wi-ecoit.asia' was validated [Client.php:1095] 63BD .| | | => CAS_Client::validatePGT('https://cas.openroad.vn:8443/cas/proxyValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-17-7X7OXNrEHn1pJ6ie04wi-ecoit.asia&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:userobm/cas:user /cas:authenticationSuccess/cas:serviceResponse', DOMElement) [Client.php:1097] 63BD .| | | | not found [Client.php:2096] 63BD .| | | | => CAS_Client::authError('Ticket validated but no PGT Iou transmitted', 'https://cas.openroad.vn:8443/cas/proxyValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-17-7X7OXNrEHn1pJ6ie04wi-ecoit.asia&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback', false, false, '<cas:serviceResponse xmlns:cas=\'http://www.yale.edu/tp/cas\'> cas:authenticationSuccess cas:userobm/cas:user /cas:authenticationSuccess/cas:serviceResponse') [Client.php:2102] 63BD .| | | | | => CAS_Client::getURL() [Client.php:3014] 63BD .| | | | | <= 'https://mailobm.openroad.vn/webmail/?_action=caslogin' 63BD .| | | | | CAS URL: https://cas.openroad.vn:8443/cas/proxyValidate?service=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dcaslogin&ticket=ST-17-7X7OXNrEHn1pJ6ie04wi-ecoit.asia&pgtUrl=https%3A%2F%2Fmailobm.openroad.vn%2Fwebmail%2F%3F_action%3Dpgtcallback [Client.php:3015] 63BD .| | | | | Authentication failure: Ticket validated but no PGT Iou transmitted [Client.php:3016]

I can send you a full log file. Please notify me if you need it. Thanks.

[thangnguyennang]

Important Notes

• Roundcube's plugin uses a CAS Proxy Ticket for SMTP authentication (assume OBM's Server can authenticate CAS PTs), so CAS Server have to transmit PGTs to CAS client after validating STs successfully with CAS client
• FYI: https://github.com/dfwarden/Roundcube-CAS-Authn

[hoangclinh]

Hi @thangnguyennang , I have tested and TGT have created. Please use firefox to login https://cas.openroad.vn:8443/cas , after login succesfull, please view page info, you will see TGT have been created.