cas server problem

[nianqing99]

i want to enable the caso with my own server which not in git、twitter、meteor... i got some problems with other service .

can anyone give me some advice?

[engelgabriel]

What CAS versions and softwares do you use?

[nianqing99]

@engelgabriel hi,the cas version is 1.0,and softwares is the lastest version. i git clone the repo and build it myself .

meteor build --server https://demo.rocket.chat --directory /your/build/location

[konsumate]

@qweqweq What is the content of the server logfiles? Could you enable debugging in Settings and reproduce the error? What CAS service software are you using in combination with RocketChat?

[nianqing99]

@corecachee server logfiles i don't remember ,i am not in company now and we have a long holiday in china called Natoinal Day. 7 days later,i will send you the error messages and the CAS service software when i return . thanks a lot. :smile:

[nianqing99]

@corecache hi ,CAS service software is the

we use 3.5.x version not 4.2.x

and i want to combination with Rocket.chat .but i can't.

[konsumate]

There are multiple CAS service softwares. Which one do you use? What is the name of the product/software?

Please attach way more details to your help requests. We really can't help you with so little details.

[nianqing99]

oh sorry ,the link address not copied.the link is https://www.apereo.org/projects/cas we use 3.5.x version

[nianqing99]

@corecache hi i can't find where the cas.valide function defined. could you tell me how it works? code as follows. ../../packages/rocketchat-cas/cas_server.js

      cas.validate(ticketId, function(err, status, username) {
    if (err) {
        logger.error('error when trying to validate ' + err.message);
    } else if (status) {
        logger.info('Validated user: ' + username);
        _casCredentialTokens[token] = { id: username };
    } else {
        logger.error('Unable to validate ticket: ' + ticketId);
    }

    callback();
});`

[konsumate]

It is beeing imported from an external module called "CAS". What are you trying to do?

[nianqing99]

@corecache ,yeah,i want to know how does cas.validate() work when i got the ticket. When I debug this code, I found I was unable to follow up this process 'CAS.VALIDATE()'. So I want to know how this approach is defined and how it is to verificate by ticketId.

[konsumate]

It's all described in the Jasig CAS procol versions on the Jasig website. Here is an example diagram from Ruby Cas: https://rubycas.github.io/images/basic_cas_single_signon_mechanism_diagram.png

[konsumate]

The actual code behind the imported CAS module is to be found here: https://github.com/kcbanner/node-cas/blob/master/lib/cas.js#L363

[nianqing99]

@corecache ok,thanks bro. :smile:

[nianqing99]

@corecache hi ,I appeared in the fifth step when the ticket is verified according to issues, returns no data, the picture is described when debugging problems.

[konsumate]

1. Have you whitelisted your service with the CAS service to allow non-HTTPS?
2. Your screenshot says you are using version 0.42 develop, but the code I see is from earlier versions or you have replaced it yourself with some debugging stuff. I can not reproduce the bug in the current version when you are using some completely different code base which is unknown to us.

[nianqing99]

@corecache thanks a lot ,i will check it.

[nianqing99]

@corecache hi bro ,i have update my code with version 0.42 develop.and i got a error message like this.

[konsumate]

Thats SSL/HTTPS related. Are you perhaps using self-signed certificates? or have not yet imported your internal company CA for your current service?

[nianqing99]

oh yeah,i have not imported my company CA.thank you very much @corecache :+1:

[konsumate]

So this solved your problem?

[nianqing99]

actually, i don't know how to import my company CA. i have ask my workmate for some help,and i have not receive any suggests. Do i need to change the code about cas-server.js like this?

[konsumate]

You don't need to change code to import CA's.

[nianqing99]

@corecache actually , i don't know how to fix it with this error.

[konsumate]

Sorry mate, can't held your hand through all this stuff.

Here is a similiar issue and probably a temporary solution for your certificate issue: #919

[nianqing99]

thank you very much @corecache

[anvay452]

@qweqweq , hi , i am having same issue , did you find any solution ?

[allenzhang5208]

@qweqweq Hi， i am having same issue yet, did you find any soltion? If you find a solution, please let me know，thanks！

[Xqua]

Hi,

We are using a valid let's encrypt certificate, yet we are seeing this message I have tried to add the NODE_TLS_REJECT_UNAUTHORIZED=0 but it does not work.

[Xqua]

Actually I just solved this problem !

So, the issue was that we are using LetsEncrypt to generate our certificates ! And you HAVE TO use the fullchain.pem and not the cert.pem !

So if anyone above was using letsecnrypt that is the issue, if not, then the issue comes from the fact that nodeJS tries to validate your certificate, if this certificate is not issued by a valid CA you have to make it a FullChain so that it gets validated !

Voila !