Cederman
commented
10 years ago I second this issue when trying to initiate a proxy client.
Closed dxi1 closed 10 years ago
Cederman
commented
10 years ago I second this issue when trying to initiate a proxy client.
dxi1
commented
10 years ago More info: IIS 7.5, phpCAS 1.3.2, PHP 5.4.14. It happens 1 in 100 or 1 in 1000 times. Can't find the patten, and don't know how to reproduce it myself. It is pretty annoying to those errors. Googled a little bit, and somewhere mentioned index: SERVER_ADMIN shouldn't be on Windows (or IIS? not quite sure)
Cederman
commented
10 years ago I still have problems with this, I'm on the master branch and trying to implement CAS with a proxy authentication. I get this error after authenticating with the CAS server (login screen).
This is my application error: [2014-05-29 20:14:40] production.ERROR: exception 'ErrorException' with message 'Undefined index: SERVER_ADMIN' in /var/www/xxx/releases/20140516110628/vendor/jasig/phpcas/source/CAS/AuthenticationException.php:77 Stack trace:
The cas log shows the following:
411E .START phpCAS-1.3.2+ ****** [CAS.php:450]
411E .=> phpCAS::proxy('2.0', 'xxx', 443, '') [CASController.php:28]
411E .| => CAS_Client::__construct('2.0', true, 'xxx', 443, '', true) [CAS.php:399]
411E .| | Starting a new session [Client.php:808]
411E .| | Ticket 'ST-200385-xrlCwG2LK6DEDAXikCyb-login01' found [Client.php:890]
411E .| <= ''
411E .<= ''
411E .=> phpCAS::setFixedCallbackURL('cas/proxyCallback') [CASController.php:31]
411E .<= ''
411E .=> phpCAS::setCasServerCACert('/etc/nginx/ssl/server.crt') [CASController.php:35]
411E .<= ''
411E .=> phpCAS::forceAuthentication() [CASController.php:43]
411E .| => CAS_Client::forceAuthentication() [CAS.php:1101]
411E .| | => CAS_Client::isAuthenticated() [Client.php:1106]
411E .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1214]
411E .| | | | neither user nor PGT found [Client.php:1426]
411E .| | | <= false
411E .| | | CAS 2.0 ticket ST-200385-xrlCwG2LK6DEDAXikCyb-login01' is present [Client.php:1262] 411E .| | | => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1265] 411E .| | | | [Client.php:2882] 411E .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:2889] 411E .| | | | | => CAS_Client::getURL() [Client.php:421] 411E .| | | | | | Final URI: https://xxx.se/cas [Client.php:3243] 411E .| | | | | <= 'https://xxx.se/cas' 411E .| | | | <= 'https://xxx/serviceValidate?service=https%3A%2F%2Fxxx.se%2Fca$ 411E .| | | | => CAS_Client::_readURL('https://xxx/serviceValidate?service=https%3A%2F$ 411E .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 411E .| | | | | | CURL: Set CURLOPT_CAINFO /etc/nginx/ssl/server.crt [CurlRequest.php:129] 411E .| | | | | | Response Body: 411E .| | | | | | 411E .| | | | | | 411E .| | | | | | 411E .| | | | | | 411E .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp$ 411E .| | | | | | <cas:authenticationSuccess> 411E .| | | | | | <cas:user>u1cjw3vu</cas:user> 411E .| | | | | | 411E .| | | | | | 411E .| | | | | | </cas:authenticationSuccess> 411E .| | | | | | </cas:serviceResponse> 411E .| | | | | | [CurlRequest.php:84] 411E .| | | | | <= true 411E .| | | | <= true 411E .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.ph$ 411E .| | | | | Testing for rubycas style attributes [Client.php:3075] 411E .| | | | <= '' 411E .| | | | Storing Proxy List [Client.php:2966] 411E .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Cli$ 411E .| | | | | No proxies were found in the response [AllowedList.php:81] 411E .| | | | <= true 411E .| | | | => CAS_Client::_renameSession('ST-200385-xrlCwG2LK6DEDAXikCyb-lo$ 411E .| | | | | Session ID: ST-200385-xrlCwG2LK6DEDAXikCyb-login01 [Client.$ 411E .| | | | | Restoring old session vars [Client.php:3361] 411E .| | | | <= '' 411E .| | | <= true 411E .| | | CAS 2.0 ticketST-200385-xrlCwG2LK6DEDAXikCyb-login01' was validated$
411E .| | | => CAS_Client::_validatePGT('https://xxx/serviceValidate?ser$
411E .| | | |
arianf
commented
10 years ago This issue occurs on a nginx server, and not on apache... Undefined $_SERVER['SERVER_ADMIN'] error is popping up because it is only defined on apache.
arianf
commented
10 years ago I am receiving this error once I switched over from apache to nginx:
I am using phpCAS 1.3.2 using server https://cas.myschool.edu/cas/ (CAS 2.0)
Fatal error: Uncaught exception 'CAS_AuthenticationException' in /home/sites/main/public/CAS/Client.php:2765
Stack trace:
#0 /home/sites/main/public/CAS/Client.php(1224): CAS_Client->validateCAS20('https://cas.mys...', '', NULL)
#1 /home/sites/main/public/CAS/Client.php(1083): CAS_Client->;isAuthenticated()
#2 /home/sites/main/public/CAS.php(1101): CAS_Client->;forceAuthentication()
#3 /home/sites/main/public/auth.php(39): phpCAS::forceAuthentication()
#4 /home/sites/main/public/attendance/access.php(4): require_once('/home/sites/mai...')
#5 /home/sites/main/public/attendance/index.php(70): require_once('/home/sites/mai...')
#6 {main}
thrown in <b>/home/sites/main/public/CAS/Client.php</b> on line <b>2765</b><br />Wit hthe second part of the exception. I figured out what was going on! But I hope this might help someone in the future.
phpCAS::setCasServerCACert($cas_server_ca_cert_path); <-- Problem here
The $cas_server_ca_cert_path wasn't set up properly.
Cederman
commented
10 years ago Oh. Hadn't figured that out. But what is it supposed to do? Can you ignore it somehow?
Cederman
commented
10 years ago And regarding the ca cert path. How was it set up wrong? Just the wrong path?
arianf
commented
10 years ago For the undefined index, I submitted a pull request that will solve that notice:
It will check to see if $_SERVER['SERVER_ADMIN'] is set before returning the value. If it is not set it will return an empty string.
See the request for more detail: https://github.com/Jasig/phpCAS/pull/121
As for the $cas_server_ca_cert_path, that was my mistake, I recently migrated our server from
Windows XAMPP (Apache on Windows) to RedHat LEMP (Nginx on Linux).
But I forgot to update the $cas_server_ca_cert_path variable. It was still set to the windows directory (i don't know if that is the same problem that was listed above)
// Path to the ca chain that issued the cas server certificate
$cas_server_ca_cert_path = 'c:\\cert/cacert.pem'; // it was still using a C:\\ directory from windows
jfritschi
commented
10 years ago Fix was merged into master
dxi1
commented
10 years ago Just downloaded phpCAS 1.3.3 and tested, the error still exists. Checked the AuthenticationException.php, the line is there. Is there somewhere else can throw this error?
My environment is Windows 7, IIS 7.5 and php 5.4.14
jfritschi
commented
10 years ago I have commited another fix for a similar issue. Please retest with master.
dxi1
commented
10 years ago I used build 1.3.3, and in Client.php, I changed line 3638 from
$_SERVER['SERVER_ADMIN']
to
isset($_SERVER['SERVER_ADMIN']) ? $_SERVER['SERVER_ADMIN']:''
However, the error still exists. Not sure if there are any other places with variables to get the session value? Looks like only 2 files expressly containing $_SERVER['SERVER_ADMIN'] : Client.php and AuthenticationException.php.
Ternary operator seems correct to me though.
By the way, where to download the master? from SVN?
dxi1
commented
10 years ago Very weired thing is, the error does not happen every time for authentication. It may come out 1 in 100 times (not accurate though, just roughly)
jfritschi
commented
10 years ago Can you please share a phpCAS debug log?
2014-09-02 16:13 GMT+02:00 dxi1 notifications@github.com:
Very weired thing is, the error does not happen every time for authentication. It may come out 1 in 100 times (not accurate though, just roughly)
— Reply to this email directly or view it on GitHub https://github.com/Jasig/phpCAS/issues/103#issuecomment-54157103.
dxi1
commented
10 years ago Hi jfritshi,
Looks like the old error message doesn't appear so I assume that error (about SERVER_ADMIN) is fixed. However, the phpCAS:forceAuthentication() still get crash once a day or two. phpCAS debugging log doesn't have the time stamp. It also impossible to find out the log for crash from huge log file.
Did more digging, and found: The session ID usually should look like this after phpCAS client is initiated: ST-244884-uN4OWqKzd0pcOyeTCE79-cas
But once a while, the session ID looks like below, and phpCAS:forceAuthentication() also gets crashed: c0rjhpihos39mk1hts5pbc84m2
I try to catch the exception message, but it is empty.
Any idea why session ID looks different sometimes? and why different session ID causes phpCAS:forceAuthentication() to crash?
phpCAS 1.3.2. Looks working. PHP 5.4.14. on phpCAS.log, Once a while, there are these errors in pair:
[21-Nov-2013 22:36:24 America/New_York] PHP Notice: Undefined index: SERVER_ADMIN in C:\inetpub\wwwroot\CAS\AuthenticationException.php on line 77 [21-Nov-2013 22:36:24 America/New_York] PHP Fatal error: Uncaught exception 'CAS_AuthenticationException' in C:\inetpub\wwwroot\CAS\Client.php:2839 Stack trace:
0 C:\inetpub\wwwroot\CAS\Client.php(1224): CAS_Client->validateCAS20('https://uwinid....', '<cas:serviceRes...', Object(DOMElement))
1 C:\inetpub\wwwroot\CAS.php(1151): CAS_Client->isAuthenticated()
2 C:\inetpub\wwwroot\auth.php(53): phpCAS::isAuthenticated()
3 {main}
thrown in C:\inetpub\wwwroot\CAS\Client.php on line 2839