Too Many redirects - Githubissues

moaazhomaid commented 6 years ago

Hi there, sorry for post this issue, may i don't have enough experience with phpCAS. but i got too many redirects after trying to connect my web service with CAS server ver 4

using this configuration:

/**
@ file     config.php
@ category Authentication
@ package  PhpCAS
@ author   Joachim Fritschi <jfritschi@freenet.de>
@ author   Adam Franco <afranco@middlebury.edu>
@ license  http://www.apache.org/licenses/LICENSE-2.0  Apache License 2.0
@ link     https://wiki.jasig.org/display/CASC/phpCAS
 **/

$phpcas_path = 'vendors/CAS-1.3.5';
// Full Hostname of your CAS Server
$cas_host = 'sso.mycasserver.com';
// Context of the CAS Server
$cas_context = '/cas';
// Port of your CAS server. Normally for a https server it's 443
$cas_port = 443;
// Path to the ca chain that issued the cas server certificate
$cas_server_ca_cert_path = 'user/home/mywebsite/ssl/certs/mysslcert.crt';

// The "real" hosts of clustered cas server that send SAML logout messages
// Assumes the cas server is load balanced across multiple hosts
$cas_real_hosts = array('mycasserver.com');
// $cas_real_hosts = array('aas-cas-01.mycasserver.com', 'aas-cas-02.mycasserver.com');

// Client config for cookie hardening
$client_domain = 'mywebsite.com';
$client_path = 'phpcas';
$client_secure = true;
$client_httpOnly = true;
$client_lifetime = 0;

///////////////////////////////////////////
// End Configuration -- Don't edit below //
///////////////////////////////////////////

// Generating the URLS for the local cas example services for proxy testing
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    $curbase = 'https://' . $_SERVER['SERVER_NAME'];
 } else {
    $curbase = 'http://' . $_SERVER['SERVER_NAME'];
 }
 if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
    $curbase .= ':' . $_SERVER['SERVER_PORT'];
}

$curdir = dirname($_SERVER['REQUEST_URI']) . "/?_app=dashboard&";

// CAS client nodes for rebroadcasting pgtIou/pgtId and logoutRequest
$rebroadcast_node_1 = 'https://mycasserver.com/logout';
$rebroadcast_node_2 = 'http://mywebsite.com/?_app=logout';

// access to a single service
$serviceUrl = $curbase . $curdir . '?_app=dashboard';
// access to a second service
$serviceUrl2 = $curbase . $curdir . '?_app=dashboard';

$pgtBase = preg_quote(preg_replace('/^http:/', 'https:', $curbase . $curdir), '/');
$pgtUrlRegexp = '/^' . $pgtBase . '.*$/';

$cas_url = 'https://' . $cas_host;
if ($cas_port != '443') {
    $cas_url = $cas_url . ':' . $cas_port;
}
$cas_url = $cas_url . $cas_context;

// Set the session-name to be unique to the current script so that the client script
// doesn't share its session with a proxied script.
// This is just useful when running the example code, but not normally.
session_name(
    'session_for:'
    . preg_replace('/[^a-z0-9-]/i', '_', basename($_SERVER['SCRIPT_NAME']))
);
// Set an UTF-8 encoding header for internation characters (User attributes)
// header('Content-Type: text/html; charset=utf-8');

my Login Page :

this page has already included CAS library and config file

   phpCAS::client(CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context);
    phpCAS::setNoCasServerValidation();
    // force CAS authentication
    phpCAS::forceAuthentication();
    // at this step, the user has been authenticated by the CAS server
    // and the user's login name can be read with phpCAS::getUser().
    // logout if desired
    if (isset($_REQUEST['logout'])) {
        phpCAS::logout();
    }
    $cas_attr = phpCAS::getAttributes();
    $cas_ver = phpCAS::getVersion();
    $cas_usr = phpCAS::getUser();
    echo "CAS v.".$cas_ver.", CAS  Attributes: ".$cas_attr.", CAS User: ".$cas_usr;

but i got nothing print from those variables $cas_ver, $cas_attr, $cas_usr !

this is phpCAS log debug :

5A46 .START (2018-05-24 00:27:54) phpCAS-1.3.5+ ****************** [CAS.php:468]
5A46 .=> phpCAS::client('3.0', 'sso.mycasserver.com', 443, '/cas') [login.php:59]
5A46 .|    => CAS_Client::__construct('3.0', false, 'sso.mycasserver.com', 443, '/cas', true) [CAS.php:360]
5A46 .|    |    Session is not authenticated [Client.php:938]
5A46 .|    |    Ticket 'ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' found [Client.php:1020]
5A46 .|    <= ''
5A46 .<= ''
5A46 .=> phpCAS::setNoCasServerValidation() [login.php:60]
5A46 .|    You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1644]
5A46 .<= ''
5A46 .=> phpCAS::checkAuthentication() [login.php:79]
5A46 .|    => CAS_Client::checkAuthentication() [CAS.php:1078]
5A46 .|    |    => CAS_Client::isAuthenticated() [Client.php:1331]
5A46 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
5A46 .|    |    |    |    no user found [Client.php:1639]
5A46 .|    |    |    <= false
5A46 .|    |    |    CAS 3.0 ticket `ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' is present [Client.php:1447]
5A46 .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1450]
5A46 .|    |    |    |     [Client.php:3174]
5A46 .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3181]
5A46 .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
5A46 .|    |    |    |    |    |    Final URI: https://mywebsite.com/?_app=login [Client.php:3553]
5A46 .|    |    |    |    |    <= 'https://mywebsite.com/?_app=login'
5A46 .|    |    |    |    <= 'https://sso.mycasserver.com/cas/p3/serviceValidate?service=https%3A%2F%2Fmywebsite.com%2F%3F_app%3Dlogin'
5A46 .|    |    |    |    => CAS_Client::_readURL('https://sso.mycasserver.com/cas/p3/serviceValidate?service=https%3A%2F%2Fmywebsite.com%2F%3F_app%3Dlogin&ticket=ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com', NULL, NULL, NULL) [Client.php:3196]
5A46 .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
5A46 .|    |    |    |    |    |    Response Body: 
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |    <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
5A46 .|    |    |    |    |    |        <cas:authenticationSuccess>
5A46 .|    |    |    |    |    |            <cas:user>falrabei</cas:user>
5A46 .|    |    |    |    |    |            
5A46 .|    |    |    |    |    |            
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |            
5A46 .|    |    |    |    |    |                <cas:attributes>
5A46 .|    |    |    |    |    |                    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                            <cas:authenticationDate>2018-05-23T16:35:32.424+03:00</cas:authenticationDate>
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                            <cas:isFromNewLogin>true</cas:isFromNewLogin>
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                    
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                            <cas:longTermAuthenticationRequestTokenUsed>false</cas:longTermAuthenticationRequestTokenUsed>
5A46 .|    |    |    |    |    |                        
5A46 .|    |    |    |    |    |                    
5A46 .|    |    |    |    |    |                </cas:attributes>
5A46 .|    |    |    |    |    |            
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |        </cas:authenticationSuccess>
5A46 .|    |    |    |    |    |    </cas:serviceResponse>
5A46 .|    |    |    |    |    |    
5A46 .|    |    |    |    |    |     [CurlRequest.php:84]
5A46 .|    |    |    |    |    <= true
5A46 .|    |    |    |    <= true
5A46 .|    |    |    |    => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3266]
5A46 .|    |    |    |    |    Found nested jasig style attributes [Client.php:3350]
5A46 .|    |    |    |    |    Attribute [authenticationDate] = 2018-05-23T16:35:32.424+03:00 [Client.php:3357]
5A46 .|    |    |    |    |    Attribute [isFromNewLogin] = true [Client.php:3357]
5A46 .|    |    |    |    |    Attribute [longTermAuthenticationRequestTokenUsed] = false [Client.php:3357]
5A46 .|    |    |    |    <= ''
5A46 .|    |    |    |    Storing Proxy List [Client.php:3275]
5A46 .|    |    |    |    => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3278]
5A46 .|    |    |    |    |    No proxies were found in the response [AllowedList.php:81]
5A46 .|    |    |    |    <= true
5A46 .|    |    |    |    => CAS_Client::_renameSession('ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com') [Client.php:3298]
5A46 .|    |    |    |    |    Killing session: a1hg6vnqoj9pgtsmbt457h0ie3 [Client.php:3687]
5A46 .|    |    |    |    |    Starting session: 50707b5d12ecfb29a92af7fec3037f0a1835dc57929802a9b16213b2bfcf52bd [Client.php:3691]
5A46 .|    |    |    |    |    Restoring old session vars [Client.php:3694]
5A46 .|    |    |    |    <= ''
5A46 .|    |    |    <= true
5A46 .|    |    |    CAS 3.0 ticket `ST-900807-tF3DgZomSEMOcHAQKlDA-aas-cas-01.mycasserver.com' was validated [Client.php:1453]
5A46 .|    |    |    => CAS_Client::getURL() [Client.php:1518]
5A46 .|    |    |    <= 'https://mywebsite.com/?_app=login'
5A46 .|    |    |    Prepare redirect to : https://mywebsite.com/?_app=login [Client.php:1518]
5A46 .|    |    |    => CAS_Client::getURL() [Client.php:1524]
5A46 .|    |    |    <= 'https://mywebsite.com/?_app=login'
5A46 .|    |    |    exit()
5A46 .|    |    |    -
5A46 .|    |    -
5A46 .|    -

after success cas login the web page https://mywebsite.com/?_app=login stop in loop redirects my phpCAS is ver 1.3.5 @ mywebsite.com my CAS server ver 4 @ sso.mycasserver.com any help please, thanks for that.

adamfranco commented 6 years ago

Generally a "too many redirects" error is caused by broken session-handling on the application side. It may be that your application server isn't able to store session data. Another common cause is that the application is managing the session id, but phpCAS is also configured to manage the session-id (the last boolean argument to phpCAS::client()).

To verify the authentication process, please try one of the simple example scripts at: https://github.com/apereo/phpCAS/blob/master/docs/examples/example_simple.php

If you are able to get the example authenticating, but not the application, then it is likely an issue in the application's session handling.

moaazhomaid commented 6 years ago

@adamfranco thanks for replay I 'll try to troubleshooting by debugging the procedures after take the session-id from server response.

jfritschi commented 5 years ago

No activity for 6 month

apereo / phpCAS

Too Many redirects #263

my Login Page :

this is phpCAS log debug :