SSO CAS is not working while returning back from CAS Server

[chandan115]

SSO CAS was working fine before ubuntu security patch update. Once I update the ubuntu security patch, it is not working. Getting issue while returning back from CAS Server.

Getting below error: \n Ticket 'ST-231187-6FE0JcCRd4viAFOKts5-p3XWaVH15QFwSNdE7NSwOMXdlMR8PL3tUlNBlgnXlPmCepbCpGGUIbDglJa2-cas.stetson.edu' not recognized</cas:authenticationFailure>\n</cas:serviceResponse>\n in /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php:3278\nStack trace:\n#0 /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php(1454): CAS_Client->validateCAS20()\n#1 /var/www/html/vendor/jasig/phpcas/ in /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php on line 3278,

[jfritschi]

Please enable the phpcas debug log and review the detailed trace. This should give you some more info what is wrong.

https://apereo.atlassian.net/wiki/spaces/CASC/pages/103252650/phpCAS+troubleshooting#phpCAStroubleshooting-I'mhavingtroublegettingphpCAStowork

You can also post the debug here (please remove any sensitve info) and we can help...

Confluence

[chandan115]

@jfritschi This is what I am getting

PHP Fatal error: Uncaught CAS_AuthenticationException: CAS URL: https://cas.xyz.edu/cas/serviceValidate?service=https%3A%2F%2Fabc.com%2FSSO%2Fcas.php%2F605f8112&ticket=ST-231187-6FE0JcCRd4viAFOKts5-p3XWaVH15QFwSNdE7NSwOMXdlMR8PL3tUlNBlgnXlPmCepbCpGGUIbDglJa2-cas.xyz.edu\nAuthentication failure: Ticket not validated\nReason: [INVALID_TICKET] CAS error: Ticket 'ST-231187-6FE0JcCRd4viAFOKts5-p3XWaVH15QFwSNdE7NSwOMXdlMR8PL3tUlNBlgnXlPmCepbCpGGUIbDglJa2-cas.xyz.edu' not recognized\nCAS response: \n Ticket 'ST-231187-6FE0JcCRd4viAFOKts5-p3XWaVH15QFwSNdE7NSwOMXdlMR8PL3tUlNBlgnXlPmCepbCpGGUIbDglJa2-cas.xyz.edu' not recognized</cas:authenticationFailure>\n</cas:serviceResponse>\n in /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php:3278\nStack trace:\n#0 /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php(1454): CAS_Client->validateCAS20()\n#1 /var/www/html/vendor/jasig/phpcas/ in /var/www/html/vendor/jasig/phpcas/source/CAS/Client.php on line 3278, referer: https://abc.com/

ABC

ABC Home Page - ABC.com

Watch the ABC Shows online at abc.com. Get exclusive videos and free episodes.

[jfritschi]

Your ST ticket is deemed invalid by the server. This may be many things:

• Mismatch of the services URLs (User authentication vs ticket authorization) - check debug log for a different URL. This may be related to URL rewrites, http/https switch or load balancers etc.
• You can check the CAS server side why this request fails. The CAS server log should have some info
• Try a simple example to exclude any issues with the code

[gboddin]

Please also be advised that the ticket shared in your original question might be valid despite implementation error (eg trailing domain name in the ticket).

It would be safe to warn your CAS team about a private ticket gone public, just in case.

[jfritschi]

@gboddin ST Tickets normally have something like 10s expiration... Should not be an issue.

https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties.html#service-tickets-behavior

CAS Properties

CAS - Enterprise Single Sign-On for the Web

[phy25]

Closing the issue due to no response. If you need further help please post more information and reopen the issue.