authenticationFailure with proxy callback

[habib-halaoui]

Hi , I can authenticate using simple cas auth, but the auth with proxy doesn't work. I have this issue {"body":"{\"serviceResponse\":{\"authenticationFailure\":{\"code\":\"INVALID_PROXY_CALLBACK\",\"description\":\"The supplied proxy callback url 'https:\/\/localhost:8001\/cas\/proxy\/callback' could not be authenticated. Either 'https:\/\/localhost:8001\/cas\/proxy\/callback' cannot be reached, it is not allowed to exercise proxy authentication.\"}}}"} Path of service:

• https://heroku-cas-server.herokuapp.com/cas/login?service=https%3A%2F%2Flocalhost%3A8001%2F%3Frenew%3Dtrue

[drupol]

Hi,

If you read carefully the error message, it's explained.

Basically it says that the server heroku-cas-server.herokuapp.com must contact your application at localhost... but your localhost is not the localhost of the CAS server. Which is obvious.

This is why it fails.

Before wanting to enable proxy authentication, you must ask yourself:

• Do I need it?
• Why do I need it?

Closing the issue, feel free to re-open if you think I haven't fully replied to your question.

[habib-halaoui]

Hi, thank you for response, i just create a dns for my localhost to buid cas bundle demo, but i have the same error the log : [2021-10-25T14:30:20.907630+02:00] app.DEBUG: Building service response redirection to https://heroku-cas-server.herokuapp.com/cas/login?service=https%3A%2F%2Fsymfonycas.wip%2F%3Frenew%3Dtrue. {"url":"https://heroku-cas-server.herokuapp.com/cas/login?service=https%3A%2F%2Fsymfonycas.wip%2F%3Frenew%3Dtrue"} [] [2021-10-25T14:30:24.512977+02:00] request.INFO: Matched route "homepage". {"route":"homepage","route_parameters":{"_route":"homepage","_controller":"App\Controller\Page\PageController::indexAction"},"request_uri":"https://symfonycas.wip/?renew=true&ticket=ST-2-PpsIzm9YETj90m0a10YfWTglibU-456f3934-44c9-4bca-8068-cead2e09e537","method":"GET"} [] [2021-10-25T14:30:24.517367+02:00] php.INFO: User Deprecated: Since symfony/security-http 5.1: The "Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface" interface is deprecated, create a listener for the "Symfony\Component\Security\Http\Event\LogoutEvent" event instead. {"exception":"[object] (ErrorException(code: 0): User Deprecated: Since symfony/security-http 5.1: The \"Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface\" interface is deprecated, create a listener for the \"Symfony\Component\Security\Http\Event\LogoutEvent\" event instead. at C:\HABIB\doc-habib\projects\cas-bundle-demo\vendor\symfony\security-http\Logout\LogoutSuccessHandlerInterface.php:18)"} [] [2021-10-25T14:30:24.545616+02:00] security.DEBUG: Checking for guard authentication credentials. {"firewall_key":"default","authenticators":1} [] [2021-10-25T14:30:24.545789+02:00] security.DEBUG: Checking support on guard authenticator. {"firewall_key":"default","authenticator":"EcPhp\CasBundle\Security\CasGuardAuthenticator"} [] [2021-10-25T14:30:24.547288+02:00] security.DEBUG: Calling getCredentials() on guard authenticator. {"firewall_key":"default","authenticator":"EcPhp\CasBundle\Security\CasGuardAuthenticator"} [] [2021-10-25T14:30:24.555288+02:00] http_client.INFO: Request: "GET https://heroku-cas-server.herokuapp.com/cas/p3/proxyValidate?ticket=ST-2-PpsIzm9YETj90m0a10YfWTglibU-456f3934-44c9-4bca-8068-cead2e09e537&foo=bar&format=JSON&pgtUrl=https%3A%2F%2Fsymfonycas.wip%2Fcas%2Fproxy%2Fcallback&service=https%3A%2F%2Fsymfonycas.wip%2F%3Frenew%3Dtrue&renew=true" [] [] [2021-10-25T14:30:24.709832+02:00] http_client.INFO: Response: "200 https://heroku-cas-server.herokuapp.com/cas/p3/proxyValidate?ticket=ST-2-PpsIzm9YETj90m0a10YfWTglibU-456f3934-44c9-4bca-8068-cead2e09e537&foo=bar&format=JSON&pgtUrl=https%3A%2F%2Fsymfonycas.wip%2Fcas%2Fproxy%2Fcallback&service=https%3A%2F%2Fsymfonycas.wip%2F%3Frenew%3Dtrue&renew=true" [] [] [2021-10-25T14:30:24.717351+02:00] app.DEBUG: Response normalization succeeded. {"body":"{\"serviceResponse\":{\"authenticationFailure\":{\"code\":\"INVALID_PROXY_CALLBACK\",\"description\":\"The supplied proxy callback url 'https:\/\/symfonycas.wip\/cas\/proxy\/callback' could not be authenticated. Either 'https:\/\/symfonycas.wip\/cas\/proxy\/callback' cannot be reached, it is not allowed to exercise proxy authentication.\"}}}"} [] [2021-10-25T14:30:24.720508+02:00] app.ERROR: Service validation failed. {"response":"{\"serviceResponse\":{\"authenticationFailure\":{\"code\":\"INVALID_PROXY_CALLBACK\",\"description\":\"The supplied proxy callback url 'https:\/\/symfonycas.wip\/cas\/proxy\/callback' could not be authenticated. Either 'https:\/\/symfonycas.wip\/cas\/proxy\/callback' cannot be reached, it is not allowed to exercise proxy authentication.\"}}}"} [] [2021-10-25T14:30:24.720845+02:00] app.ERROR: Unable to authenticate the user. [] []

I have two applications A using Symfony and B using reactjs and the both uses Cas for authentication. authentication is successful in both applications, but the problem of calling web services remains from application A. I found that it is necessary to set up a proxy server to be able to communicate the application B to the application A. it's recommedned to use proxy authentication ? Regards,