search

glpi-project / glpi

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing.
https://glpi-project.org
GNU General Public License v3.0
4.24k stars 1.29k forks source link

[GLPI 9.5.5] CAS error in CalDav export #9788

Closed ASLLR closed 2 years ago

ASLLR commented 3 years ago

Code of Conduct

Is there an existing issue for this?

Version

9.5.5

Bug description

Hi everyone,

i would like to export my GLPI calendar on Zimbra, but first i test download the calendar in navigator and i can't. It seem this is because CAS SSO enabled on my instance.

SabreDav don't take the ticket genrated by my CAS SERVER (lemonldapng) and do not recover the initial ticket from my GLPI auth to allow me download the calendar.

Thank in advance

Relevant log output

FF62 .START (2021-10-28 15:02:27) phpCAS-1.3.6 ****************** [CAS.php:468]
FF62 .=> phpCAS::forceAuthentication() [auth.class.php:489]
FF62 .|    => CAS_Client::forceAuthentication() [CAS.php:1098]
FF62 .|    |    => CAS_Client::isAuthenticated() [Client.php:1280]
FF62 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
FF62 .|    |    |    |    no user found [Client.php:1635]
FF62 .|    |    |    <= false
FF62 .|    |    |    no ticket found [Client.php:1494]
FF62 .|    |    <= false
FF62 .|    |    => CAS_Client::redirectToCas(false) [Client.php:1289]
FF62 .|    |    |    => CAS_Client::getServerLoginURL(false, false) [Client.php:1656]
FF62 .|    |    |    |    => CAS_Client::getURL() [Client.php:342]
FF62 .|    |    |    |    |    Final URI: https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar [Client.php:3548]
FF62 .|    |    |    |    <= 'https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar'
FF62 .|    |    |    <= 'https://SERVER-CAS/cas/login?service=https%3A%2F%2FSERVER-GLPI%2Fcaldav.php%2Fcalendars%2Fusers%2FUSER%2Fcalendar'
FF62 .|    |    |    Redirect to : https://SERVER-CAS/cas/login?service=https%3A%2F%2FSERVER-GLPI%2Fcaldav.php%2Fcalendars%2Fusers%2FUSER%2Fcalendar [Client.php:1663]
FF62 .|    |    |    exit()
FF62 .|    |    |    -
FF62 .|    |    -
FF62 .|    -
7E05 .START (2021-10-28 15:02:27) phpCAS-1.3.6 ****************** [CAS.php:468]
7E05 .=> phpCAS::forceAuthentication() [auth.class.php:489]
7E05 .|    => CAS_Client::forceAuthentication() [CAS.php:1098]
7E05 .|    |    => CAS_Client::isAuthenticated() [Client.php:1280]
7E05 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
7E05 .|    |    |    |    no user found [Client.php:1635]
7E05 .|    |    |    <= false
7E05 .|    |    |    CAS 3.0 ticket `ST-57bb5e029b24b2abc47a7304208d3b37c00980c375f8cde8f34b89c2457e0ae0' is present [Client.php:1446]
7E05 .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1449]
7E05 .|    |    |    |     [Client.php:3169]
7E05 .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3176]
7E05 .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
7E05 .|    |    |    |    |    |    Final URI: https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar [Client.php:3548]
7E05 .|    |    |    |    |    <= 'https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar'
7E05 .|    |    |    |    <= 'https://SERVER-CAS/cas/p3/serviceValidate?service=https%3A%2F%2FSERVER-GLPI%2Fcaldav.php%2Fcalendars%2Fusers%2FUSER%2Fcalendar'
7E05 .|    |    |    |    => CAS_Client::_readURL('https://SERVER-CAS/cas/p3/serviceValidate?service=https%3A%2F%2FSERVER-GLPI%2Fcaldav.php%2Fcalendars%2Fusers%2FUSER%2Fcalendar&ticket=ST-57bb5e029b24b2abc47a7304208d3b37c00980c375f8cde8f34b89c2457e0ae0', NULL,  NULL, NULL) [Client.php:3191]
7E05 .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
7E05 .|    |    |    |    |    |    Response Body:
7E05 .|    |    |    |    |    |    <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
7E05 .|    |    |    |    |    |        <cas:authenticationSuccess>
7E05 .|    |    |    |    |    |                <cas:user>USER@MAIL.COM</cas:user>
7E05 .|    |    |    |    |    |                <cas:attributes>
7E05 .|    |    |    |    |    |                        <cas:entryUUID>aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa</cas:entryUUID>
7E05 .|    |    |    |    |    |                        <cas:displayName>USER USER</cas:displayName>
7E05 .|    |    |    |    |    |                        <cas:uid>USER NAME</cas:uid>
7E05 .|    |    |    |    |    |                        <cas:sn>USER SURNAME</cas:sn>
7E05 .|    |    |    |    |    |                        <cas:entryDN>uid=USER,ou=,dc=,dc=</cas:entryDN>
7E05 .|    |    |    |    |    |                        <cas:employeeNumber>XXXX</cas:employeeNumber>
7E05 .|    |    |    |    |    |                </cas:attributes>
7E05 .|    |    |    |    |    |        </cas:authenticationSuccess>
7E05 .|    |    |    |    |    |    </cas:serviceResponse>
7E05 .|    |    |    |    |    |
7E05 .|    |    |    |    |    |     [CurlRequest.php:84]
7E05 .|    |    |    |    |    <= true
7E05 .|    |    |    |    <= true
7E05 .|    |    |    |    => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3261]
7E05 .|    |    |    |    |    Found nested jasig style attributes [Client.php:3345]
7E05 .|    |    |    |    |    Attribute [entryUUID] = 552af1aa-58e1-103b-83be-a5a97370e0e3 [Client.php:3351]
7E05 .|    |    |    |    |    Attribute [displayName] = USER USER [Client.php:3351]
7E05 .|    |    |    |    |    Attribute [uid] = USER NAME [Client.php:3351]
7E05 .|    |    |    |    |    Attribute [sn] = USER SURNAME[Client.php:3351]
7E05 .|    |    |    |    |    Attribute [entryDN] = uid=USER,ou=,dc=,dc= [Client.php:3351]
7E05 .|    |    |    |    |    Attribute [employeeNumber] = XXXX [Client.php:3351]
7E05 .|    |    |    |    <= ''
7E05 .|    |    |    |    => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3273]
7E05 .|    |    |    |    |    No proxies were found in the response [AllowedList.php:81]
7E05 .|    |    |    |    <= true
7E05 .|    |    |    |    => CAS_Client::_renameSession('ST-57bb5e029b24b2abc47a7304208d3b37c00980c375f8cde8f34b89c2457e0ae0') [Client.php:3293]
7E05 .|    |    |    |    |    Skipping session rename since phpCAS is not handling the session. [Client.php:3698]
7E05 .|    |    |    |    <= ''
7E05 .|    |    |    <= true
7E05 .|    |    |    CAS 3.0 ticket `ST-57bb5e029b24b2abc47a7304208d3b37c00980c375f8cde8f34b89c2457e0ae0' was validated [Client.php:1452]
7E05 .|    |    |    => CAS_Client::getURL() [Client.php:1518]
7E05 .|    |    |    <= 'https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar'
7E05 .|    |    |    Prepare redirect to : https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar [Client.php:1518]
7E05 .|    |    |    => CAS_Client::getURL() [Client.php:1520]
7E05 .|    |    |    <= 'https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar'
7E05 .|    |    |    exit()
7E05 .|    |    |    -
7E05 .|    |    -
7E05 .|    -

And it loop, again and again and finaly navigator crash with error "many rewrite rule"

Page URL

https://SERVER-GLPI/caldav.php/calendars/users/USER/calendar

Steps To reproduce

  1. Have SSO activated on GLPI instance
  2. Go to Assistance -> Planning
  3. On your planning clic on the right arrow and select "Copy CalDAV URL to clipboard"
  4. Go on naviagtor and paste the link
  5. A popup for auth appear (and it shouldn't), set username\passwords
  6. Error page in navigator say 'too many redirection' from my SSO server and after from my GLPI server 2
  7. clic on "retry"
  8. Have apache2 error "XML parsing error: incomprehensible data after document element" [...] "CAS Authentication failed!" 1

Your GLPI setup information

No response

Anything else?

No response

github-actions[bot] commented 2 years ago

There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.

If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website.

You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.

cedric-anne commented 2 years ago

See #11091