Error when coming back from CAS server to Redmine application

[lublasco]

Hi,

we have installed the plugin to be able to authenticate users against a CAS server. The user clicks on the "login with CAS" button, goes correctly to the CAS authentication, authenticates but after that the response from Redmine is an error:

this is production.log

`Started GET "/redmine2/auth/cas?origin=https%3A%2F%2Fwww-[customerIP].es%2Fredmine2%2F" for 10.166.68.8 at 2022-01-18 09:25:38 +0100 Started GET "/redmine2/auth/cas/callback?origin=https%3A%2F%2Fwww-[customerIP].es%2Fredmine2%2F&ticket=ST-639-59ncpzKg4JK0u070sRPe-linosa2-pre" for 10.166.68.8 at 2022-01-18 09:25:38 +0100

Net::OpenTimeout (execution expired):

/usr/lib64/ruby/2.5.0/net/http.rb:937:in initialize' /usr/lib64/ruby/2.5.0/net/http.rb:937:inopen' /usr/lib64/ruby/2.5.0/net/http.rb:937:in block in connect' /usr/lib64/ruby/2.5.0/timeout.rb:103:intimeout' /usr/lib64/ruby/2.5.0/net/http.rb:935:in connect' /usr/lib64/ruby/2.5.0/net/http.rb:920:indo_start' /usr/lib64/ruby/2.5.0/net/http.rb:909:in start' omniauth-cas (1.1.1) lib/omniauth/strategies/cas/service_ticket_validator.rb:94:inget_service_response_body' omniauth-cas (1.1.1) lib/omniauth/strategies/cas/service_ticket_validator.rb:24:in call' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:186:invalidate_service_ticket' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:192:in fetch_raw_info' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:84:incallback_phase' omniauth (1.9.1) lib/omniauth/strategy.rb:238:in callback_call' omniauth (1.9.1) lib/omniauth/strategy.rb:189:incall!' omniauth (1.9.1) lib/omniauth/strategy.rb:169:in call' omniauth (1.9.1) lib/omniauth/builder.rb:45:incall' rack-openid (1.4.2) lib/rack/openid.rb:98:in call' rack (2.2.3) lib/rack/tempfile_reaper.rb:15:incall' rack (2.2.3) lib/rack/etag.rb:27:in call' rack (2.2.3) lib/rack/conditional_get.rb:27:incall' rack (2.2.3) lib/rack/head.rb:12:in call' actionpack (5.2.5) lib/action_dispatch/http/content_security_policy.rb:18:incall' rack (2.2.3) lib/rack/session/abstract/id.rb:266:in context' rack (2.2.3) lib/rack/session/abstract/id.rb:260:incall' actionpack (5.2.5) lib/action_dispatch/middleware/cookies.rb:670:in call' actionpack (5.2.5) lib/action_dispatch/middleware/callbacks.rb:28:inblock in call' activesupport (5.2.5) lib/active_support/callbacks.rb:98:in run_callbacks' actionpack (5.2.5) lib/action_dispatch/middleware/callbacks.rb:26:incall' actionpack (5.2.5) lib/action_dispatch/middleware/debug_exceptions.rb:61:in call' actionpack (5.2.5) lib/action_dispatch/middleware/show_exceptions.rb:33:incall' railties (5.2.5) lib/rails/rack/logger.rb:38:in call_app' railties (5.2.5) lib/rails/rack/logger.rb:26:inblock in call' activesupport (5.2.5) lib/active_support/tagged_logging.rb:71:in block in tagged' activesupport (5.2.5) lib/active_support/tagged_logging.rb:28:intagged' activesupport (5.2.5) lib/active_support/tagged_logging.rb:71:in tagged' railties (5.2.5) lib/rails/rack/logger.rb:26:incall' actionpack (5.2.5) lib/action_dispatch/middleware/remote_ip.rb:81:in call' request_store (1.4.1) lib/request_store/middleware.rb:19:incall' actionpack (5.2.5) lib/action_dispatch/middleware/request_id.rb:27:in call' rack (2.2.3) lib/rack/method_override.rb:24:incall' rack (2.2.3) lib/rack/runtime.rb:22:in call' activesupport (5.2.5) lib/active_support/cache/strategy/local_cache_middleware.rb:29:incall' actionpack (5.2.5) lib/action_dispatch/middleware/executor.rb:14:in call' actionpack (5.2.5) lib/action_dispatch/middleware/static.rb:127:incall' rack (2.2.3) lib/rack/sendfile.rb:110:in call' rack (2.2.3) lib/rack/content_length.rb:17:incall' railties (5.2.5) lib/rails/engine.rb:524:in call' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:107:inprocess_request' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:149:in accept_and_process_next_request' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:110:inmain_loop' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in block (3 levels) in start_threads' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/utils.rb:113:inblock in create_thread_and_abort_on_exception'

Net::OpenTimeout (execution expired):

/usr/lib64/ruby/2.5.0/net/http.rb:937:in initialize' /usr/lib64/ruby/2.5.0/net/http.rb:937:inopen' /usr/lib64/ruby/2.5.0/net/http.rb:937:in block in connect' /usr/lib64/ruby/2.5.0/timeout.rb:103:intimeout' /usr/lib64/ruby/2.5.0/net/http.rb:935:in connect' /usr/lib64/ruby/2.5.0/net/http.rb:920:indo_start' /usr/lib64/ruby/2.5.0/net/http.rb:909:in start' omniauth-cas (1.1.1) lib/omniauth/strategies/cas/service_ticket_validator.rb:94:inget_service_response_body' omniauth-cas (1.1.1) lib/omniauth/strategies/cas/service_ticket_validator.rb:24:in call' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:186:invalidate_service_ticket' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:192:in fetch_raw_info' omniauth-cas (1.1.1) lib/omniauth/strategies/cas.rb:84:incallback_phase' omniauth (1.9.1) lib/omniauth/strategy.rb:238:in callback_call' omniauth (1.9.1) lib/omniauth/strategy.rb:189:incall!' omniauth (1.9.1) lib/omniauth/strategy.rb:169:in call' omniauth (1.9.1) lib/omniauth/builder.rb:45:incall' rack-openid (1.4.2) lib/rack/openid.rb:98:in call' rack (2.2.3) lib/rack/tempfile_reaper.rb:15:incall' rack (2.2.3) lib/rack/etag.rb:27:in call' rack (2.2.3) lib/rack/conditional_get.rb:27:incall' rack (2.2.3) lib/rack/head.rb:12:in call' actionpack (5.2.5) lib/action_dispatch/http/content_security_policy.rb:18:incall' rack (2.2.3) lib/rack/session/abstract/id.rb:266:in context' rack (2.2.3) lib/rack/session/abstract/id.rb:260:incall' actionpack (5.2.5) lib/action_dispatch/middleware/cookies.rb:670:in call' actionpack (5.2.5) lib/action_dispatch/middleware/callbacks.rb:28:inblock in call' activesupport (5.2.5) lib/active_support/callbacks.rb:98:in run_callbacks' actionpack (5.2.5) lib/action_dispatch/middleware/callbacks.rb:26:incall' actionpack (5.2.5) lib/action_dispatch/middleware/debug_exceptions.rb:61:in call' actionpack (5.2.5) lib/action_dispatch/middleware/show_exceptions.rb:33:incall' railties (5.2.5) lib/rails/rack/logger.rb:38:in call_app' railties (5.2.5) lib/rails/rack/logger.rb:26:inblock in call' activesupport (5.2.5) lib/active_support/tagged_logging.rb:71:in block in tagged' activesupport (5.2.5) lib/active_support/tagged_logging.rb:28:intagged' activesupport (5.2.5) lib/active_support/tagged_logging.rb:71:in tagged' railties (5.2.5) lib/rails/rack/logger.rb:26:incall' actionpack (5.2.5) lib/action_dispatch/middleware/remote_ip.rb:81:in call' request_store (1.4.1) lib/request_store/middleware.rb:19:incall' actionpack (5.2.5) lib/action_dispatch/middleware/request_id.rb:27:in call' rack (2.2.3) lib/rack/method_override.rb:24:incall' rack (2.2.3) lib/rack/runtime.rb:22:in call' activesupport (5.2.5) lib/active_support/cache/strategy/local_cache_middleware.rb:29:incall' actionpack (5.2.5) lib/action_dispatch/middleware/executor.rb:14:in call' actionpack (5.2.5) lib/action_dispatch/middleware/static.rb:127:incall' rack (2.2.3) lib/rack/sendfile.rb:110:in call' rack (2.2.3) lib/rack/content_length.rb:17:incall' railties (5.2.5) lib/rails/engine.rb:524:in call' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:107:inprocess_request' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:149:in accept_and_process_next_request' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:110:inmain_loop' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/request_handler.rb:416:in block (3 levels) in start_threads' passenger (6.0.9) src/ruby_supportlib/phusion_passenger/utils.rb:113:inblock in create_thread_and_abort_on_exception' `

Two hints to help debug:

• customer used Redmine CAS plugin in their old Redmine, but it is not compatible with the new one, so we changed to this Omniauth_CAS plugin
• there is a squid proxy between Redmine and CAS server

It would be nice if someone could assess this issue to give us some clues on what is causing the Redmine error. Thank you very much in advance.

[lublasco]

Just wanted to say that the issue was caused by the squid proxy interfering in the authentication process. We solved this by including the squid proxy IP in Redmine's production environment.