search

subfission / cas

Simple CAS Authentication for Laravel 5 - 10.
MIT License
151 stars 70 forks source link

CAS Request Not Including Service Parameter #101

Closed briankelleher closed 3 years ago

briankelleher commented 3 years ago

Problem

The CAS middleware, or cas()->authenticate() function, directs me to the correct SSO login page, but fails to provide a service parameter to the request, so the SSO login attempt does not redirect back to the application.

Environment

I have just done a fresh installation of Laravel v8.47.0, and am using the out-of-the-box Sail tool to run it locally with docker.

The application runs with ./vendor/bin/sail up, simulating docker-compose. It runs the application on http://localhost.

I have added the necessary config/app.php provider:

Subfission\Cas\CasServiceProvider::class

And proper aliases:

'Cas' => Subfission\Cas\Facades\Cas::class

I have also added the base, raw config/cas.php file to my application, provided here: https://github.com/subfission/cas/blob/v4.1.0/src/config/config.php

I have environment variables set up in a .env file, as such, and can confirm they are being read correctly in the CasServiceProvider config because it directs to the correct SSO login page. I changed the SSO domain here just as I don't believe it's important to the problem.

CAS_HOSTNAME="login.myfakesso.edu"
CAS_REAL_HOSTS="login.myfakesso.edu"
CAS_PORT=443
CAS_URI="/cas"
CAS_LOGIN_URL="https://login.myfakesso.edu/cas/login"
CAS_LOGOUT_URL="https://login.myfakesso.edu/cas/logout"
CAS_DEBUG=true
CAS_VERBOSE_ERRORS=true

I have also attempted to put in the CAS_REDIRECT_PATH variable here, which doesn't appear to change anything.

What's Been Tried

  1. Adding CAS_REDIRECT_PATH variable. Does nothing.
  2. Writing my own middleware that simulates a very simple cas()->authenticate() method, with no change.
  3. Using no middleware at all and directly calling cas()->authenticate() on a route.
  4. Proxying my installation using ngrok to a valid HTTPS host, to verify that an insecure, localhost, or non HTTPS host wasn't the root of the issue.

The only thing that showed mild success was changing the CAS_LOGIN_URL environment variable to https://login.myfakesso.edu/cas/login?service=http://localhost, which did then properly authenticate on the SSO and redirect back to the application, which proceeded to fail because the ticket is written for http://0.0.0.0 endpoint. When tested with a valid ngrok HTTPS proxy, I received a a SA validation error, which is the expected output.

Any help with this would be appreciated - I cannot seem to find any errors in any logs pertaining to adding a service parameter - it just seems to omit it completely. Is there something I'm missing?

briankelleher commented 3 years ago

Simply omit the login_url, and it works fine.