search

subfission / cas

Simple CAS Authentication for Laravel 5 - 10.
MIT License
151 stars 70 forks source link

CAS_AuthenticationException #116

Closed Wh15tlee closed 1 year ago

Wh15tlee commented 1 year ago

Hello. I am getting this error using your package.

Everything works fine. I am logged in. But after redirection I am getting this error: CAS URL: https://testing-sso.kpi.fei.tuke.sk/p3/serviceValidate?service=http%3A%2F%2Flocalhost%2Flogin&ticket=ST-315-UwycBtE2AzNF01Di0tHlNiwRoL8be4a7df21b70 Authentication failure: Ticket not validated Reason: [INVALID_TICKET] CAS error: Ticket 'ST-315-UwycBtE2AzNF01Di0tHlNiwRoL8be4a7df21b70' not recognized CAS response: Ticket 'ST-315-UwycBtE2AzNF01Di0tHlNiwRoL8be4a7df21b70' not recognized</cas:authenticationFailure> </cas:serviceResponse>

I am trying to login to school testing cas server. https://testing-sso.kpi.fei.tuke.sk/

For exaple I am getting this URL: http://localhost/login?ticket=ST-315-UwycBtE2AzNF01Di0tHlNiwRoL8be4a7df21b70

And when I remove everything after /login. Everything works fine and I am redirected where I supposed to be.

Code, that I am using:

Route::group(['middleware' => ['guest', 'cas.guest']], function () {
    Route::get('login', [AuthenticatedSessionController::class, 'store'])
                ->name('login');
});
    public function store(Request $request)
    {
        $user = User::where('email', cas()->getAttribute('mail'))->first();

        if(Auth::login($user))
        {
            $request->session()->regenerate();
        }

        return redirect()->intended(RouteServiceProvider::HOME);
    }

cas.php

 'cas_hostname' => env('CAS_HOSTNAME', 'testing-sso.kpi.fei.tuke.sk'),
    'cas_real_hosts' => env('CAS_REAL_HOSTS', 'testing-sso.kpi.fei.tuke.sk'),
    'cas_session_name' => env('CAS_SESSION_NAME', 'CASAuth'),
    'cas_control_session' => env('CAS_CONTROL_SESSIONS', false),
    'cas_proxy' => env('CAS_PROXY', false),
    'cas_port' => env('CAS_PORT', 443),
    'cas_uri' => env('CAS_URI', ''),
    'cas_client_service' => env('CAS_CLIENT_SERVICE', 'http://localhost'),
    'cas_validation' => env('CAS_VALIDATION', ''),
    'cas_cert' => env('CAS_CERT', ''),
    'cas_validate_cn' => env('CAS_VALIDATE_CN', true),
    'cas_login_url' => env('CAS_LOGIN_URL', ''),
    'cas_logout_url' => env('CAS_LOGOUT_URL', 'http://testing-sso.kpi.fei.tuke.sk/logout'),
    'cas_logout_redirect' => env('CAS_LOGOUT_REDIRECT', 'http://localhost/'),
    'cas_redirect_path' => env('CAS_REDIRECT_PATH', ''),
    'cas_enable_saml' => env('CAS_ENABLE_SAML', false),
    'cas_version' => env('CAS_VERSION', "3.0"),
    'cas_debug' => env('CAS_DEBUG', false),
    'cas_verbose_errors' => env('CAS_VERBOSE_ERRORS', false),
    'cas_masquerade' => env('CAS_MASQUERADE', ''),
    'cas_session_secure' => env('HTTPS_ONLY_COOKIES', false),

Logout is working fine.

Can anyone please help me with solving this problem. Thanks.

subfission commented 1 year ago

This does not appear to be an issue with this package, but either your configuration of the settings applied to apereo phpCAS. I would check your settings that your school recommends as the error reported is that the underlying package does not accept your TGT. Your settings also butcher any security validation, so that might also be a problem.

Additionally, you are interacting suspiciously with the Yale CAS service..? I'm not sure what the intention is, but this is likely not allowed and is a security violation.