Problem/Motivation

I've marked this support request as critical, because it is preventing me from setting up the server at all.

I've successfully installed and activated the "CAS Server" Drupal Module 2.x-3.1 in our Drupal 6.22 installation, but I haven't been able to figure out how it works. The only settings I've been able to see are for the CAS client. I've also tried visiting https://[our domain]/cas, but I receive the message "The requested page could not be found".

I've opened up a question on Stack Overflow in case someone has an answer and wants some SO points! http://stackoverflow.com/questions/8584300/drupal-as-a-cas-server

Comments

jbulcher’s picture

jbulcher CreditAttribution: jbulcher commented
Priority: Critical » Normal

I just discovered that the authentication is working, if I use an adapted version of the example script on github. If phpCAS uses the https port (443), how does it communicate with Drupal using a page that doesn't exist?

bfroehle’s picture

bfroehle CreditAttribution: bfroehle commented

jbulcher:
https://example.com/cas is never accessed, instead the CAS login process uses https://.../cas/login, ../cas/logout, .../cas/validate, etc.

You can read about it in the CAS protocol.

metzlerd’s picture

metzlerd CreditAttribution: metzlerd commented

The CAS server module does not currenlty require any configuration that's why you don't see any options for the module. The phpCAS library does require that communication occur over ssl. So you need to make sure that your drupal site at least responds to ssl requests before the cas server module can be used effectively.

Ideally your drupal site is set up on a server with a valid certificate and SSL certification can be turned on for the cas clients. I'd recommend that you can navigate to https://yoursite.example.com and get a validated cert before proceeding.

jbulcher’s picture

jbulcher CreditAttribution: jbulcher commented

That makes sense. Thanks for your input! Expecting to see a page named 'cas' really threw me for a while.

jbulcher’s picture

jbulcher CreditAttribution: jbulcher commented
Status: Active » Closed (works as designed)
jbulcher’s picture

jbulcher CreditAttribution: jbulcher commented
Issue summary: View changes

change http->https

gfoltete’s picture

gfoltete CreditAttribution: gfoltete commented
Issue summary: View changes

Hello,
I installed Drupal 7.39 (on Debian), cas modules (cas + cas_server) and apache ssl.
I have no user in Drupal, I selected the option " Automatically create Drupal accounts ".
When I log me, I can register my login + password in the CAS window but I'm never redirected to my site Drupal.
In my log file, these lines are repeated. We can see that the connection is made a success but I never reach the site.

6382 .START phpCAS-1.3.3 ****************** [CAS.php:438]
6382 .=> phpCAS::client('2.0', 'cas.university', 443, '/cas', false) [cas.module:273]
6382 .|    => CAS_Client::__construct('2.0', false, 'cas.university', 443, '/cas', false) [CAS.php:340]
6382 .|    <= ''
6382 .<= ''
6382 .=> phpCAS::setCasServerCACert('/etc/ssl/cacerts/ca.crt') [cas.module:285]
6382 .<= ''
6382 .=> phpCAS::setFixedServiceURL('https://172.20.xx.xx/frontpage') [cas.module:291]
6382 .<= ''
6382 .=> phpCAS::forceAuthentication() [cas.module:82]
6382 .|    => CAS_Client::forceAuthentication() [CAS.php:1015]
6382 .|    |    => CAS_Client::isAuthenticated() [Client.php:1245]
6382 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
6382 .|    |    |    |    no user found [Client.php:1592]
6382 .|    |    |    <= false
6382 .|    |    |    no ticket found [Client.php:1453]
6382 .|    |    <= false
6382 .|    |    => CAS_Client::redirectToCas(false) [Client.php:1254]
6382 .|    |    |    => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
6382 .|    |    |    |    => CAS_Client::getURL() [Client.php:342]
6382 .|    |    |    |    <= 'https://172.20.xx.xx/frontpage'
6382 .|    |    |    <= 'https://cas.university/cas/login?service=https%3A%2F%2F172.20.xx.xx%2Ffrontpage'
6382 .|    |    |    Redirect to : https://cas.university/cas/login?service=https%3A%2F%2F172.20.xx.xx%2Ffrontpage [Client.php:1620]
6382 .|    |    |    exit()
6382 .|    |    |    -
6382 .|    |    -
6382 .|    -
5629 .START phpCAS-1.3.3 ****************** [CAS.php:438]
5629 .=> phpCAS::client('2.0', 'cas.university', 443, '/cas', false) [cas.module:273]
5629 .|    => CAS_Client::__construct('2.0', false, 'cas.university', 443, '/cas', false) [CAS.php:340]
5629 .|    |    Ticket 'ST-1330778-DQ11KBjyk9gepceXeHcs-cas.university' found [Client.php:988]
5629 .|    <= ''
5629 .<= ''
5629 .=> phpCAS::setCasServerCACert('/etc/ssl/cacerts/ca.crt') [cas.module:285]
5629 .<= ''
5629 .=> phpCAS::setFixedServiceURL('https://172.20.xx.xx/frontpage') [cas.module:291]
5629 .<= ''
5629 .=> phpCAS::forceAuthentication() [cas.module:82]
5629 .|    => CAS_Client::forceAuthentication() [CAS.php:1015]
5629 .|    |    => CAS_Client::isAuthenticated() [Client.php:1245]
5629 .|    |    |    => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
5629 .|    |    |    |    no user found [Client.php:1592]
5629 .|    |    |    <= false
5629 .|    |    |    CAS 2.0 ticket `ST-1330778-DQ11KBjyk9gepceXeHcs-cas.university' is present [Client.php:1406]
5629 .|    |    |    => CAS_Client::validateCAS20('', NULL, NULL) [Client.php:1409]
5629 .|    |    |    |     [Client.php:3101]
5629 .|    |    |    |    => CAS_Client::getServerServiceValidateURL() [Client.php:3108]
5629 .|    |    |    |    |    => CAS_Client::getURL() [Client.php:453]
5629 .|    |    |    |    |    <= 'https://172.20.xx.xx/frontpage'
5629 .|    |    |    |    <= 'https://cas.university/cas/serviceValidate?service=https%3A%2F%2F172.20.xx.xx%2Ffrontpage'
5629 .|    |    |    |    => CAS_Client::_readURL('https://cas.university/cas/serviceValidate?service=https%3A%2F%2F172.20.xx.xx%2Ffrontpage&ticket=ST-1330778-DQ11KBjyk9gepceXeHcs-cas.university', NULL, NULL, NULL) [Client.php:3118]
5629 .|    |    |    |    |    => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
5629 .|    |    |    |    |    |    CURL: Set CURLOPT_CAINFO /etc/ssl/cacerts/ca.crt [CurlRequest.php:129]
5629 .|    |    |    |    |    |    Response Body: 
5629 .|    |    |    |    |    |    <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
5629 .|    |    |    |    |    |    	<cas:authenticationSuccess>
5629 .|    |    |    |    |    |    		<cas:user>gfoltete</cas:user>
5629 .|    |    |    |    |    |    
5629 .|    |    |    |    |    |    
5629 .|    |    |    |    |    |    	</cas:authenticationSuccess>
5629 .|    |    |    |    |    |    </cas:serviceResponse>
5629 .|    |    |    |    |    |     [CurlRequest.php:84]
5629 .|    |    |    |    |    <= true
5629 .|    |    |    |    <= true
5629 .|    |    |    |    => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3176]
5629 .|    |    |    |    |    Testing for rubycas style attributes [Client.php:3294]
5629 .|    |    |    |    <= ''
5629 .|    |    |    |    Storing Proxy List [Client.php:3185]
5629 .|    |    |    |    => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3188]
5629 .|    |    |    |    |    No proxies were found in the response [AllowedList.php:81]
5629 .|    |    |    |    <= true
5629 .|    |    |    |    => CAS_Client::_renameSession('ST-1330778-DQ11KBjyk9gepceXeHcs-cas.university') [Client.php:3220]
5629 .|    |    |    |    |    Skipping session rename since phpCAS is not handling the session. [Client.php:3599]
5629 .|    |    |    |    <= ''
5629 .|    |    |    <= true
5629 .|    |    |    CAS 2.0 ticket `ST-1330778-DQ11KBjyk9gepceXeHcs-cas.university' was validated [Client.php:1412]
5629 .|    |    |    => CAS_Client::getURL() [Client.php:1472]
5629 .|    |    |    <= 'https://172.20.xx.xx/frontpage'
5629 .|    |    |    Prepare redirect to : https://172.20.xx.xx/frontpage [Client.php:1472]
5629 .|    |    |    => CAS_Client::getURL() [Client.php:1474]
5629 .|    |    |    <= 'https://172.20.xx.xx/frontpage'
5629 .|    |    |    exit()
5629 .|    |    |    -
5629 .|    |    -
5629 .|    -

I voluntarily modified the IP address and the server CAS URL.

Thank you for your help

metzlerd’s picture

metzlerd CreditAttribution: metzlerd as a volunteer commented

Did you install the cas server and the cas client on the same drupal site by chance? The cas and cas server modules should never be enabled on the same site.

gfoltete’s picture

gfoltete CreditAttribution: gfoltete commented

Thank you for your response.
Yes, I installed the both modules on the same drupal site.
What of both modules do I have to install somewhere else ?

gfoltete’s picture

gfoltete CreditAttribution: gfoltete commented

Perhaps, only the CAS module is useful?

bkosborne’s picture

bkosborne
Primary language English
Location New Jersey, USA
CreditAttribution: bkosborne commented

We need to know more about your specific use case.

You should install the "cas" sub module if you want users of your site to authenticate with an outside CAS server.

You should install the "cas_server" sub module if you want your Drupal site to act as a CAS server. Other websites would specify your Drupal site as the CAS server.

gfoltete’s picture

gfoltete CreditAttribution: gfoltete commented

Hello,
As I wish that the users authenticates with an extern server CAS, I have to deactivate the module server_cas.
Regrettably, after having recorded my login + password in the CAS window, I still can't to return to the homepage of my site and I have exactly the same logs.
I specify that I installed Drupal with the core/theme octopus_video.
Thank you for your help.

gfoltete’s picture

gfoltete CreditAttribution: gfoltete commented

Perhaps, it's a redirection problem after connection ?