Cas authentication redirect to logout page
-
When i login, its redirect to logout page. I using cas version 6.4.0-RC2 in authorizer 3.0.9.
I see the cas log, it explained that “the ticket destroyed”
Please help me, thankyou
- This topic was modified 3 years ago by megaay.
-
Can you provide the full error log from the server?
Also, in Authorizer Settings, have you tried changing the CAS protocol version (1.0, 2.0, 3.0, or SAML)? SAML is probably what you want.
WHO: uni
WHAT: [UsernamePasswordCredential(username=uni, source=null, customFields={})]
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:42 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:42,983 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: {result=Service Access Granted, principal=SimplePrincipal(id=uni, attributes={}), service=https://db.ecampuz.net/wp-login.php?external=cas, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:42 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:43,023 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: {result=Service Access Granted, principal=SimplePrincipal(id=uni, attributes={}), service=https://db.ecampuz.net/wp-login.php?external=cas, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:43 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:43,055 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: TGT-1-*****aUYLzjIcL8-jaran
ACTION: TICKET_GRANTING_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:43 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:43,076 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: {result=Service Access Granted, service=https://db.ecampuz.net/wp-login.php?external=cas, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:43 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:43,084 INFO [org.apereo.cas.DefaultCentralAuthenticationService] – <Granted service ticket [ST-1-LHl0FsPPQjdVnXrnqEbrcq7v6Ag-jaran] for service [https://db.ecampuz.net/wp-login.php?external=cas] and principal [uni]>
2021-04-17 07:52:43,088 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: {service=https://db.ecampuz.net/wp-login.php?external=cas, return=ST-1-LHl0FsPPQjdVnXrnqEbrcq7v6Ag-jaran}
ACTION: SERVICE_TICKET_CREATED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:43 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================>
2021-04-17 07:52:44,065 INFO [org.apereo.cas.logout.DefaultLogoutManager] – <Performing logout operations for [TGT-1-*****aUYLzjIcL8-jaran]>
2021-04-17 07:52:44,131 INFO [org.apereo.cas.logout.DefaultLogoutManager] – <[1] logout requests were processed>
2021-04-17 07:52:44,133 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] – <Audit trail record BEGIN
=============================================================
WHO: uni
WHAT: TGT-1-*****aUYLzjIcL8-jaran
ACTION: TICKET_DESTROYED
APPLICATION: CAS
WHEN: Sat Apr 17 07:52:44 UTC 2021
CLIENT IP ADDRESS: 182.2.x.x
SERVER IP ADDRESS: 185.53.x.x
=============================================================- This reply was modified 3 years ago by megaay.
I ran into the same issue.
When WordPress redirects you to CAS, it sets the current URL as the service parameter. CAS uses this URL to redirect you back to WordPress. For example when you login you get redirected to:
https://cas.example.com/cas/login?service=your-domain/wp-login.php?external=cas
After authentication, CAS redirects you back to WordPress. However the redirect makes you visit /wp-login.php again, which causes a logout.
I solved it by specifying a redirect URL line to my config in the CAS JSON Service Registry:
{ @class: org.apereo.cas.services.RegexRegisteredService // name, description, etc redirectUrl: http://my-domain.com // note the lack of /wp-login.php here }
There must be some other code on your site causing a logout;
wp-login.php
needs theaction
and_wpnonce
params in order to process a logout, for example:
https://example.com/wp-login.php?action=logout&_wpnonce=abcdef1234
Authorizer actually needs CAS to come back to
wp-login.php?external=cas
so it can validate the CAS ticket. You can see that flow here:
https://github.com/uhm-coe/authorizer/blob/master/src/authorizer/class-authentication.php#L767-L795Can you check to see if you have other theme/plugin code that might be altering the normal login flow?
Thanks for pointing me in the right direction. I’ve managed to find a solution suitable for local development.
First I enabled logging by un-commenting this line:
https://github.com/uhm-coe/authorizer/blob/6a4848030c45a34ad33376c288191d10d6673e0a/src/authorizer/class-authentication.php#L780Reading through the logs reveals that it’s
phpCAS
related. The request here:
https://github.com/apereo/phpCAS/blob/master/source/CAS/Client.php#L3042
fails with(CURL error #60: SSL certificate problem: self signed certificate)
.My CAS is running on localhost with a self signed certificate.
After exporting my certificate onhttps://localhost:8445/cas
and appending it towp-includes/certificates/ca-bundle.crt
, everything works as expected.For production I’ll use a real certificate ofcourse.
The log:
6751 .START (2021-04-29 11:06:01) phpCAS-1.3.8 ****************** [CAS.php:475] 6751 .=> phpCAS::forceAuthentication() [class-authentication.php:781] 6751 .| => CAS_Client::forceAuthentication() [CAS.php:1120] 6751 .| | => CAS_Client::isAuthenticated() [Client.php:1286] 6751 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1398] 6751 .| | | | no user found [Client.php:1640] 6751 .| | | <= false 6751 .| | | CAS 3.0 ticket ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu' is present [Client.php:1451] 6751 .| | | => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1454] 6751 .| | | | [Client.php:3216] 6751 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3222] 6751 .| | | | | => CAS_Client::getURL() [Client.php:453] 6751 .| | | | | <= 'http://127.0.0.1:8080/wordpress/wp-login.php?external=cas' 6751 .| | | | <= 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas' 6751 .| | | | => CAS_Client::_readURL('https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu', NULL, NULL, NULL) [Client.php:3237] 6751 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242] 6751 .| | | | | | CURL: Set CURLOPT_CAINFO /home/bjz/wordpress-5.7-2/apps/wordpress/htdocs/wp-includes/certificates/ca-bundle.crt [CurlRequest.php:129] 6751 .| | | | | | curl_exec() failed [CurlRequest.php:77] 6751 .| | | | | <= false 6751 .| | | | <= false 6751 .| | | | could not open URL 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu' to validate (CURL error #60: SSL certificate problem: self signed certificate) [Client.php:3239] 6751 .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu', true) [Client.php:3243] 6751 .| | | | | => CAS_Client::getURL() [AuthenticationException.php:77] 6751 .| | | | | <= 'http://127.0.0.1:8080/wordpress/wp-login.php?external=cas' 6751 .| | | | | CAS URL: https://localhost:8445/cas/p3/serviceValidate?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php%3Fexternal%3Dcas&ticket=ST-2-uF7XJNRgGBP6MkhLK-rlMawmhTY-ubuntu [AuthenticationException.php:80] 6751 .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:81] 6751 .| | | | | Reason: no response from the CAS server [AuthenticationException.php:83] 6751 .| | | | | exit() 6751 .| | | | | - 6751 .| | | | - 6751 .| | | - 6751 .| | - 6751 .| - 6751 .=> phpCAS::logoutWithRedirectService('http://127.0.0.1:8080/wordpress/wp-login.php') [class-authentication.php:790] 6751 .| => CAS_Client::logout(array ( 'service' => 'http://127.0.0.1:8080/wordpress/wp-login.php',)) [CAS.php:1491] 6751 .| | Prepare redirect to : https://localhost:8445/cas/logout?service=http%3A%2F%2F127.0.0.1%3A8080%2Fwordpress%2Fwp-login.php [Client.php:1701] 6751 .| | Destroying session : otkcqgo5e69ok6d0ufor0lmnj5 [Client.php:1703] 6751 .| | Session terminated [Client.php:1707] 6751 .| | exit() 6751 .| | - 6751 .| -
- The topic ‘Cas authentication redirect to logout page’ is closed to new replies.