phpCAS :: isAuthenticated在不同的服務中登錄後返回false

Question

I've configured the CAS login page so that it accepts the username and password as GET parameters如果提供了它們，它會自動提交登錄表單。這看起來像CAS登錄頁面在網站認證過程中甚至沒有被觸及。

該網站使用的是phpCAS版本1.3.2與CAS進行通信。如果我通過表單直接登錄，它會按預期工作：瀏覽器從CAS正確重定向返回true並且isAuthenticated()返回true。但是，如果我事先登錄到其他服務，則isAuthenticated()將返回false。如果我沒有記錯，這是因爲我有，如果AUTH是細做與CAS的實際檢驗，所以我也試着checkAuthentication()，但我得到了以下錯誤：

[error] [client 192.168.12.120] PHP Fatal error: Uncaught exception 'CAS_AuthenticationException' in /home/dev/www/CAS-1.3.2/CAS/Client.php:2248 
Stack trace: 
#0 /home/dev/www/CAS-1.3.2/CAS/Client.php(1227): CAS_Client->_validatePGT('https://192.168...', '????<cas:servic...', Object(DOMElement)) 
#1 /home/dev/www/CAS-1.3.2/CAS/Client.php(1131): CAS_Client->isAuthenticated() 
#2 /home/dev/www/CAS-1.3.2/CAS.php(1078): CAS_Client->checkAuthentication() 
#3 /home/dev/www/redir.php(39): phpCAS::checkAuthentication() 
#4 {main} 
thrown in /home/dev/www/CAS-1.3.2/CAS/Client.php on line 2248, referer: https://192.168.10.144:8181/cas/login?username=myUser&password=testpassword&auto=true&service=https%3A%2F%2F192.168.12.120%2Fredir.php 

CAS server log

phpCAS debug log

PHP代碼：

<?php 

function pageURL() { 
    $PROTOCOL = "http"; 
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { 
     $PROTOCOL = "https"; 
    } 
    $url = "$PROTOCOL://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]"; 
    $url = strtok($url, '?'); 
    return $url; 
} 

// Configuration 
$phpcas_path = "CAS-1.3.2"; 

$cas_host = "192.168.10.144"; 
$cas_port = 8181; 
$cas_context = "/cas"; 

// Load the CAS lib 
require_once $phpcas_path . "/CAS.php"; 

// Enable debugging 
phpCAS::setDebug(); 

// Initialize phpCAS 
phpCAS::proxy (CAS_VERSION_2_0, $cas_host, $cas_port, $cas_context); 

phpCAS::setNoCasServerValidation(); 

// check CAS authentication 
$auth = phpCAS::checkAuthentication(); 

// logout if desired 
if (isset ($_REQUEST ['logout'])) { 
    phpCAS::logout(); 
} 

$serviceUrl = "https://192.168.10.144:8181/accessrights/"; 
?> 

<html> 
<head> 
<title>CAS form login</title> 
</head> 
<body> 

<?php if ($auth) { 
    phpCAS::serviceWeb($serviceUrl, $err_code, $accessrights); 
?> 

    <p>Hello <strong><?php echo phpCAS::getUser(); ?></strong>! You have been authenticated with CAS. Your access rights are: <?php echo $accessrights; ?></p> 

<?php } else { ?> 

<h3>User login</h3> 
<div>Enter your username and password here in order to log in on the website:</div> 
<!-- ###LOGIN_FORM### --> 
<form method="GET" action="https://192.168.10.144:8181/cas/"> 
    <p>Username : <input type="text" name="username" /></p> 
    <p>Password : <input type="password" name="password" /></p> 
    <p>Remember me : <input type="checkbox" name="rememberMe" value="true" /></p> 
    <p><input type="submit" value="Login !" /></p> 
    <input type="hidden" name="auto" value="true" /> 
    <input type="hidden" name="service" value="<?php echo pageURL(); ?>" /> 
</form> 
<!-- ###LOGIN_FORM### --> 

<?php } ?> 

</body> 
</html> 

我看到checkAuthentication()無法檢索代理授予鈦但我不知道原因。有任何想法嗎？我也有一個頁面forceAuthentication()，它的工作完美無瑕。

Answer 1

根據您的服務器的日誌，CAS正在試圖通過「https://xxx.xx.xx.xx/redir.php」，但他的遭遇回調您的應用程序的SSL問題「TicketCreationException：error.authentication.credentials.bad」