/serviceValidate.
From: [email protected] [mailto:[email protected]] On Behalf Of John Stevens II Sent: Friday, June 17, 2016 12:10 PM To: CAS Community <[email protected]> Cc: [email protected]; [email protected] Subject: Re: [cas-user] Rest API Service Ticket Validation Issue Ok that may work, is that the recommended way to verify service tickets for the Rest API (Without using the php client) or should I not be relying on the actual client? On Friday, June 17, 2016 at 2:49:08 PM UTC-4, Dmitriy Kopylenko wrote: By the time the /serviceValidate with ST is called, the ST lifetime has expired (10 seconds default). Increase the ST TTL on the CAS server to something longer, but reasonable and see if it helps. Best, D. On Jun 17, 2016, at 2:44 PM, John Stevens II <[email protected] <javascript:> > wrote: Need some insight on how to properly use the Rest API. I have a simple php application below castest.php: <?php require_once '/var/www/sites/CAS-1.3.4/CAS.php'; phpCAS::setDebug(); // Enable verbose error messages. Disable in production! phpCAS::setVerbose(true); // Initialize phpCAS phpCAS::client(CAS_VERSION_2_0, 'access.example.com <http://access.example.com> ', 443, '/cas'); phpCAS::setNoCasServerValidation(); // force CAS authentication phpCAS::forceAuthentication(); echo "It worked"; ?> Visiting the php page in the browser works with no problem, I'm able to authenticate and access the content with no problem. I can post to my post server rest url to get my TGT: Posting form data: username=Randomuser&password=Randompassword To: https://access.example.com/cas/v1/tickets Data (TGT) returned is: https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com Now I take my TGT url and post my service to get my ST: Posting form data: service=http%3A%2F%2Ftest.example.com <http://2ftest.example.com> %2Fcastest.php To: https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com Data (ST) returned is: 0000: 53 54 2D 32 31 2D 79 47 59 69 57 6E 63 45 62 65 | ST-21-yGYiWncEbe | 0010: 70 78 78 71 33 4B 6E 78 4F 52 2D 63 61 73 32 2E | pxxq3KnxOR-cas2. | 0020: 69 6E 6D 61 72 2E 63 6F 6D | example.com <http://example.com> | All is good so far, I have my TGT and ST now I should be able to access my castest.php site so I do a get request on this url with my ticket as a parameter: Get: http://test.example.com/castest.php?ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com Error is returned: <html><head><title>CAS Authentication failed!</title></head><body><h1>CAS Authentication failed!</h1><p>You were not authenticated.</p><p>You may submit your request again by clicking <a href="http://test.example.com/castest.php";>here</a>.</p><p>If the problem persists, you may contact <a href="mailto:ro...@localhost <javascript:> ">the administrator of this site</a>.</p><hr><address>phpCAS 1.3.4 using server <a href="https://access.example.com/cas/";>https://access.example.com/cas/</a> (CAS 2.0)</a></address></body></html><br /> <b>Fatal error</b>: Uncaught exception 'CAS_AuthenticationException' in /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php:3234 Stack trace: #0 /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php(1419): CAS_Client->validateCAS20('https://access....', '\n\n<cas:serviceR...', Object(DOMElement), false) #1 /var/www/sites/vmbuild/CAS-1.3.4/CAS.php(1127): CAS_Client->isAuthenticated() #2 /var/www/sites/vmbuild/castest.php(21): phpCAS::isAuthenticated() #3 {main} thrown in <b>/var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php</b> on line <b>3234</b><br /> Other things i've tried were to use the validation url to validate the ticket that way but it says the ticket is not reconigzed: Get or Post: https://access.example.com/cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php <https://access.example.com/cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php&ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com> &ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com Returned: <cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas";> <cas:authenticationFailure code="INVALID_TICKET"> Ticket 'ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com <http://st-21-ygyiwncebepxxq3knxor-cas2.example.com> ' not recognized </cas:authenticationFailure> </cas:serviceResponse> Just need to validate service tickets with/for the REST API any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <javascript:> . To post to this group, send email to [email protected] <javascript:> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected] <mailto:[email protected]> . To post to this group, send email to [email protected] <mailto:[email protected]> . Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org <https://groups.google.com/a/apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org?utm_medium=email&utm_source=footer> . For more options, visit https://groups.google.com/a/apereo.org/d/optout. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/008e01d1c8d0%2457bf4280%24073dc780%24%40unicon.net. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
