Well not necessarily a third application, all I really want to accomplish here is to be able to authenticate a user via CAS rest api (which I can), be a able validate that user via CAS rest api multiple times (which I can't) and be able to log the user out via CAS rest api (which I can).
Is proxying necessary for this functionality? On Friday, June 17, 2016 at 4:41:47 PM UTC-4, Ray Bon wrote: > > A ST is (should be) validated only once and for only one service. Each > service will go through the CAS dance passing in the TGT and service URL to > receive its own ST. > If a third application needs to authenticate to your API, look at > proxying, > https://apereo.github.io/cas/4.2.x/installation/Configuring-Proxy-Authentication.html > > Ray > > On 2016-06-17 13:12, John Stevens II wrote: > > Thank you, I've increased the service ticket timeout value and was able to > validate a ticket via /serviceValidate but I can only validate the ticket > once. > > If I am using the CAS Rest API to authenticate API's that we develop I > would want to verify that the service ticket is valid on every call to our > API's. How do I achieve this or is there another recommended way to achieve > this? > > I see the option *st.numOfUses *for service tickets but not sure if > unlimited is a valid option or if it's even recommended. > > On Friday, June 17, 2016 at 3:42:22 PM UTC-4, Misagh Moayyed wrote: >> >> /serviceValidate. >> >> >> >> *From:* [email protected] [mailto:[email protected]] *On Behalf Of *John >> Stevens II >> *Sent:* Friday, June 17, 2016 12:10 PM >> *To:* CAS Community <[email protected]> >> *Cc:* [email protected]; [email protected] >> *Subject:* Re: [cas-user] Rest API Service Ticket Validation Issue >> >> >> >> Ok that may work, is that the recommended way to verify service tickets >> for the Rest API (Without using the php client) or should I not be relying >> on the actual client? >> >> On Friday, June 17, 2016 at 2:49:08 PM UTC-4, Dmitriy Kopylenko wrote: >> >> By the time the /serviceValidate with ST is called, the ST lifetime has >> expired (10 seconds default). Increase the ST TTL on the CAS server to >> something longer, but reasonable and see if it helps. >> >> >> >> Best, >> >> D. >> >> >> >> On Jun 17, 2016, at 2:44 PM, John Stevens II <[email protected]> wrote: >> >> >> >> Need some insight on how to properly use the Rest API. >> >> >> >> I have a simple php application below castest.php: >> >> >> >> <?php >> >> >> >> require_once '/var/www/sites/CAS-1.3.4/CAS.php'; >> >> >> >> phpCAS::setDebug(); >> >> // Enable verbose error messages. Disable in production! >> >> phpCAS::setVerbose(true); >> >> // Initialize phpCAS >> >> phpCAS::client(CAS_VERSION_2_0, 'access.example.com', 443, '/cas'); >> >> >> phpCAS::setNoCasServerValidation(); >> >> // force CAS authentication >> >> phpCAS::forceAuthentication(); >> >> >> >> echo "It worked"; >> >> ?> >> >> >> Visiting the php page in the browser works with no problem, I'm able to >> authenticate and access the content with no problem. >> >> >> >> I can post to my post server rest url to get my TGT: >> >> >> >> Posting form data: >> >> username=Randomuser&password=Randompassword >> >> >> >> To: >> >> <https://access.example.com/cas/v1/tickets>https://access.example.com/ >> cas/v1/tickets >> >> >> Data (TGT) returned is: >> >> >> <https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com> >> https://access.example.com/ >> cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com >> >> >> Now I take my TGT url and post my service to get my ST: >> >> >> >> Posting form data: >> >> service=http%3A%2F%2Ftest.example.com <http://2ftest.example.com> >> %2Fcastest.php >> >> >> To: >> >> >> <https://access.example.com/cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com> >> https://access.example.com/ >> cas/v1/tickets/TGT-19-MKJRShaS2EebhGB3HHbZabi6O0I2KeSgWkXz3xGvKjamJgqi5M-cas2.example.com >> >> >> Data (ST) returned is: >> >> 0000: 53 54 2D 32 31 2D 79 47 59 69 57 6E 63 45 62 65 | >> ST-21-yGYiWncEbe | >> >> 0010: 70 78 78 71 33 4B 6E 78 4F 52 2D 63 61 73 32 2E | >> pxxq3KnxOR-cas2. | >> >> 0020: 69 6E 6D 61 72 2E 63 6F 6D | example.com >> | >> >> >> >> >> All is good so far, I have my TGT and ST now I should be able to access >> my castest.php site so I do a get request on this url with my ticket as a >> parameter: >> >> >> >> Get: >> >> >> <http://test.example.com/castest.php?ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com> >> http://test.example.com/ >> castest.php?ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com >> >> >> Error is returned: >> >> <html><head><title>CAS Authentication failed!</title></head><body><h1>CAS >> Authentication failed!</h1><p>You were not authenticated.</p><p>You may >> submit your request again by clicking <a href=" >> <http://test.example.com/castest.php>http://test.example.com/castest.php";>here</a>.</p><p>If >> >> the problem persists, you may contact <a href="mailto:ro...@localhost";>the >> administrator of this site</a>.</p><hr><address>phpCAS 1.3.4 using server >> <a href=" <https://access.example.com/cas/>https://access.example >> .com/cas/"> >> <https://access.example.com/cas/>https://access.example.com/cas/</a> >> (CAS 2.0)</a></address></body></html><br /> >> >> <b>Fatal error</b>: Uncaught exception 'CAS_AuthenticationException' in >> /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php:3234 >> >> Stack trace: >> >> #0 /var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php(1419): >> CAS_Client->validateCAS20('https://access....', >> '\n\n<cas:serviceR...', Object(DOMElement), false) >> >> #1 /var/www/sites/vmbuild/CAS-1.3.4/CAS.php(1127): >> CAS_Client->isAuthenticated() >> >> #2 /var/www/sites/vmbuild/castest.php(21): phpCAS::isAuthenticated() >> >> #3 {main} >> >> thrown in <b>/var/www/sites/vmbuild/CAS-1.3.4/CAS/Client.php</b> on >> line <b>3234</b><br /> >> >> >> Other things i've tried were to use the validation url to validate the >> ticket that way but it says the ticket is not reconigzed: >> >> >> >> Get or Post: >> >> >> <https://access.example.com/cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php&ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com> >> https://access.example.com/ >> cas/serviceValidate?service=http%3A%2F%2Ftest.example.com%2Fcastest.php&ticket=ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com >> >> >> >> Returned: >> >> <cas:serviceResponse xmlns:cas=" <http://www.yale.edu/tp/cas> >> http://www.yale.edu/tp/cas";> >> >> <cas:authenticationFailure code="INVALID_TICKET"> >> >> Ticket 'ST-21-yGYiWncEbepxxq3KnxOR-cas2.example.com >> <http://st-21-ygyiwncebepxxq3knxor-cas2.example.com>' not recognized >> >> </cas:authenticationFailure> >> >> </cas:serviceResponse> >> >> >> >> Just need to validate service tickets with/for the REST API any help >> would be appreciated. >> >> >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> <https://groups.google.com/a/apereo.org/group/cas-user/> >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org >> >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f68da54d-dde3-4f88-8428-7ca9eff54d72%40apereo.org?utm_medium=email&utm_source=footer> >> . >> For more options, visit <https://groups.google.com/a/apereo.org/d/optout> >> https://groups.google.com/a/apereo.org/d/optout. >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org?utm_medium=email&utm_source=footer> >> https://groups.google.com/a/ >> apereo.org/d/msgid/cas-user/daf30452-61dd-4187-9ebd-dfc17de37404%40apereo.org. >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > To post to this group, send email to [email protected] <javascript:>. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > To view this discussion on the web visit > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org?utm_medium=email&utm_source=footer> > https://groups.google.com/a/apereo.org/d/msgid/cas-user/6019fd5b-6795-400e-9bc4-fbd4486f12e6%40apereo.org > . > For more options, visit https://groups.google.com/a/apereo.org/d/optout. > > > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/318d0846-f1b6-4155-8d86-ded2013d2391%40apereo.org. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
