CAS server SAML 1.1 authentication got empty response
We have been suffering pain for the CAS SAML 1.1 protocol for a long time.
We are using phpCAS which is a CAS client library.
We are doing with the protocol SAML 1.1 in order to get user attributes, such as user email.
However, it failed with empty reponse error.
Here's the client log: (it's the part of interaction logs, a little bit long, but easy to understand)
3CEE .| | | | => CAS_Client::_readURL('https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php', NULL, NULL, NULL) [Client.php:2062]
3CEE .| | | | | => CAS_Client::_buildSAMLPayload() [Client.php:2806]
3CEE .| | | | | <= '<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"><samlp:AssertionArtifact>ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>'
3CEE .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
3CEE .| | | | | | CURL: Set CURLOPT_CAINFO ../../ssl/portail.cigref.fr.pem [CurlRequest.php:132]
3CEE .| | | | | | Response Body:
3CEE .| | | | | |
3CEE .| | | | | | [CurlRequest.php:84]
3CEE .| | | | | <= true
3CEE .| | | | <= true
3CEE .| | | | server version: S1 [Client.php:2071]
3CEE .| | | | dom->loadXML() failed [Client.php:2082]
3CEE .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'SA not validated', 'https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php', false, true, '') [Client.php:2087]
3CEE .| | | | | => CAS_Client::getURL() [AuthenticationException.php:76]
3CEE .| | | | | <= 'https://rfly-99.cvtest.com/ztest/phpCAS/docs/examples/example_simple.php'
3CEE .| | | | | CAS URL: https://portail.cigref.fr/cas/samlValidate?TARGET=https%3A%2F%2Frfly-99.cvtest.com%2Fztest%2FphpCAS%2Fdocs%2Fexamples%2Fexample_simple.php [AuthenticationException.php:79]
3CEE .| | | | | Authentication failure: SA not validated [AuthenticationException.php:80]
3CEE .| | | | | Reason: bad response from the CAS server [AuthenticationException.php:85]
3CEE .| | | | | CAS response: [AuthenticationException.php:101]
3CEE .| | | | | exit()
3CEE .| | | | | -
The ticket is valid and payload has been sent but Response Body is empty.
The logs above is for our customers' CAS server.
We did test on our local CAS server and it's ok.
We also checked the customers' CAS server log which is tomcat log and found this:
2016-03-22 03:31:25,647 INFO [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org
ACTION: SERVICE_TICKET_VALIDATED
APPLICATION: CAS
WHEN: Tue Mar 22 03:31:25 CET 2016
CLIENT IP ADDRESS: 124.127.186.129
SERVER IP ADDRESS: 178.22.130.235
=============================================================
2016-03-22 03:31:25,647 DEBUG [org.jasig.cas.web.ServiceValidateController] - Successfully validated service ticket ST-5376-cjRtmnPYQBxIMFWOQY1x-cas01.example.org for service [https://rfly-99.cvtest.com/ztest/phpCAS/docs/examples/example_simple.php]
Ticket is validated, no errors in the log except some logout error which should be not related.
What is the reason of this issue? Anyone ever encoutered this issue? Please help us out.
Shouldnt you be passing the ticket to samlValidate as well? I only see TARGET.