I have been banging my head on this one for a while now and can't seem to get this working. I keep getting the following error when I call "phpCas::forceAuthentication".
"No 'Access-Control-Allow-Origin' header...". I have added the following header and it still doesn't work:
header('Access-Control-Allow-Origin: https://localhost');
In my backend I include CAS the following way:
require_once Yii::app()->basePath.'/lib/CAS.php';
This produced an error which I resolved changing "Autoload.php" in the CAS folder from (~ line 81):
spl_autoload_register('CAS_autoload');
to
spl_autoload_register('CAS_autoload',true ,true);
and it solved that issue. So with all that background here is the code I am trying to use to log into CAS:
require_once Yii::app()->basePath.'/lib/CAS.php';
...
...
public function actionLogin() {
phpCAS::setNoCasServerValidation(); //don't verify SSL (testing)
$url = Yii::app()->params['casReturnURL'];
phpCAS::setFixedServiceURL ($url); //redirect from cas to this url
phpCAS::forceAuthentication(); //authenticate user
$this->actionIsLoggedInFetch(); //check login status
}
function actionIsLoggedInFetch(){
phpCAS::setNoCasServerValidation(); //don't validate SSL (testing)
$url = Yii::app()->params['casReturnURL']; //return url from CAS
phpCAS::setFixedServiceURL ($url); //set return url
$auth = phpCAS::checkAuthentication(); // check CAS authentication
if ($auth == true) {
$_SESSION['LOGGEDIN'] = true;
$_SESSION['USER'] = phpCas::getUser(); //get currently authenticate user
$return['LOGGEDIN'] = true;
}
else {
$_SESSION['LOGGEDIN'] = false;
$return['LOGGEDIN'] = false;
$_SESSION['USER'] = 'invalid';
}
echo jsonEncodePlusYii($return);
}
public function actionLogout() {
valRequestMethodGet();
phpCAS::setNoCasServerValidation(); //don't verify SSL
$url = Yii::app()->params['casReturnURL'];
phpCAS::logoutWithRedirectService($url); //logout then redirect to url
}
This code produces the above error. So I also tested with the "example_gateway.php" that comes with the CAS folder and that worked like a charm. I also copied the url it produces and that will get me to CAS just fine when I paste it into the browser. It also returns me to the correct page as well. This is basically that code but doesn't have the included HTML with the php file. What am I doing wrong here? Does Yii change around headers to prevent this call? Any help on this one would be really helpful.
UPDATE: After further testing this is still intermittent. If I use:
window.location.href = "/path/to/my/login/function";
It will redirect fine. Also if I setup my own xhr request it sometimes does it. However but i never redirects when I call my logout function.... ever. What is happening? Here is the debug log.
2C49 .START (2016-02-04 16:23:17) phpCAS-1.3.4 ****************[CAS.php:467]
2C49 .=> phpCAS::client('2.0', 'cas.byu.edu', 443, '/cas') [CasController.php:9]
2C49 .| => CAS_Client::__construct('2.0', false, 'cas.byu.edu', 443, '/cas', true) [CAS.php:359]
2C49 .| <= ''
2C49 .<= ''
2C49 .=> phpCAS::setNoCasServerValidation() [CasController.php:33]
2C49 .| You have configured no validation of the legitimacy of the cas server. This is not recommended for production use. [CAS.php:1617]
2C49 .<= ''
2C49 .=> phpCAS::setFixedServiceURL('https://localhost/welfareManager') [CasController.php:35]
2C49 .<= ''
2C49 .=> phpCAS::forceAuthentication() [CasController.php:36]
2C49 .| => CAS_Client::forceAuthentication() [CAS.php:1078]
2C49 .| | => CAS_Client::isAuthenticated() [Client.php:1249]
2C49 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1362]
2C49 .| | | | no user found [Client.php:1604]
2C49 .| | | <= false
2C49 .| | | no ticket found [Client.php:1463]
2C49 .| | <= false
2C49 .| | => CAS_Client::redirectToCas(false) [Client.php:1258]
2C49 .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1625]
2C49 .| | | | => CAS_Client::getURL() [Client.php:342]
2C49 .| | | | <= 'https://localhost/welfareManager'
2C49 .| | | <= 'https://cas.byu.edu/cas/login?service=https%3A%2F%2Flocalhost%2FwelfareManager'
2C49 .| | | Redirect to : https://cas.byu.edu/cas/login?service=https%3A%2F%2Flocalhost%2FwelfareManager [Client.php:1632]
2C49 .| | | exit()
2C49 .| | | -
2C49 .| | -
2C49 .|
If I open my network log this is what I see:
It's not redirecting me :( .
So after a week or so of working on this I got a way that is working for me. I am sure there has to be a better way of doing this but hey this works.
So after installing the latest version of phpCAS from here: https://developer.jasig.org/cas-clients/php/current/
I moved the "CAS" folder and the "CAS.php" file into my back end code.
Then I generated a middle man like file with the following code:
You will see that this is a mixture of JS, HTML, and PHP. Why do I do this!? I don't like it either but this works. I do it this way because every single time I try to make an ajax call to a function that calls CAS it would spit out all the above errors I was talking about in my original question. To get around this if you have a php page that calls CAS and gets the CAS return itself it will work every single time without having those terrible errors. I then set my own php session variable that I use for checking to make sure I am authenticated before other script calls on my server. This page will always redirect me back to the index of my front end no matter how CAS returns. It is simply used to set that session variable based on what is returned from CAS.
Then call the above code like your directing yourself to a new page(I called by above code "CASLogic.php"):
(I'm using polymer on my front end). The most important part here is that I call my "CASLogic.php" function by going to it with:
Hopefully this lengthy explanation helps someone in the future that is struggling with this as much as I was.