Ticket validated but no PGT Iou transmitted - proxy

I am trying to make a proxy CAS webapp using PHPCAS library version 1.3.3. At first I tried an example from the docs but unfortunately I got an error and said that I wasn't authenticated.
I was using the example_proxy_GET.php and on the log it said like this :
Authentication failure: Ticket validated but no PGT Iou transmitted [AuthenticationException.php:80]
Reason: no CAS error [AuthenticationException.php:94]
The authentication was successful on validate the ST (Service Ticket) but the log also said that :
<proxyGrantingTicket> not found [Client.php:2541]
CAS_AuthenticationException::__construct(CAS_Client, 'Ticket validated but no PGT Iou transmitted
So, my question is that the Single Sign-On server (CAS 2.0 I think) that was not sending a PGT Iou (so there's misconfiguration on the server) or there's something wrong on the examples file?
And if the server was misconfigured, what should I do?
Thanks
UDPATE
I'm using a private IP address and when I tried open the CAS server log on tomcat, here's it said
2015-04-09 11:56:41,428 WARN [org.jasig.cas.util.HttpClient] - <Socket Timeout Detected while attempting to send message to [http://10.10.100.102/sso/docs/examples/example_proxy_GET.php].>
My guess was that I should use some public IP / domain to use the CAS properly

It turns out that I need setup a https server to use the proxy feature on CAS.
I found the detail on here
https://wiki.jasig.org/display/CASC/phpCAS+requirements

Related

How can I forward server response error to client with Jetty proxyservlet.Transparent?

I have implemented a proxy extending jetty's ProxyServlet.Transparent.
However upon testing I noticed there is a difference on error messages the user sees when the server returns an error.
For example, when connecting directly to one of our application server with an invalid user credential, the server should return something more specific with instructions on the auth as we have set it this way. When connecting to the proxy server the error is in its most generic form like Authentication failed: Unauthorized
I suspect at some stage jetty checks on the server response and set the proxy response with minimal information so I am looking into the Transparent class code and its parent classes to find which method I can override to intercept the original server response and forward the information in the proxy response, assuming my understanding on these two responses are correct.
Thanks for the help.

Api Platform & JWT token : I can authenticate but all newt=xt request are 401

I have a client that authenticates to API platform, token is generated and send back to client. Client embed the token in the requests header, but still have a 401 error return from the server : JWT not found. It is in the header thougth (verified with FIrefox)
Have you already had this issue ? (further posts without response).
Is there a possibility Apache or firewall blocks the token ?
How can I find the issue source?
NB: the excat same config was working well on dev server in local. Just clone the git to server and and made acomposer made a composer install. I tried to reinstall lexik, regenrate the .pem.... nothing work
Thank you for your help

Browser not responding to www-authenticate challenge for bookmarked ssl (https url) to restricted resource

I have set up SSO using weblogic on windows and Kerberos, It is working fine for the http pages, however I observed a strange behavior on https pages which requires CONFIDENTIAL setting for the transport, It works fine if I first access a page on http which is not configured as secured in web.xml(Transport-Gurantee as None) and then the https page.
But If I try to hit the https url directly which is configured with Transport-Gurantee as CONFIDENTIAL then it shows the Basic Auth Dialog and a 401 Unauthorized response, Looking at the logs I see that the Server responded with the WWW-Authenticate but browser showed the Basic Auth Dialog in response instead of getting the Authorize token.
Does anyone has any idea on what might be issue here, If there is any problem with the browser settings then it would not have worked irrespective of accessing the http url first.
I can see the following error log in weblogic console
Malformed request "Can not parse URI from http request". Request parsing failed, Code: -1
Found one of the link here
SPNEGO on IBM WebSphere Portal 6.1 with https
For my case it is weblogic 12c , I don't think reinstalling 12c is a valid solution for it
Ok I got it fixed , It turns out to be an issue with the browser configuration , the https://myserver.domain.com was not inside the intranet domain and the control to do that rests with the windows Admin team, once they added it , the https urls are also working fine.

Cordova ajax call kCFErrorDomainCFNetwork error 311

Anyone encountered this error? kCFErrorDomainCFNetwork error 311?
I wrote a simple cordova application running in iPad (iOS 9 up). This applications calls an HTTPS api but throws this error kCFErrorDomainCFNetwork error 311.
Pleas note that the HTTPS Server has a valid CA Issued SSL Certificate.
I googled a lot on this error but without any luck and only managed to found this cfStreamErrorHTTPSProxyFailureUnexpectedResponseToCONNECTMethod that has an int value of 311 and it says that
The HTTPS proxy returned an unexpected status code, such as a 3xx
redirect
Indeed the resource that i am invoking is returning a 302 which unfortunately i have no control of.
And to access the https server, i have to specifically connect to a wifi proxy where the IP address is whitelisted in the https server.
I hope someone from this great community could provide me some light on this error.
Thank you.
I also have received the same error. The problem is that you are accessing network through a proxy which needs to be authenticated before you send a request.
In your case, generally if you are accessing internet in the system browser, you might have proxy settings(along with authentication) in your browser or system preferences -> network -> Advanced -> Proxies.
In order to address the authentication issues while URL requests, Apple has given documentation in this regard - https://developer.apple.com/library/content/documentation/Cocoa/Conceptual/URLLoadingSystem/Articles/AuthenticationChallenges.html.
For a simple model implementation just refer to Simple example of NSURLSession with authentication

HTTPS Request From a Credential Provider DLL

I've been creating a Credential Provider DLL that authenticates via the internet before allowing login. However this hasn't worked as well as I expected because my WinHTTP request isn't getting sent. I've confirmed this using wire shark. but I can't figure out why it's not sending any requests off. I've checked that my code is actually calling the functions properly - and they are. But the http request never makes it off. I'm slightly confused at this point and I'm seeking to know if there is some blanket block against https Requests at login.
If you are using C++ CP-V2, so you can use easily from CPPRESTSDK library.
Note: You must note the DNS address and the digital certificate you are using must be valid.

Resources