phpCAS does not return https url service

[Dual-Boot]

Hello,

I am using phpCAS to CASsify dokuwiki.
My Dokuwiki is running under Apache 2.4 and behind a reverse proxy Apache 2.4 , something like that :
https://dokuwiki.domain.tld -> http://dokuwiki.domain.local

When I enable phpCAS auth I go to : https://dokuwiki.domain.tld/doku.php?id=start&do=caslogin
which redirect to my CAS server but the cas client.php does not serve the good protocol URL.
The url service which is return is always under http protocol :

<html><head><title>CAS Authentication wanted!</title></head><body><h1>CAS Authentication wanted!</h1><p>You should already have been redirected to the CAS server. Click <a href="https://cas.domain.tld/cas/login?service=http%3A%2F%2Fdokuwiki.domain.tld%2Fdoku.php%3Fid%3Dstart&gateway=true">here</a> to continue.</p></body></html>

So I found a workaround by modifying client.php at line 3481 in the getURL function :

public function getURL()
    {
        phpCAS::traceBegin();
        // the URL is built when needed only
        if ( empty($this->_url) ) {
            $final_uri = '';
            // remove the ticket if present in the URL
            $final_uri = ($this->_isHttps()) ? 'https' : 'http';
            $final_uri .= '://';

by adding a single 's' like that :

$final_uri .= 's://';

So my question is simple : how to get the right protocol service ?
Did I miss anything ?
Regards,

[jfritschi]

The _isHttps() function also checks the HTTP_X_FORWARDED_PROTO header. It should detect a loadbalancer using https and adjust any urls accordingly.

Maybe you can add some phpCAS::trace() debug functions in the _isHttps() function to dump states into the debug log and figure out why it's not working for you.

[Dual-Boot]

Hi,

I think you are right. It seems the problem is Dokuwiki which replace https to http.

regards,

[Dual-Boot]

I am not sure anymore...
I set up everything to run dokuwiki on https protocol and only phpCAS client send me the wrong service Protocol.
I set up 'baseurl' with https which it seems to be enought for dokuwiki to work behind a proxy.

I should use phpCAS::trace() debug to get more information.

Regards,

[Dual-Boot]

Hello,

Good news I set up my reverse proxy Apache like that :

<VirtualHost *:80>
        ServerAdmin webmaster@domain.tls
        ServerName wiki.domain.tld
        Redirect permanent / https://wiki.domain.tld


        ErrorLog /var/log/apache2/wiki.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/wiki.access.log combined

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@domain.tld
        ServerName wiki.domain.tld
        ProxyRequests Off
        ProxyPreserveHost On
        ProxyPass / http://dokuwiki.domain.local/
        ProxyPassReverse / http://dokuwiki.domain.local/
        RequestHeader set X-Forwarded-Proto "https"
        <Proxy>
                Order Allow,Deny
                Allow from all
        </Proxy>

        <IfModule mod_headers.c>
                Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
                RequestHeader edit Destination ^https: http: early
        </IfModule>
        ErrorLog /var/log/apache2/wiki.error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/wiki.access.log combined

        SSLEngine on
        SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
</VirtualHost>
</IfModule>

The missing directive was :

RequestHeader set X-Forwarded-Proto "https"

My full virtual host for apologizes
Best regards,