phpCAS::getAttributes gives me an empty array

[likou31]

Hello !

I'm using phpCAS for the authentication on my symfony application. The connection works well as I have a ticket and I have the username.
But I don't have the attributes that I should also get. We checked the log of the CAS server, it sends the attributes, but on the application side, the response I have is this one.
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user>...</cas:user> </cas:authenticationSuccess> </cas:serviceResponse>

I don't understand why I don't have the attributes I should get.

`\phpCAS::setDebug('/temp_log/log.txt');

    \phpCAS::client(CAS_VERSION_3_0, $this->getParameter('host'), $this->getParameter('port'), is_null($this->getParameter('path')) ? '' : $this->getParameter('path'), true);

    \phpCAS::setCasServerCACert('XXX', true);

    \phpCAS::setServerServiceValidateURL('XXX/cas/p3/serviceValidate');
    \phpCAS::getCasClient()->setCasServerCACert('XXX', true);
    \phpCAS::getCasClient()->setServerServiceValidateURL('XXX/cas/p3/serviceValidate');

    if ($this->getParameter('handleLogoutRequest')) {
        if ($event->getRequest()->request->has('logoutRequest')) {
            $this->checkHandleLogout($event);
        }
        $logoutRequest = $event->getRequest()->request->get('logoutRequest');

        \phpCAS::handleLogoutRequests(true);
    } else {
        \phpCAS::handleLogoutRequests(false);
    }

    if (\phpCAS::checkAuthentication()) {
        \phpCAS::renewAuthentication();
    } else {
        \phpCAS::forceAuthentication();
    }

    $token = new CasToken();
    $token->setUser(\phpCAS::getUser());
    $token->setAttributes(\phpCAS::getAttributes());`

I tried with CAS_Client also, but I still don't get the attributes. If you could help me please understand why it doesn't work, it would so cool ! Thank you in advance !

[jfritschi]

The phpcas debug contains a raw text dump of the server response that is logged before any processing. If you don't see any attributes there the issues is on the server side and this is nothing we can diagnose/fix.

On the CAS server side you typically have to configure per application if any attributes are shared. There is a service registry where this is normally configured.

[likou31]

When we look at the log of the CAS server, it sends the attributes.
But as I checked, I don’t remember having attributes even when I was using heruko cas server, the function didn’t get any of the attributes i should have gotten :/

[jfritschi]

Please have a look at the phpcas debug log what data phpcas retrieves via HTTP from the CAS server. There is a very good reason we store the original text response.... Having attributes in the CAS server does not mean they are actually transmitted to a specific service.

[likou31]

Here's what the log says :
0F21 .START (2021-06-10 14:00:13) phpCAS-1.4.0 ****************** [CAS.php:499]
0F21 .=> phpCAS::client('3.0', 'URL_CAS', 443, 'cas', true) [CasListener.php:33]
0F21 .| => CAS_Client::__construct('3.0', false, 'URL_CAS', 443, 'cas', true, CAS_Session_PhpSession) [CAS.php:365]
0F21 .| | Session is not authenticated [Client.php:956]
0F21 .| | Ticket 'ST-82-I4ekhyhOu30bMDTUEtEoCg8t--Upreprod-cas' found [Client.php:1042]
0F21 .| <= ''
0F21 .<= ''
0F21 .=> phpCAS::setCasServerCACert('/etc/ssl/certs/chain-tcs-geant4.pem', true) [CasListener.php:35]
0F21 .<= ''
0F21 .=> phpCAS::setServerServiceValidateURL('URL_CAS/cas/p3/serviceValidate') [CasListener.php:37]
0F21 .<= ''
0F21 .=> CAS_Client::handleLogoutRequests(false, array ()) [CAS.php:1328]
0F21 .| Not a logout request [Client.php:1903]
0F21 .<= ''
0F21 .=> phpCAS::checkAuthentication() [CasListener.php:52]
0F21 .| => CAS_Client::checkAuthentication() [CAS.php:1130]
0F21 .| | => CAS_Client::isAuthenticated() [Client.php:1499]
0F21 .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1557]
0F21 .| | | | no user found [Client.php:1799]
0F21 .| | | <= false
0F21 .| | | CAS 3.0 ticket ST-82-I4ekhyhOu30bMDTUEtEoCg8t--Upreprod-cas' is present [Client.php:1610]
0F21 .| | | => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1613]
0F21 .| | | | [Client.php:3388]
0F21 .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3394]
0F21 .| | | | | => CAS_Client::getURL() [Client.php:455]
0F21 .| | | | | | Final URI: XXX [Client.php:3937]
0F21 .| | | | | <= 'XXX'
0F21 .| | | | <= 'URL_CAS/XXX'
0F21 .| | | | => CAS_Client::_readURL('URL_CAS/XXX', NULL, NULL, NULL) [Client.php:3409]
0F21 .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
0F21 .| | | | | | CURL: Set CURLOPT_CAINFO /etc/ssl/certs/chain-tcs-geant4.pem [CurlRequest.php:129]
0F21 .| | | | | | Response Body:
0F21 .| | | | | | <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
0F21 .| | | | | | cas:authenticationSuccess
0F21 .| | | | | | cas:user...</cas:user>
0F21 .| | | | | | </cas:authenticationSuccess>
0F21 .| | | | | | </cas:serviceResponse>
0F21 .| | | | | |
0F21 .| | | | | | [CurlRequest.php:84]
0F21 .| | | | | <= true
0F21 .| | | | <= true
0F21 .| | | | => CAS_Client::_readExtraAttributesCas20(DOMNodeList) [Client.php:3473]
0F21 .| | | | | Parse extra attributes: [Client.php:3825]
0F21 .| | | | | Array
0F21 .| | | | | (
0F21 .| | | | | )
0F21 .| | | | |
0F21 .| | | | | FLATTEN Array: [Client.php:3827]
0F21 .| | | | | Array
0F21 .| | | | | (
0F21 .| | | | | )
0F21 .| | | | |
0F21 .| | | | | FILTER : [Client.php:3829]
0F21 .| | | | | Array
0F21 .| | | | | (
0F21 .| | | | | )
0F21 .| | | | | return [Client.php:3835]
0F21 .| | | | <= ''
0F21 .| | | | => CAS_ProxyChain_AllowedList::isProxyListAllowed(array ()) [Client.php:3485]
0F21 .| | | | | No proxies were found in the response [AllowedList.php:81]
0F21 .| | | | <= true
0F21 .| | | | => CAS_Client::_renameSession('ST-82-I4ekhyhOu30bMDTUEtEoCg8t--Upreprod-cas') [Client.php:3503]
0F21 .| | | | | Killing session: p5isgi7k974isn25pr5dsm311c [Client.php:1227]
0F21 .| | | | | Starting session: 33a14fdd6880f851964256deee98de74a8844e1a0088cf0de66dc22f8b51801b [Client.php:1231]
0F21 .| | | | | Restoring old session vars [Client.php:1234]
0F21 .| | | | <= ''
0F21 .| | | <= true
0F21 .| | | CAS 3.0 ticket `ST-82-I4ekhyhOu30bMDTUEtEoCg8t--Upreprod-cas' was validated [Client.php:1616]
0F21 .| | | => CAS_Client::getURL() [Client.php:1682]
0F21 .| | | <= 'XXX
0F21 .| | | Prepare redirect to : XXX [Client.php:1682]
0F21 .| | | => CAS_Client::getURL() [Client.php:1684]
0F21 .| | | <= 'XXX'
0F21 .| | | exit()
0F21 .| | | -
0F21 .| | -
0F21 .| -

I don't have more on the application side, while on the CAS server side, we see that the attributes were sent at each connexion...

[jfritschi]

You can see XML serviceResponse from you CAS server that is following the: Response Body

This is the unprocessed html body of the serviceValidate response from your CAS server. As I expected there are no attributes present. That means the CAS server is not releasing them .... I also can see that the response is malformed. No sure if you doctored with some items to remove sensitive URL/data but the XML is broken. (e.g. missing < > )

In one of our phpunit tests you can see examples of such responses incl. attributes https://github.com/apereo/phpCAS/blob/master/test/CAS/Tests/Cas20AttributesTest.php We support multiple different styles...

GitHub

apereo/phpCAS

Apereo PHP CAS Client. Contribute to apereo/phpCAS development by creating an account on GitHub.

[jfritschi]

Can we close the ticket?

[jfritschi]

Closing due to inactivity...