Infinite Redirect Drupal 6 Multisite phpCAS 1.3.1/1.3.0/1.2.1 with CAS module 6.x-3.1

It seems that phpCAS is able to successfully validate the ticket with your CAS server. It then attempts to store the user's identity in $_SESSION['phpcas'] and redirect back to the same URL (but without the ticket=...) parameter. However something along the way gets lost and phpCAS forgets that the user has been authenticated.

I'd guess that your PHP sessions are broken. You can try out an example script in the phpCAS directory (docs/examples/example_simple.php) to try to isolate the problem.

My reading is that points even stronger to some kind of session corruption in the drupal instance. You might try manually deleting all rows from the session table in drupal. DELETE FROM sessions in database that is exhibiting the problem.

Also given the power failure on this one, you my try mysql database check/repair... you may be having problems with a corrupt data file.

Not to "me too" but I am seeing the exact same behavior with the latest build of CAS, latest build of Drupal 6. No matter what i do I get the same result. This was working just a few days ago and now it's suddenly not and I get this redirect loop until my browser throws "too many redirects".

I am running a single-site install of Drupal, not multi-site. Cleared out the sessions table but am still seeing this issue.

Just ran some tests and am only seeing this behavior with new user accounts. My existing older accounts all work fine.

We're seeing this too on some of our sites (D5 and D6 seem to be affected, D7 doesn't) with 1.3.1. But even sites that are affected, only some users are. And weirder, it seems its browser dependent as Chrome doesn't seem to have any issues.

This is quite disturbing... it'd be good if we could figure out how to reproduce this... any chance we can get a cas debug log from one of these sites? Are any of them running pressflow?

I don't know if this the only issue here, but I did find a way to reproduce an infinite redirect with these versions of CAS. Basic steps are:

1. Enable creation of user accounts on login
2. Put the site in Maintenance mode
3. Log in with a user that doesn't have the ability access the site in maintenance mode or a new user that does't have a cas login.

Looks like at minimum we have some work to do around maintenance mode checking.

Is there an update on this issue?

We have been facing the same issue on our sites.

Our configuration:

PHP 5.3.3
phpCAS 1.3.1
MySQL database 5.0.77
Drupal 6.26
Web server Apache/2.2.3 (Red Hat)

What we tried:

1. Checked the database for corruptions
2. Cleared the session table
3. Ran the example script provided in phpCAS directory (docs/examples/example_simple.php) . It was successful.

I am seeing the same redirection issue from our phpCAS.log. It is trying to go to http://mysite/cas/login?destination=user which redirects to the CAS server and it comes back to http://mysite/cas/login?destination=user.

I am attaching the phpCAS cas-debug.log information with site information changed to testsite.

Hmm. The relevant part of your debug log shows that phpCAS is able to successfully authenticate the user, attempts to store the username in $_SESSION, and redirects back to the same page (but w/o the ticket=... parameter). At this point phpCAS develops amnesia and starts all over again. :(

I'm not sure how to debug this remotely.

I am also having this same issue. I am running Drupal 7 with cas 1.3.1

I am using a custom theme. I have attached my log as well.

I have noticed sometimes after I try and login with CAS the URL will redirect me back to http://cas.********.com/login?service=https%3A%2F%2Fmysite%2F%3Fq%3Dkb%2...'

and I can delete the first part: "http://cas.********.com/login?service=" and it will take me to the right page and I get authenticated.

Most of the time I get:
"This webpage has a redirect loop
The webpage at https://mysite/?q=kb has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer."

For those running into this same issue with Drupal 7, you can edit the cas.module file and find this function:

function cas_login_destination() {
  $destination = user_login_destination();
  if ($destination['destination'] == 'cas') {
    $destination['destination'] = '';
  }
  return $destination;
}

and replace it with this

function cas_login_destination() {
	// Equivalent to user_login_destination(), which appeared first in Drupal 6.19.
	$destination = drupal_get_destination();
	$destination = ($destination == 'destination=user/login'); //? 'destination=node' : $destination;

	return $destination == 'destination=cas'; //? 'destination=' : $destination;
}

I have not gotten into it to see exactly why it is breaking but it seems to fix the issue of the never ending redirect. Keep in mind I am sure there is a better solution than just replacing this code, but it is a place to start.

I am aware that this is an old issue, but I ran into this problem as well. It seems that CAS does not play well with the

$conf['https'] = TRUE;

option ( mixed session handling: see https://drupal.org/https-information ). Removing that setting (which removes the ability to have http/https shared sessions) solved the problem for me.

The D6 module won't be seeing any further development as I don't have any time to spend on this, and this issue is quite old. I'm going to close as outdated.