CAS - Access Denied

What exactly did you have in the box under that? There is a bug that I'm trying to track down that has to do with incorrectly redirecting to image assets and favicon.ico, but other than that I'm not aware of any. Happy to help you troubleshoot though.

The force redirection on initial login event only fires when the account is created to begin with.

If you hit "refresh" do you still get access denied?

If you've got node access enabled, it's also possible that you're having a module weight issue. Might neet to make sure that cas fires before node_access does.

Dave

I know it's been a while, but I'd like to bring up this issue again since it's plaguing my site at this point.

One thing that may be affecting it now is that I'm using the Boost module. I have /cas and /caslogout both listed in the boost settings under "Cache every page except the listed pages.", so Boost shouldn't be affecting them. Still, though, if hook_init isn't run on these pages, it might not be pulling the right page to redirect.

I'd really like to help you troubleshoot this issue.

Could I get relevant versions here? Are you also running 6.x-1.0? Or some other release?

Dave

6.x-1.0

Funny thing: I don't get the Access Denied in Firefox. Just Safari.

The same problem for me too. In Firefox/Chrome everything is fine. In Safari on Windows i see three quick redirections with different ticket=ST-XX-XXXXXXXXXXX and then the page with Access Denied. I think it is critical issue and a bug (correct me if i'm wrong).

More information from me - i'm running latest Pressflow (Drupal 6.16) with CAS module version 2.0. (phpCAS version 1.1.0RC5)

Update: updated phpCas to 1.1.0RC8, the bug still exists. Looks like it is connected with http headers bug in Safari. Maybe this link will be helpful http://www.ja-sig.org/wiki/display/CAS2/CAS+2+and+Redirects

I would agree that it's a bug, but I can't really determine (yet) whether it's a bug in phpCAS (which I can't control) or a bug in the drupal cas module (which I can). It doesn't help that I can't reproduce the bug in my own installation (although I'm not using the same versions of the cas library as you). I'll look at this with the 1.1 client as soon as I can give it some time.

The phpCAS library is responsible for the initial login redirect, so I'm thinking it's there, but again, I haven't been able to reproduce the bug, so I can't be sure.

Which version of phpCas are you using?

I'm on a really old (0.6) version.

I'm now testing on on the 1.1RC8 client and I simply cannot reproduce this problem.

Is there maybe a problem with php session state on your server? Are you doing anything special with Session cookies or anything?

Trying to help but I just haven't been able to make this happen. Maybe you could enable cas debugging and attatch a log file?

Dave

FYI: For those out there 1.10 appears to be the place to get current release version of phpCAS. That's what I'm now using, and I still can't seem to reproduce this problem. Hmmmm......

Could I get more information on your configuration?

Dave

Ok, the problem is that i'm using Pressflow 6.16.77. After switching to default Drupal 6.16 everything is working fine in all browsers. So now i'm investigating why is it happening. I thinks we can close this issue, but it require investigation for sure. Thanks for your efforts!

I was using Pressflow too, but when I moved it to my local dev box, it worked fine. I'd still like to figure out what's happening.

It's possible that some init hook is firing before the cas login giving you the access denied page... Or it's possible that you're having session related problems. Do I understand correctly that it's only when using Safari and Pressflow? Or has that changed. I'm not sure what do do here. Could you identify from the logs which pages are getting the access denied message?

Dave

It's only happening using Safari, on Pressflow, on my VPS. When I grab all the code (including Pressflow) and the database down to my local machine (MAMP) it works just fine on Safari and any other browser. That leads me to believe that something's weird with my LAMP stack on my VPS. This is getting pretty specific, so I'm pretty sure at this point that this should be filed under "Support" rather than "Critical bug".

Still, I'd like to find a solution. Thank you for the brainpower you have dedicated to this so far.

So changing.. Really trying to think about what could be different. Can you verify that the CAS uri setting is exactly the same between the two installations?

Also clean urls any different?

Maybe you could post the service urls for the login pages for both sites to see if there's anything I can see that's different?

Marking as closed (can't reproduce), since there has been no action on this for 10 months.

The redirect code was partially rewritten in 6.x-3.x, and is likely to work better there.