authorizer icon indicating copy to clipboard operation
authorizer copied to clipboard
verified publisher icon uhm-coe

Redirect loop when using CAS sign in

Open paszczus opened this issue 2 years ago • 9 comments

Hello, We are trying to use an authorizer on a multisite setup, and after setting it up, it redirects us to the CAS server. After a successful login, we end up in an endless loop. What can cause this problem? This happens when using a Proxy and the SAML 1.1 protocol. After switching to CAS 2.0/3.0, after login, it immediately logs out from CAS. Version 3.6.3.1, WordPress 6.3.1.

paszczus avatar Sep 21 '23 09:09 paszczus

Thanks for the report, we'll see if we can reproduce. Might be an issue with using a proxy, we don't use that configuration. We may have to add another plugin option to support proxy config.

figureone avatar Sep 30 '23 01:09 figureone

Also can you confirm that the Authorizer Setting "CAS server method" is set to Proxy instead of Client?

figureone avatar Sep 30 '23 01:09 figureone

One more question, do you have any other plugins or hooks that affect the login flow or move the wp-login.php endpoint?

figureone avatar Sep 30 '23 01:09 figureone

Hi,

I'm encountering the same issue. I am using a client with CAS 3.0 protocol.

StevieDrew avatar Nov 03 '23 14:11 StevieDrew

@StevieDrew Are you using a proxy in your setup? Trying to narrow down some of the possible causes of the issue.

@paszczus Do you have any additional information as requested by figurone?

pkarjala avatar Nov 09 '23 18:11 pkarjala

Hi @pkarjala No proxy, just a client setup.

StevieDrew avatar Nov 09 '23 20:11 StevieDrew

OK; do you happen to have any logs showing errors or additional information when the redirect loop is occurring?

pkarjala avatar Nov 09 '23 21:11 pkarjala

Hi, I have a similar issue, my CAS server is correctly configured, but facing an issue:

[Fri Jan 26 13:14:56.238104 2024] [php:notice] [pid 90654] [client xxx.xxx.xxx.xxx:52692] CAS server returned an Authe ntication Exception. Details: [Fri Jan 26 13:14:56.240792 2024] [php:notice] [pid 90654] [client xxx.xxx.xxx.xxx:52692] CAS URL: https://auth.xxxxxxxxx.fr/sso/serviceValidate?service=http%3A%2F%2Fxxxxxxxxx.fr%2Fwordpress%2Fwp-login.php%3Fexter nal%3Dcas&ticket=ST-authxxxxxxxxxfr-bb3ad1695e83e23907991a2926eaa0c9c6638e046f0e74af1e09bbad\nAuthenticatio n failure: Ticket not validated\nReason: no response from the CAS server

No problem with similar CAS plugins for other services (nextcloud and limesurvey) running wordpress 6.3.2 on php 8.1

Rushtard avatar Jan 26 '24 12:01 Rushtard

@Rushtard the "no response from the CAS server" message sounds like a network issue, can you verify that the WordPress site can reach the CAS server? The Authorizer settings page will try to warn you if the server is unreachable: Screenshot 2024-02-01 at 11 39 32 AM

figureone avatar Feb 01 '24 21:02 figureone