How to fix Error in uPortal CAS Authentication after configuring SSL

[Eduardo Fonseca]

Hello,

I am configuring uPortal and we are researching about integrating it's built-in CAS authentication with a client app running on php.

I have had good progress but got to a point where I am able to authenticate with the phpCAS but the uPortal authentication ends up broken.

I am using Tomcat 7, and followed the steps to configure SSL on port 8443

so enabled this connector:

    <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->

    <Connector

               protocol="org.apache.coyote.http11.Http11NioProtocol"

               port="8443" maxThreads="200"

               scheme="https" secure="true" SSLEnabled="true"

               keystoreFile="${user.home}/.keystore" keystorePass="uportal"

               clientAuth="false" sslProtocol="TLS"/>

also made sure that the uPortal configuration is correctly setup for CAS authentication on port 8443 with localhost as hostname, in cas.properties and local.properties.

uportal runs, I can navigate to the Sign In page, I can input the username and password, however, once I click Login, I get the following result

We're sorry, but an error has occurred.

Please contact your uPortal administrator and provide the following information:

Your name and user id

What content were you trying to view when this error occurred

Any other useful information to help reproduce the error

This is the url on the Login page:

https://localhost:8443/cas/login?service=https://localhost:8443/uPortal/Login

This the the url where is redirecting: 

https://localhost:8443/uPortal/Login?ticket=ST-6-epyfNTUobxy1U4mvrjqg-localhost

I'm using a self signed certificate as specified in the SSL configuration for Tomcat 7

https://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html

However when using the php application I can authenticate

Successfull Authentication!

Current script

index.php

session_name():

PHPSESSID

session_id():

ST-7-mla0RUWx4GX1mSsdPJd9-localhost

the user's login is admin.

phpCAS version is 1.3.4+.

Logout

Also, if I set tomcat and uportal to go back to use http, and port 8080, uPortal login works again.

Any ideas what I need to do so the uPortal authentication does not break when using https, SSL, and port 8443?

I'm using Tomcat 7, uPortal 4.3.1 and it's built-in CAS server

[Adrian Chong]

The php server cannot make Https connection to the CAS server. It is most properly the CA cert of CAS server was not properly trusted. If you use proxy ticket validation, the CAS server also needs to successfully make HTTPS connection to the php server.

First, I suggest you to use cert chain (a CA cert signing a server cert) instead of self-signed cert since it is more like the real production environment. 

Then the php server should be configured to trust the CA signer cert. This may be useful:

http://unitstep.net/blog/2009/05/05/using-curl-in-php-to-access-https-ssltls-protected-sites/