I have a basic CAS 6.4.2 server running under the URL https://mycas.com. I also have a basic php client that I'm trying to connect to it using CAS 3 protocol. This php app uses the phpCAS official client (https://github.com/apereo/phpCAS), version 1.4.0.
I can use this Apereo CAS instance to secure connections to other NodeJS apps, but when I try to connect to the php app, it fails while trying to verify the Service Ticket. Note that the verification fails while trying to verify the ticket, not before. It correctly receives the ST when the user is verified against Apereo CAS.
The error message that the php app logs is:
```
PHP Warning: DOMDocument::loadXML(): Extra content at the end of the document in Entity, line: 1 in /usr/local/src/php-cas-client-example/composer-example/vendor/jasig/phpcas/source/CAS/Client.php on line 3426
Ticket not validated
Reason: bad response from the CAS server CAS response:
<head/><cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess>
<cas:user>XXX</cas:user>
<cas:attributes>
<cas:clientIpAddress>XXX</cas:clientIpAddress>
<cas:isFromNewLogin>false</cas:isFromNewLogin>
<cas:authenticationDate>2021-11-29T13:53:40.699600Z</cas:authenticationDate> <cas:successfulAuthenticationHandlers>
RestAuthenticationHandler
</cas:successfulAuthenticationHandlers>
<cas:userAgent>XXX</cas:userAgent>
<cas:credentialType>
UsernamePasswordCredential
</cas:cre
in /usr/local/src/php-cas-client-example/composer-example/vendor/jasig/phpcas/source/CAS/Client.php on line 3428
```
From that error, and the warning that comes before (in the first line of the logs), I understand that the problem is with the </head> tag, that turns the xml into a malformed response. What seems weird to me is that this closing tag doesn't seem to appear when I access the NodeJS app that is authenticated by the same Apereo CAS instance (using also the version 3 of the CAS protocol).
I also filtered the responses that CAS sent to both the NodeJS app (that works) and the php app (that doesn't), using tcpdump. Both look the same, so Apereo CAS isn't changing the way it answers the apps (not like I expected that, just to confirm that the problem seems to be on the phpCAS <-> Apereo CAS interaction).
What I have tried to troubleshoot the problem:
What I ask then
How can I solve my problem of the phpCAS client receiving that </head> tag? Is it something about how I configured the Apereo CAS server, or the phpCAS client? Or something else?
Any help would be appreciated,