alexanoid1

@dwevans thank you very much !!!

Hi @gpspake, thanks for your response! It was my mistake, everything with SLO works perfect with your awesome plugin. No any changes needed. Thanks again !

@gpspake thanks for your answer but I mean another CAS feature –

https://jasig.github.io/cas/4.1.x/installation/Logout-Single-Signout.html

When a CAS session ends, it notifies each of the services that the SSO session is no longer valid, and that relying parties need to invalidate their own session.

This can happen in two ways: ….

In other words – I can log out directly on CAS server and CAS server will notify each of the services via for example HTTP POST message that logout happened. You have to implement a hook in your WP plugin in order to handle these messages and invalidate WP session also.

Everything is working now, it was my fault.
Thanks for the great plugin!

This is a response of GET request to my https://cas.example.com/samlValidate

<SOAP-ENV:Envelope xmlns:SOAP-ENV=”https://schemas.xmlsoap.org/soap/envelope/”&gt;
<SOAP-ENV:Body>
<saml1p:Response xmlns:saml1p=”urn:oasis:names:tc:SAML:1.0:protocol” InResponseTo=”UNKNOWN” IssueInstant=”2015-12-24T18:41:47.269Z” MajorVersion=”1″ MinorVersion=”1″ ResponseID=”_39b3c1f72dec1df99875d6f390c1274b”>
<saml1p:Status>
<saml1p:StatusCode Value=”saml1p:RequestDenied”/>
<saml1p:StatusMessage>
‘service’ and ‘ticket’ parameters are both required
</saml1p:StatusMessage>
</saml1p:Status>
</saml1p:Response>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>

I think the possible reason of this issue is that my CAS server installed on my local machine and accessible only via localhost..

This is a detailed log:

2B52 .START phpCAS-1.3.3 ****************** [CAS.php:438]
90FC .START phpCAS-1.3.3 ****************** [CAS.php:438]
90FC .=> phpCAS::client(‘S1’, ‘127.0.0.1’, 8443, ‘/cas’) [authorizer.php:777]
90FC .| => CAS_Client::__construct(‘S1’, false, ‘127.0.0.1’, 8443, ‘/cas’, true) [CAS.php:340]
90FC .| <= ”
90FC .<= ”
90FC .=> phpCAS::setCasServerCACert(‘/var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/cacert.pem’) [authorizer.php:792]
90FC .<= ”
90FC .=> phpCAS::isAuthenticated() [authorizer.php:795]
90FC .| => CAS_Client::isAuthenticated() [CAS.php:1062]
90FC .| | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
90FC .| | | no user found [Client.php:1592]
90FC .| | <= false
90FC .| | no ticket found [Client.php:1453]
90FC .| <= false
90FC .<= false
90FC .=> phpCAS::forceAuthentication() [authorizer.php:796]
90FC .| => CAS_Client::forceAuthentication() [CAS.php:1015]
90FC .| | => CAS_Client::isAuthenticated() [Client.php:1245]
90FC .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
90FC .| | | | no user found [Client.php:1592]
90FC .| | | <= false
90FC .| | | no ticket found [Client.php:1453]
90FC .| | <= false
90FC .| | => CAS_Client::redirectToCas(false) [Client.php:1254]
90FC .| | | => CAS_Client::getServerLoginURL(false, false) [Client.php:1613]
90FC .| | | | => CAS_Client::getURL() [Client.php:342]
90FC .| | | | | Final URI: https://example.com/wp-login.php?external=cas [Client.php:3466]
90FC .| | | | <= ‘https://example.com/wp-login.php?external=cas&#8217;
90FC .| | | <= ‘https://127.0.0.1:8443/cas/login?service=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas&#8217;
90FC .| | | Redirect to : https://127.0.0.1:8443/cas/login?service=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas [Client.php:1620]
90FC .| | | exit()
90FC .| | | –
90FC .| | –
90FC .| –
19B5 .START phpCAS-1.3.3 ****************** [CAS.php:438]
19B5 .=> phpCAS::client(‘S1’, ‘127.0.0.1’, 8443, ‘/cas’) [authorizer.php:777]
19B5 .| => CAS_Client::__construct(‘S1’, false, ‘127.0.0.1’, 8443, ‘/cas’, true) [CAS.php:340]
19B5 .| | Ticket ‘ST-3-0vwNNzHugRcReLHFVe2u-cas.cureforward.com’ found [Client.php:988]
19B5 .| <= ”
19B5 .<= ”
19B5 .=> phpCAS::setCasServerCACert(‘/var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/cacert.pem’) [authorizer.php:792]
19B5 .<= ”
19B5 .=> phpCAS::isAuthenticated() [authorizer.php:795]
19B5 .| => CAS_Client::isAuthenticated() [CAS.php:1062]
19B5 .| | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1356]
19B5 .| | | no user found [Client.php:1592]
19B5 .| | <= false
19B5 .| | SAML 1.1 ticket `ST-3-0vwNNzHugRcReLHFVe2u-cas.cureforward.com’ is present [Client.php:1435]
19B5 .| | => CAS_Client::validateSA(”, NULL, NULL) [Client.php:1438]
19B5 .| | | => CAS_Client::getServerSamlValidateURL() [Client.php:2009]
19B5 .| | | | => CAS_Client::getURL() [Client.php:477]
19B5 .| | | | | Final URI: https://example.com/wp-login.php?external=cas [Client.php:3466]
19B5 .| | | | <= ‘https://example.com/wp-login.php?external=cas&#8217;
19B5 .| | | <= ‘https://127.0.0.1:8443/cas/samlValidate?TARGET=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas&#8217;
19B5 .| | | => CAS_Client::_readURL(‘https://127.0.0.1:8443/cas/samlValidate?TARGET=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas&#8217;, NULL, NULL, NULL) [Client.php:2012]
19B5 .| | | | => CAS_Client::_buildSAMLPayload() [Client.php:2755]
19B5 .| | | | <= ‘<SOAP-ENV:Envelope xmlns:SOAP-ENV=”https://schemas.xmlsoap.org/soap/envelope/”><SOAP-ENV:Header/><SOAP-ENV:Body><samlp:Request xmlns:samlp=”urn:oasis:names:tc:SAML:1.0:protocol” MajorVersion=”1″ MinorVersion=”1″ RequestID=”_192.168.16.51.1024506224022″ IssueInstant=”2002-06-19T17:03:44.022Z”><samlp:AssertionArtifact>ST-3-0vwNNzHugRcReLHFVe2u-cas.cureforward.com</samlp:AssertionArtifact></samlp:Request></SOAP-ENV:Body></SOAP-ENV:Envelope>’
19B5 .| | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
19B5 .| | | | | CURL: Set CURLOPT_CAINFO /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/cacert.pem [CurlRequest.php:129]
19B5 .| | | | | curl_exec() failed [CurlRequest.php:77]
19B5 .| | | | <= false
19B5 .| | | <= false
19B5 .| | | could not open URL ‘https://127.0.0.1:8443/cas/samlValidate?TARGET=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas&#8217; to validate (CURL error #7: couldn’t connect to host) [Client.php:2015]
19B5 .| | | => CAS_AuthenticationException::__construct(CAS_Client, ‘SA not validated’, ‘https://127.0.0.1:8443/cas/samlValidate?TARGET=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas&#8217;, true) [Client.php:2018]
19B5 .| | | | => CAS_Client::getURL() [AuthenticationException.php:76]
19B5 .| | | | <= ‘https://example.com/wp-login.php?external=cas&#8217;
19B5 .| | | | CAS URL: https://127.0.0.1:8443/cas/samlValidate?TARGET=http%3A%2F%2Fexample.com%2Fwp-login.php%3Fexternal%3Dcas [AuthenticationException.php:79]
19B5 .| | | | Authentication failure: SA not validated [AuthenticationException.php:80]
19B5 .| | | | Reason: no response from the CAS server [AuthenticationException.php:82]
19B5 .| | | | exit()
19B5 .| | | | –
19B5 .| | | –
19B5 .| | –
19B5 .| –

Thanks! I would greatly appreciate it if you could help me with it

This is an error I have in the log:

[05-Dec-2015 23:25:29 UTC] PHP Fatal error: Uncaught exception ‘CAS_AuthenticationException’ in /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/CAS-1.3.3/CAS/Client.php:2016
Stack trace:
#0 /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/CAS-1.3.3/CAS/Client.php(1438): CAS_Client->validateSA(‘https://127.0.0…&#8217;, ”, NULL)
#1 /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/CAS-1.3.3/CAS.php(1062): CAS_Client->isAuthenticated()
#2 /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/authorizer.php(795): phpCAS::isAuthenticated()
#3 /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/authorizer.php(367): WP_Plugin_Authorizer->custom_authenticate_cas(Array)
#4 [internal function]: WP_Plugin_Authorizer->custom_authenticate(NULL, ”, ”)
#5 /var/www/admin/data/www/example.com/wp-includes/plugin.php(213): call_user_func_array(Array, Array)
#6 /var/www/admin/data/www/example.com/wp-includes/pluggable.php(567): apply_filters(‘authenticate’, NULL, ”, ”)
in /var/www/admin/data/www/example.com/wp-content/plugins/authorizer/inc/CAS-1.3.3/CAS/Client.php on line 2016

any ideas ?