owncloud 9.1 compatibility

[nicktruch]

Hello,
I've tried to install user_cas on ownCloud 9.1.
As described by @nagai-takayuki in his #36 pull request, due to a lot of changes in class structure and the change in authentication framework, user_cas won't work in OC 9.1.
Problem is whatever version I install (yours or nagai's one), I get an error.
So my question is : does anybody succeeded in installing user_cas on OC 9.1 ?
Thanks in advance for your help?
Nicolas

[nicktruch]

OK I think I found what wasn't working :

In @nagai-takayuki user_cas branch, I hadn't set the path to the phpCAS library in user_cas.php / ligne 72 :
$php_cas_path=OCP\Config::getAppValue('user_cas', 'cas_php_cas_path', 'CAS.php');
Once installed you can modify this value from the admin CAS Authentication backend panel.

Hope this helps,
Nicolas

[felixrupp]

No chance for me. I don't get it to work, even if i put in the CAS-Library path as hardcoded string.

[felixrupp]

I dropped LDAP-Backend support and fixed several other things in my Fork: https://github.com/felixrupp/user_cas
On my 9.1 installation this version is now working as expected.
The main cause of this problem is a weird bug that prevents extending the User_LDAP class from the user_ldap extension, although namespace and classname is correct. Could not find a reason for this.

I assume this is a problem caused by bad programming style and missing namespaces. Overall this app has to be rewritten in my opinion.

[pitbulk]

Hi @felixrupp,

you are right, I created this user_cas on Dec 2012 for Owncloud 4 (that used no namespace) and after that, nobody updated it properly to make it compatible with OC, just fast patches.
I'm not involved on OC project anymore and I think this repo is not maintained right now so maybe if you interested you can handle it.

[mttq]

Hi @felixrupp

I've just installed Your user_cas on OC 9.1.1 on Centos 7.2.1511

After the successful CAS login OC show the login page again.

if i try to login (in this page) with another user, the login failed.

Any idea?

Thanks.
m.

[felixrupp]

I'll do some tests with a 9.1.1 installation this week. Can you give me any messages from the owncloud or apache log files?

[mttq]

Hi @felixrupp,

here some messages after OC CAS Login:

From owncloud log:
{"reqId":"WCRUgVxKmWzZC0k4r9NEWwAAAAU","remoteAddr":"139.xxx.xxx.xxx","app":"PHP","message":"Undefined index: cn at /var/www/html/owncloud/apps/user_cas/lib/hooks.php#51","level":3,"time":"2016-11-10T11:05:37+00:00","method":"GET","url":"/owncloud/index.php/login?app=user_cas","user":"myuser"}
{"reqId":"WCRUgVxKmWzZC0k4r9NEWwAAAAU","remoteAddr":"139.xxx.xxx.xxx","app":"PHP","message":"Undefined index: mail at /var/www/html/owncloud/apps/user_cas/lib/hooks.php#56","level":3,"time":"2016-11-10T11:05:37+00:00","method":"GET","url":"/owncloud/index.php/login?app=user_cas","user":"myuser"}

And from access_log:
xx.xxx.xxx.xxx - - [10/Nov/2016:12:05:36 +0100] "GET /owncloud/index.php/login?app=user_cas HTTP/1.1" 302 353 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:37 +0100] "GET /owncloud/index.php/login?app=user_cas&ticket=ST-480940-GPcxc9qCozRpCXdKTZmW53kmgM88Qb43b3Ku2GSHzXkL02hClDcAoYfVQ1YjuVMLkBOGmVSdslClE470GEra9T-Jj71zxYb8yrc1ib5J934Wi-8nK2ehHzIBSOxrlek3XEtAMzznZhmc5CMzkiGddKg0rv HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:37 +0100] "GET /owncloud/index.php/login?app=user_cas HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:37 +0100] "GET /owncloud/index.php/apps/files/ HTTP/1.1" 303 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:38 +0100] "GET /owncloud/index.php/login?redirect_url=%252Fowncloud%252Findex.php%252Fapps%252Ffiles%252F HTTP/1.1" 200 3507 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:38 +0100] "GET /owncloud/index.php/core/js/oc.js?v=933f7361dcf68d34b554e0e67532dacd HTTP/1.1" 200 2861 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"
xxx.xxx.xxx.xxx - - [10/Nov/2016:12:05:39 +0100] "GET /owncloud/cron.php HTTP/1.1" 200 20 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0"

[felixrupp]

Hi @mttq,

can you please append the error.log entries from your apache server?

The owncloud log only shows the debug warnings for some non-mapped CAS Attributes. The cn isn't mapped in most cases, mail should be mapped, but as long as owncloud is using usernames and not e-mails for authentication, this shouldn’t be a problem.

Your access.log file only shows the successful requests, not the errors appearing in a request.

Thanks in advance, I'm planning to find and fix the issues this Weekend.

[felixrupp]

Hi @mttq,

I did several test runs on Debian 8 and Ubuntu 12 Installations with both PHP 5.6 and 5.5 on OC 9.1.1. On both machines, my current user_cas master-branch was working.

Please hold in mind, that after the installation of user_cas, you have to provide the path to CAS.php hardcoded in the user_cas.php file line 72 as stated in @nicktruch 2nd comment on this page . After you have accessed the admin panel and saved the real path in the settings, you can revert your changes in user_cas.php file line 72.
Please also hold in mind, that the current master branch version has dropped LDAP support. So if you’re using LDAP authentication in Owncloud, this user_cas version will NOT authenticate against your LDAP.

Your specific problem is triggered by the login mechanism of current user_cas implementation. Clicking the login button redirects to [your-oc]/index.php?app=user_cas, which is then filtered by the app. The apps logic then decides to redirect the user to the CAS instance, if necessary. There you log in and get redirected back to [your-oc]/index.php?app=user_cas, providing a CAS token. The app then tries to log you in your owncloud, based on the username alone.
After that, the app checks if you have a valid CAS token and a valid OC token. If one of both checks fails, it redirects back to the login page but disables the „CAS Login“ button.

I assume that’s what’s happening to you?

There might be several possibilities:

1. You don’t have a valid CAS token. Please check if your CAS login works correctly (e.g. on other services in your infrastructure).
2. You have a valid CAS token, but the app fails to authenticate you against owncloud. That could be caused by non-matching usernames. Check if your CAS or your owncloud username has been changed.
3. You logged in on owncloud by not using CAS, you came back to the login panel and tried logging in via CAS. Your CAS login proceeds, but you already had an owncloud access token, which then results in sending you back to the login page.

Please be sure to completely log out from your CAS service and then also delete all cookies related to this owncloud instance and your CAS. Alternatively you can try another, fresh browser.

Please retry after checking steps 1 to 3 and report back. As said, I'm currently working on the complete rewrite of user_cas, based on 9.1 app design guidelines. It’s currently at 80% complete. Please stay patient!

Thank you!

[mttq]

Hi @felixrupp ,

thanks a lot for Your support!!!!
Now It seems working well!

There was an error with the PHP after the OS upgrade... :-(

Please let me know when the new user_cas will be ready!!!
Thanks again!
Bye.
mttq

[mttq]

Hi Felix, I hope everything is fine. I've tryed to install the new version of user_cas. After Login the page continues in Loop without end... Here some log: {"reqId":"WLUkVnP6Ix3ay4r3BA8Z4QAAAAA","remoteAddr":"XXXXXXXXXXX","app":"cas","message":"phpCAS has been successfully initialized.","level":0,"time":"2017-02-28T07:18:47+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login","user":"--"} {"reqId":"WLUkVnP6Ix3ay4r3BA8Z4QAAAAA","remoteAddr":"139.191.92.123","app":"cas","message":"phpCAS user is not authenticated, redirect to CAS server.","level":0,"time":"2017-02-28T07:18:47+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login","user":"--"} {"reqId":"WLUkZfI6zb1XmEMLOv4v0gAAAAE","remoteAddr":"XXXXXXXXXXX","app":"cas","message":"phpCAS has been successfully initialized.","level":0,"time":"2017-02-28T07:19:01+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login?ticket=ST-5978408-yBlug2CWzSHLV3zkEgtMf4RsR4OTqWMhO8jUzrKzx07HEOryq4ACh0AAFfPBzHmrFDCht23BOa3al8B03bl4cTX-PHslUMVSXYCWGSDfcXRYf4-f1R5U0aJZzrnS3fi7gY2aQKX7vKLuVfcu3UFm4XIpSzW","user":"--"} {"reqId":"WLUkZfI6zb1XmEMLOv4v0gAAAAE","remoteAddr":"XXXXXXXXX","app":"PHP","message":"session_destroy(): Trying to destroy uninitialized session at /var/www/html/owncloud/apps/user_cas/vendor/phpCAS/source/CAS/Client.php#3683","level":3,"time":"2017-02-28T07:19:02+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login?ticket=ST-5978408-yBlug2CWzSHLV3zkEgtMf4RsR4OTqWMhO8jUzrKzx07HEOryq4ACh0AAFfPBzHmrFDCht23BOa3al8B03bl4cTX-PHslUMVSXYCWGSDfcXRYf4-f1R5U0aJZzrnS3fi7gY2aQKX7vKLuVfcu3UFm4XIpSzW","user":"--"} {"reqId":"WLUkZfI6zb1XmEMLOv4v0gAAAAE","remoteAddr":"XXXXXXXXX","app":"PHP","message":"session_start(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' at /var/www/html/owncloud/apps/user_cas/vendor/phpCAS/source/CAS/Client.php#3688","level":3,"time":"2017-02-28T07:19:02+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login?ticket=ST-5978408-yBlug2CWzSHLV3zkEgtMf4RsR4OTqWMhO8jUzrKzx07HEOryq4ACh0AAFfPBzHmrFDCht23BOa3al8B03bl4cTX-PHslUMVSXYCWGSDfcXRYf4-f1R5U0aJZzrnS3fi7gY2aQKX7vKLuVfcu3UFm4XIpSzW","user":"--"} {"reqId":"WLUkZfI6zb1XmEMLOv4v0gAAAAE","remoteAddr":"XXXXXXXXX","app":"PHP","message":"session_write_close(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' at /var/www/html/owncloud/apps/user_cas/vendor/phpCAS/source/CAS/Client.php#1519","level":3,"time":"2017-02-28T07:19:02+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login?ticket=ST-5978408-yBlug2CWzSHLV3zkEgtMf4RsR4OTqWMhO8jUzrKzx07HEOryq4ACh0AAFfPBzHmrFDCht23BOa3al8B03bl4cTX-PHslUMVSXYCWGSDfcXRYf4-f1R5U0aJZzrnS3fi7gY2aQKX7vKLuVfcu3UFm4XIpSzW","user":"--"} {"reqId":"WLUkZfI6zb1XmEMLOv4v0gAAAAE","remoteAddr":"XXXXXXXXX","app":"PHP","message":"session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/opt/rh/php55/root/var/lib/php/session) at /var/www/html/owncloud/apps/user_cas/vendor/phpCAS/source/CAS/Client.php#1519","level":3,"time":"2017-02-28T07:19:02+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login?ticket=ST-5978408-yBlug2CWzSHLV3zkEgtMf4RsR4OTqWMhO8jUzrKzx07HEOryq4ACh0AAFfPBzHmrFDCht23BOa3al8B03bl4cTX-PHslUMVSXYCWGSDfcXRYf4-f1R5U0aJZzrnS3fi7gY2aQKX7vKLuVfcu3UFm4XIpSzW","user":"--"} {"reqId":"WLUkZvI6zb1XmEMLOv4v0wAAAAE","remoteAddr":"XXXXXXXXX","app":"PHP","message":"session_write_close(): The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' at /var/www/html/owncloud/lib/private/Session/Internal.php#103","level":3,"time":"2017-02-28T07:19:02+00:00","method":"GET","url":"/owncloud/index.php/apps/user_cas/login","user":"--"} May You hel me to debug this issue? Thanks in advance. Massimo. Il 09.11.2016 14:09 Felix Rupp ha scritto:

I'll do some tests with a

9.1.1 installation this week. Can you give me any messages from the owncloud or apache log files?

-- You are receiving this because

you commented.

Reply to this email directly, view it on GitHub [1], or

mute the thread [2]. Con Open 4 Giga a 9 euro/4 sett navighi veloce, chiami e invii SMS dal tuo smartphone verso tutti i fissi e mobili in Italia. Passa a Tiscali Mobile! http://casa.tiscali.it/mobile/

[felixrupp]

Hi @mttq,

still working on that loop-issue, I hope to release a hotfix in a few days! Please consider the rewrite alpha, as it is not yet throroughly testet!

Regardless of that, it seems you have an issue with your php-session IDs being to long or containing bad characters.

[felixrupp]

Hi @mttq @nicktruch and everybody else,

I just released the 1.4.5 version of my user_cas rewrite with OC 10 only support. After a few struggles with 9.1, this version is currently working very well on OC 10 installations. It has also almost all features of the old style user_cas version. The only thing missing is the ldap support, which is part of my next scheduled feature set.

Please report any issues/feature requests you have to the issue tracker on my repository, otherwise I will not be able to find and read them in time.

Have fun with it!

Felix

[mttq]

Dear Felix, sorry for the late reply... but I was busy in other projects. Just a question: is the new user_cas version compatible with OC 9.1.6? Thanks in advance. Ciao. Max Il 23.07.2017 17:19 Felix Rupp ha scritto:

Hi @mttq [1] @nicktruch [2] and everybody else, I

just released the 1.4.5 version of my user_cas [3] rewrite with OC 10 only support. After a few struggles with 9.1, this version is currently working very well on OC 10 installations. It has also almost all features of the old style user_cas version. The only thing missing is the ldap support, which is part of my next scheduled feature set.

Please report any issues/feature requests you have to the issue tracker on my repository, otherwise I will not be able to find and read them in time.

Have fun with it! Felix -- You are receiving

this because you were mentioned.

Reply to this email directly, view it

on GitHub [4], or mute the thread [5]. Con Mobile Open 7 GB a 9 euro/4 sett navighi veloce con 7 GB di Internet e hai 200 minuti ed SMS a 15 cent. Passa a Tiscali Mobile! http://tisca.li/Open7GB0617

[felixrupp]

Hi @mttq

Yes it is! The current release version 1.4.7 is targeted at OC 9.1.6 and OC 10.0

Greetings,

Felix

[mttq]

Hi Felix, thanks for Your quick reply! Ciao. m. Il 29.09.2017 16:42 Felix Rupp ha scritto:

Hi @mttq [1] Yes it is! The

current release version 1.4.7 [2] is targeted at OC 9.1.6 and OC 10.0

Greetings, Felix -- You are receiving this because you

were mentioned.

Reply to this email directly, view it on GitHub [3],

or mute the thread [4]. Con Mobile Open 7 GB a 9 euro/4 sett navighi veloce con 7 GB di Internet e hai 200 minuti ed SMS a 15 cent. Passa a Tiscali Mobile! http://tisca.li/Open7GB0617