I have implemented a SSO service and, after a lot of days, I have got it. But now I have a problem, the CAS service (SSO) works if you are in the local network and in another network which is located in the same place, but if I connect from external network I'm not able to connect. I can access to service but in one step it fails with an error: connection refused.
I use phpCAS in order to authenticate to the service and the log is this:
3CEF .=> phpCAS::forceAuthentication() [portal.php:16]
3CEF .| => CAS_Client::forceAuthentication() [CAS.php:1098]
3CEF .| | => CAS_Client::isAuthenticated() [Client.php:1280]
3CEF .| | | => CAS_Client::_wasPreviouslyAuthenticated() [Client.php:1393]
3CEF .| | | | no user found [Client.php:1635]
3CEF .| | | <= false
3CEF .| | | CAS 2.0 ticket `ST-7-6cgDalH6VPKQ5vE6SyCB-cas' is present [Client.php:1447]
3CEF .| | | => CAS_Client::validateCAS20('', NULL, NULL, false) [Client.php:1450]
3CEF .| | | | [Client.php:3169]
3CEF .| | | | => CAS_Client::getServerServiceValidateURL() [Client.php:3176]
3CEF .| | | | | => CAS_Client::getURL() [Client.php:453]
3CEF .| | | | | | Final URI: https://www.XX.com/portal.php [Client.php:3548]
3CEF .| | | | | <= 'https://www.XX.com/portal.php'
3CEF .| | | | <= 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php'
3CEF .| | | | => CAS_Client::_readURL('https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas', NULL, NULL, NULL) [Client.php:3191]
3CEF .| | | | | => CAS_Request_CurlRequest::sendRequest() [AbstractRequest.php:242]
3CEF .| | | | | | curl_exec() failed [CurlRequest.php:77]
3CEF .| | | | | <= false
3CEF .| | | | <= false
3CEF .| | | | could not open URL 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas' to validate (CURL error #7: Failed to connect to XX.com port 8442: Connection refused) [Client.php:3194]
3CEF .| | | | => CAS_AuthenticationException::__construct(CAS_Client, 'Ticket not validated', 'https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas', true) [Client.php:3198]
3CEF .| | | | | => CAS_Client::getURL() [AuthenticationException.php:77]
3CEF .| | | | | <= 'https://www.XX.com/portal.php'
3CEF .| | | | | CAS URL: https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas [AuthenticationException.php:80]
3CEF .| | | | | Authentication failure: Ticket not validated [AuthenticationException.php:81]
3CEF .| | | | | Reason: no response from the CAS server [AuthenticationException.php:83]
3CEF .| | | | | exit()
3CEF .| | | | | -
3CEF .| | | | -
3CEF .| | | -
3CEF .| | -
3CEF .| -
As I said, it works in a local and in a "semi-local" network, but I can't authenticate from external network.
I have the port 8442 open and, for some reason, from external network port 8442 is closed. I know that this is the problem but I don't know how to do to put this port listening the application. In fact, CAS service is located in a server and WebService (login, portal...) is located into another server. I have been configuring firewall but probably I'm doing something bad but I don't know what can be because in local it is working perfectly.
If I enter the URL of validateService with service and ticket (https://XX.com:8442/cas/serviceValidate?service=https%3A%2F%2Fwww.XX.com%2Fportal.php&ticket=ST-7-6cgDalH6VPKQ5vE6SyCB-cas) on browser I get the username correctly, so I don't know why in the transaction of phpCAS is not working.
I hope you can help me, thanks for your answers!
You are getting connection refused. That is clearly a firewall issue. If you have deployed your CAS application on a server, make sure that server is on the proper secure firewall zone that can be accessed externally. A network security person in your organization should be able to help you with this.