Ticket does not match supplied service

  • Hi,
    I have a similar issue with the post below

    https://www.ads-software.com/support/topic/cas-authentication-failed-2/

    the difference is I am not using AWS loadbalancer but I just use Nginx to force my site in https. I got the same error response from CAS

    <cas:serviceResponse xmlns:cas='https://www.yale.edu/tp/cas'>
	<cas:authenticationFailure code='INVALID_SERVICE'>
		Ticket 'xxxxx-casauth' does not match supplied service. The original service was 'https://www.somedomain.com/wp-admin/' and the supplied service was 'https://somedomain.com/wp-admin/'.
	</cas:authenticationFailure>
</cas:serviceResponse>

    May I know how and where to define the original service and the supplied service? When the login page route to CAS, the URL https://mycas.com/cas/login?service=https://www.somedomain.com/wp-admin/ contain the “s” in the service parameter as well, while my site is running in https too. So how does CAS knew it is without “s”??

    Thank you.

    • This topic was modified 7 years, 8 months ago by anfieldleung.
Viewing 1 replies (of 1 total)

  • We’re experiencing a related problem with wp-login.php. I think the root issue is that wp_cassify_get_service_callback_url relies on home_url() to build the callback, but home_url can’t be relied on to return a login page over HTTPS. See https://core.trac.www.ads-software.com/ticket/16822 for why. I think you can safely replace home_url() with site_url() to achieve the desired behavior.

Viewing 1 replies (of 1 total)
  • The topic ‘Ticket does not match supplied service’ is closed to new replies.