" token provided was not found. Please try again " Error

[Mehrdad Tashakori]

I want to configure Cert for our vACC website authentication.

I don't get any error when I am using Demo version 'http://sso.hardern.net/server/' for testing my code, all things are fine!

But when I switch to Online Version 'https://cert.vatsim.net/sso/', I get "token provided was not found. Please try again" error and after click on login button, the cert redirect page to vatsim dashboard instead of our website main page !

 

Notes:

1. our cert account has main IP (www.vACChost.com) and additional IP (our VPS)

2. I use additional ip for this project, I reach it by subdomain ( http://subdomain.vACChost.com )

3. I set our vACC "sso key" and "sso secret key" correctly !

 

It would be appreciated if you could help me.

Edited November 21, 2014 at 10:05 PM by Guest

[Kieran Hardern]

I just responded to an email about this - so I presume you two are working on the same site. If that's the case can you coordinate the communication so that it's all in one place

 

If it says "token provided was not found", it means that you aren't sending the correct token in the redirect (i.e. when you send the member to the SSO). Depending upon your setup, this is quite possibly that either the token is missing (check you're receiving it and sending it on correctly) and/or you're asking the demo site for a token and then sending people to the live site. Make sure everything is updated to the live site and not just the redirect.

[Mehrdad Tashakori]

Thanks Kieran

As you presume both of us are working on the same website, but I decide to post it here too, may be some one else has the same problem and can use our discussion

 

Actually when I switch to the LIVE version from DEMO version I change configuration as bellow:

1. $sso['base'] = 'https://cert.vatsim.net/sso/';

2. $sso['key'] = 'vACC Key'

3. $sso['secret'] = 'vACC secret Key'

 

Is it possible the error is outcome of our Apache SSL configuration ? because the cert works on the https protocol !

Edited November 21, 2014 at 10:20 PM by Guest

[Kieran Hardern]

Is this using my demo code?

 

https://bitbucket.org/KHardern/vatsim-sso-demo/src

[Mehrdad Tashakori]

I compare all of my code with the link, both of them are the same !

 

* @author Kieran Hardern

* @version 0.2

[Kieran Hardern]

For reference in the "developer's perspective" section:http://forums.vatsim.net/viewtopic.php?f=134&t=64911

 

"Token provided was not found"

 

Occurs in #3/4 when the "request token" that was provided is sent with the redirect and then the SSO system doesn't recognise it. This means that either no token is returned and you're sending a blank field, the token is returned but you're sending the wrong value, some error in processing is occurring that causes a mismatch in the tokens or the token has timed out.

 

It is possible that you're openssl isn't correctly encrypting the data being sent to us and you're not handling the errors correctly, but that's unlikely unless your version is several years out of date (4 or more at a guess). Your Apache should make no difference as it won't be handling the requests ([Mod - Happy Thoughts]uming you're using a similar method to my code).

[Kieran Hardern]

I compare all of my code with the link, both of them are the same !

 

* @author Kieran Hardern

* @version 0.2

 

Any modifications to the code? or are you trying the demo code alone?

[Mehrdad Tashakori]

index.php

 

if ($user){

// One-time use of tokens, token no longer valid

unset($_SESSION[sSO_SESSION]);

 

(Add some session to receive users info)

 

//redirect back to our application

header("Location:../");

 

// do not proceed to send the user back to VATSIM

die();

}

[Mehrdad Tashakori]

PHP Version 5.3.20

 

Server's cURL info :

 

cURL support enabled

cURL Information 7.27.0

Age 3

Features

AsynchDNS Yes

Debug No

GSS-Negotiate Yes

IDN No

IPv6 Yes

Largefile Yes

NTLM Yes

SPNEGO No

SSL Yes

SSPI Yes

krb4 No

libz Yes

CharConv No

Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, ldap, pop3, pop3s, rtsp, scp, sftp, smtp, smtps, telnet, tftp

Host i386-pc-win32

SSL Version OpenSSL/1.0.1c

ZLib Version 1.2.7

libSSH Version libssh2/1.4.2

[Mehrdad Tashakori]

For more information

 

I test "https://bitbucket.org/KHardern/vatsim-sso-demo/src" without any modification in other webhost which is hosted by cPanel with both encryption methods.

 

Just change these lines in config.php :

 

Line #18: $sso['base'] = 'https://cert.vatsim.net/sso/';

Line #23: $sso['key'] = 'vACC Key';

Line #29: $sso['secret'] = 'vACC secret Key';

Line #54: $sso['method'] = 'HMAC'; OR $sso['method'] = 'RSA';

 

The results were "The token provided was not found. Please try again" ERROR

 

I think the problem is something else !!!

 

Any suggestion ?

[Kieran Hardern]

I've given you the list of possible causes above. You need to debug this!

 

E.g. add:

print_r($token); die();

 

...onto line 88 to see if you're actually getting a token. Go through my list and work out where the problem is.