-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implements CASValidateRedirectTicket to allow skipping 302 redirect after ticket validation #51
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 2dfb2fc64afbb56cc6d3be274981e5cc1f5b37af Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Tue Sep 18 09:04:07 2012 -0300 Make the unit test ever so slightly more useful by actually checking all return values and using the proper regex for case-insensitive non-capturing group commit cbd22f8a3d976df590ceb8743ed7e01891ece985 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Mon Sep 17 10:10:33 2012 -0300 Add a test to validate using the regex ?i modifier commit a074ec9eb84057907806bd5fb991d10e39fc402f Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Mon Sep 17 08:28:39 2012 -0300 Use case-sensitive matching. Modify unit test to validate that case matters. commit 84d76f9f0b42ac6f6ede7744e011b2fa9af598e9 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Thu Sep 13 11:14:04 2012 -0300 Adding a note that the matching is case-insensitive commit 951af91e3741ef7d204501daccae2a0589c65edc Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 11:22:01 2012 -0300 Adding configure check for libpcre, compliments of bnoordhuis commit e11e621fbd3b9a8d2f933e24f856eff669f71b4b Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 10:19:02 2012 -0300 Removing unneeded parens around function pointer call commit be0783a36a97e6ec0859803a120daefa9bf78469 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 09:50:47 2012 -0300 Fixing style issues commit af2a82b45110fcb0e03853e8b79f100a94ae6060 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Aug 24 22:24:58 2012 -0300 Update README files to note libpcre dependency and the second form of "Require cas-attribute". commit f2bdf899ea841e2c18eb7efd7d18044ddd557d26 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Aug 24 21:55:41 2012 -0300 Use PCRE library instead of ap_regex. Fix unit test so it isn't ignored. commit 3be2d44ce0b12fd3587f1b434372b46706ca8548 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Thu Aug 23 14:57:10 2012 -0300 First shot at regex value matching
…redirect after ticket validation. This allows CAS enabled web services without the clients required to handle a 302 redirect.
Per CAS-951 CAS 3.5.1 uses Java OpenSAML 2.x, which introduces minor changes into the XML payload sent to clients. Unfortunately these changes breaks the XML parsing routine for SAML in m-a-c. The patch here is intended to support 3.5.1 and previous versions and has been tested against both 3.5.1 and 3.4.12.
The old XML parsing code assumed a specific document structure, and located elements by their position in the document rather than by their name. This made the parser very fragile. For example, when CAS switched from OpenSAML 1.1 to OpenSAML 2.x (per CAS-951 in CAS 3.5.1), some minor changes in the XML document structure of SAML responses were introduced, which broke the old XML parsing code. This new parsing code searches for elements by name, making it more robust.
commit 2dfb2fc64afbb56cc6d3be274981e5cc1f5b37af Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Tue Sep 18 09:04:07 2012 -0300 Make the unit test ever so slightly more useful by actually checking all return values and using the proper regex for case-insensitive non-capturing group commit cbd22f8a3d976df590ceb8743ed7e01891ece985 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Mon Sep 17 10:10:33 2012 -0300 Add a test to validate using the regex ?i modifier commit a074ec9eb84057907806bd5fb991d10e39fc402f Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Mon Sep 17 08:28:39 2012 -0300 Use case-sensitive matching. Modify unit test to validate that case matters. commit 84d76f9f0b42ac6f6ede7744e011b2fa9af598e9 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Thu Sep 13 11:14:04 2012 -0300 Adding a note that the matching is case-insensitive commit 951af91e3741ef7d204501daccae2a0589c65edc Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 11:22:01 2012 -0300 Adding configure check for libpcre, compliments of bnoordhuis commit e11e621fbd3b9a8d2f933e24f856eff669f71b4b Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 10:19:02 2012 -0300 Removing unneeded parens around function pointer call commit be0783a36a97e6ec0859803a120daefa9bf78469 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Sep 7 09:50:47 2012 -0300 Fixing style issues commit af2a82b45110fcb0e03853e8b79f100a94ae6060 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Aug 24 22:24:58 2012 -0300 Update README files to note libpcre dependency and the second form of "Require cas-attribute". commit f2bdf899ea841e2c18eb7efd7d18044ddd557d26 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Fri Aug 24 21:55:41 2012 -0300 Use PCRE library instead of ap_regex. Fix unit test so it isn't ignored. commit 3be2d44ce0b12fd3587f1b434372b46706ca8548 Author: Joel Goguen <jgoguen@jgoguen.ca> Date: Thu Aug 23 14:57:10 2012 -0300 First shot at regex value matching
Handle the edge case where gateway-ing is enabled, the upstream CAS session has expired but the client still sends a MOD_AUTH_CAS cookie. If we redirect to the CAS server with a query string of "service=request_uri&gateway=true", we'd create an infinite loop. See https://issues.jasig.org/browse/MAS-52
Conflicts: README src/mod_auth_cas.c src/mod_auth_cas.h
Closing this as I rebased this PR and realigned the parameter naming. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This implements identical functionality like the JASIG java cas client to allow bypassing the 302 redirect on successful ticket validation.