jfritschi
commented
7 years ago Thanks for the report and fix. We fixed the "broken" code long ago but forgot the inline documentation...
Thanks!
Closed erozqba closed 7 years ago
jfritschi
commented
7 years ago Thanks for the report and fix. We fixed the "broken" code long ago but forgot the inline documentation...
Thanks!
Hi, I was looking in the
example_custom_urls.phpfile to know how to made a patch for this issue https://github.com/XavRsl/Cas/issues/37 in another project that uses phpCAS and I find out that the comments are a little confusing:In the line https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_custom_urls.php#L39 it suggest that you should use
phpCAS::setServerProxyValidateURLfor any CAS 2.0 validation, butphpCAS::setServerProxyValidateURLshould be used for the proxy validate URL of any CAS version.In the line https://github.com/Jasig/phpCAS/blob/master/docs/examples/example_custom_urls.php#L41 it suggest that you should use
phpCAS::setServerServiceValidateURLfor any CAS 1.0 validation, butphpCAS::setServerServiceValidateURLshould be used for the validate URL of any CAS version.After looking more into the implementation I found a similar problem in https://github.com/Jasig/phpCAS/blob/master/source/CAS.php file in lines https://github.com/Jasig/phpCAS/blob/master/source/CAS.php#L1315 and https://github.com/Jasig/phpCAS/blob/master/source/CAS.php#L1337
For references look at the CAS protocol specifications https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-Specification.html and to the implementations in the https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php file, of the methods getServerServiceValidateURL in line https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php#L431 and getServerProxyValidateURL in line https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php#L488