cedric-anne
commented
1 year ago Hi,
We identified this issue on friday and planned to fix this soon.
Closed scar63 closed 1 year ago
cedric-anne
commented
1 year ago Hi,
We identified this issue on friday and planned to fix this soon.
cedric-anne
commented
1 year ago @scar63
Could you test following patch ?
diff --git a/front/logout.php b/front/logout.php
index 2aae7b365f..a5e689f95f 100644
--- a/front/logout.php
+++ b/front/logout.php
@@ -59,6 +59,7 @@ if (
$CFG_GLPI["cas_host"],
intval($CFG_GLPI["cas_port"]),
$CFG_GLPI["cas_uri"],
+ $CFG_GLPI["url_base"],
false
);
phpCAS::setServerLogoutURL(strval($CFG_GLPI["cas_logout"]));
diff --git a/src/Auth.php b/src/Auth.php
index d4b1202122..ec68dced20 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -501,6 +501,7 @@ class Auth extends CommonGLPI
$CFG_GLPI["cas_host"],
intval($CFG_GLPI["cas_port"]),
$CFG_GLPI["cas_uri"],
+ $CFG_GLPI["url_base"],
false
);@scar63
Could you try it ?
scar63
commented
1 year ago @cedric-anne
Yes i just tried it and i confirm that it works.
Thanks for this patch
Code of Conduct
Is there an existing issue for this?
Version
all
Bug description
Due to a security vulnerability ( https://github.com/apereo/phpCAS/security/advisories/GHSA-8q72-6qq8-xv64), the phpCAS library must be updated to version 1.6.0.
A new field has been added to the CAS class constructor to define the base URL of the service (cf. https://github.com/apereo/phpCAS/blob/master/docs/Upgrading), and this is not implemented on the glpi side...
The update cannot therefore be done.
Relevant log output
No response
Page URL
No response
Steps To reproduce
No response
Your GLPI setup information
No response
Anything else?
No response