rubycas-client 2.x should not redirect to CAS server on every request by default

google-code-export / rubycas-client

Automatically exported from code.google.com/p/rubycas-client

1 stars 1 forks source link

rubycas-client 2.x should not redirect to CAS server on every request by default #16

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. installed client as plugin on existing rails app
2. some of our actions have redirects and the params[:ticket] is not on the
destination page
3. see every redirected request hit the CAS server

What is the expected output? What do you see instead?
I expect the client to store the ticket on a session and use that to
validate it if there is no param called ticket.

What version of the product are you using? On what operating system?
from trunk (2.x) - installed it yesterday

Please provide any additional information below.
I am attaching a patch. I was expecting the behaviour to be the same as in
v1.x (another of our apps is using that older client version and i wasn't
seeing the same behaviour).

Original issue reported on code.google.com by bruno.ma...@gmail.com on 22 Feb 2008 at 5:13

Attachments:

rubycas-client-ticketsession.patch

GoogleCodeExporter commented 9 years ago

I'm not sure I understand... What is the point of keeping the ticket in the 
session?
When the user comes back from the CAS server with a service ticket, the ticket 
is
always added to the URL.

So lets say the user tries to visit the CAS-protected page at
http://example.foo/protected

The CAS filter redirects them to the CAS server, they authenticate, and are 
then sent
back to http://example.foo/protected?ticket=ST-12345

The ticket is now in params[:ticket] and your CAS client will read it and 
validate
it. Once it has been validated, the ticket is no longer usable, so what's the 
point
of keeping it in the session?

If your service is redirecting to another page prior to calling the CAS filter, 
then
I think the answer would be to put the CAS filter first, so that the redirection
doesn't happen until after the ticket is read and validated. Other than that I 
can't
think of another reason why you would want to do this.

Original comment by matt.zuk...@gmail.com on 22 Feb 2008 at 4:30

GoogleCodeExporter commented 9 years ago

Okay I think I understand now what this is about. This is probably related to
http://code.google.com/p/rubycas-client/issues/detail?id=19

I think in the move from 1.x to 2.x I inadvertently changed the behaviour of the
client. It now by default re-checks your authentication with the CAS server, 
whereas
the old client kept the old ticket receipt and just re-used that.

This seems to be causing a lot of problems, so for RubyCAS-Server 2.0.1 I'll 
revert
to the old behaviour.

Original comment by matt.zuk...@gmail.com on 27 Feb 2008 at 8:14

Changed title: rubycas-client 2.x should not redirect to CAS server on every request by default
Changed state: Accepted
Added labels: Milestone-2.0.1

GoogleCodeExporter commented 9 years ago

FYI this has been fixed and will be released in 2.0.1. If you're using the Rails
plugin and have it installed via Subversion, you can just do an update now and 
the
behaviour you're looking for will be restored.

Original comment by matt.zuk...@gmail.com on 27 Feb 2008 at 11:18

Changed state: Fixed