search

google-code-export / rubycas-client

Automatically exported from code.google.com/p/rubycas-client
1 stars 1 forks source link

Single sign-out issues with CAS 3.3 server #26

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Install CAS server
2. Create ROR application with this as a plugin
3. Login, then logout.

What is the expected output? What do you see instead?
1. The single sign out request isn't handled properly. In the regex of the 
single_sign_out(controller) method, the 
raw_post comes in form encoded, the regex doesn't match and the method returns 
'false', which instructs the filter to 
attempt login again. 
2. There are two paths that can cause a logout using CAS. The first, is that 
the user clicks on 'logout' for the ruby 
application itself. This will in turn hit the logout(controller, service = nil) 
method. This method kills the session and 
deletes the file that maps the ST to the Session ID. Then CAS sends the single 
sign out request, which hits the 
single_sign_out method. The single sign out method then can't find the mapping 
file and returns 'false', which instructs 
the filter to login again.
3. The second path is also wrong. If the user clicks 'logout' in a different 
application that they are CAS authenticated, 
CAS will send a sign out request to all applications they are signed-in to. In 
this case, the single_sign_out method does 
find the session and kill it properly. What it fails to do is remove the 
mapping file after this has been accomplished. A 
simple delete_service_session_lookup(si) if si fixes this though.

What version of the product are you using? On what operating system?
Rails 1.2.6, rubycas-client 2.0.1 (source tree HEAD), java CAS server 3.3 on 
OSX 10.5.

Original issue reported on code.google.com by matthewd...@gmail.com on 6 Oct 2008 at 4:40

GoogleCodeExporter commented 9 years ago

Original comment by matt.zuk...@gmail.com on 6 Oct 2008 at 6:36

GoogleCodeExporter commented 9 years ago 
This should be fixed as of revision 178. Tested with CAS Server 3.3. I've also 
made
related changes to RubyCAS-Server to comply with CAS Server 3.3's behaviour.

I'd appreciate it if you were able to verify that this now works for you.

Original comment by matt.zuk...@gmail.com on 29 Oct 2008 at 8:46