rbCAS / CASino

CASino is a Ruby-based Single Sign-On solution supporting the CAS standard
MIT License
331 stars 189 forks source link

Support for ActiveRecord-based Auth Token Signers #127

Open djmassad opened 9 years ago

djmassad commented 9 years ago

Hi,

I have implemented a feature to store the public keys of the Auth Token Signers in a table so that we do not have to include them in source control (or when deploying to Heroku).

Also, I have included some rake tasks to facilitate with this:

rake casino:auth_token_signer:add:env[name,env_key]                    # Add Auth Token Signer from environment variable
rake casino:auth_token_signer:add:file[name,public_key_pem_file_path]  # Add Auth Token Signer from PEM file
rake casino:auth_token_signer:add:stdin[name]                          # Add Auth Token Signer from STDIN
rake casino:auth_token_signer:disable[id]                              # Disable Auth Token Signer
rake casino:auth_token_signer:enable[id]                               # Enable Auth Token Signer
rake casino:auth_token_signer:list                                     # List Auth Token Signers
rake casino:auth_token_signer:remove[id]                               # Remove Auth Token Signer

Thanks,

David Massad

pencil commented 9 years ago

LGTM! Do you think it would make sense to remove support for file-based Auth Token Signers?

djmassad commented 9 years ago

That makes sense. I implemented this feature because I wanted to have separate Auth Token Signers for my production and sandbox environments, in addition to keeping the public keys out of source control.

I figured storing the keys in a single table is easy to manage. They can easily be maintained either by using the rake tasks or by creating/updating/deleting rows from the casino_auth_token_signers table directly.

djmassad commented 9 years ago

I squashed a really nasty bug having to do with proxy tickets. The while loop in the CASino::TicketValidationResponseBuilder.build method was not traversing up to the service ticket, resulting in a locked-up server utilizing 100% CPU. This pull request includes the fix.

pencil commented 8 years ago

Thanks. Could you please merge master, looks like there is some conflict.

djmassad commented 8 years ago

I'm not sure if you saw that I had merged master with this branch per your request.

Also, is the Auth Token Login implementation part of the CAS specification, or is it specific to CASino?