Open djmassad opened 9 years ago
LGTM! Do you think it would make sense to remove support for file-based Auth Token Signers?
That makes sense. I implemented this feature because I wanted to have separate Auth Token Signers for my production and sandbox environments, in addition to keeping the public keys out of source control.
I figured storing the keys in a single table is easy to manage. They can easily be maintained either by using the rake tasks or by creating/updating/deleting rows from the casino_auth_token_signers
table directly.
I squashed a really nasty bug having to do with proxy tickets. The while
loop in the CASino::TicketValidationResponseBuilder.build
method was not traversing up to the service ticket, resulting in a locked-up server utilizing 100% CPU. This pull request includes the fix.
Thanks. Could you please merge master
, looks like there is some conflict.
I'm not sure if you saw that I had merged master
with this branch per your request.
Also, is the Auth Token Login implementation part of the CAS specification, or is it specific to CASino?
Hi,
I have implemented a feature to store the public keys of the Auth Token Signers in a table so that we do not have to include them in source control (or when deploying to Heroku).
Also, I have included some rake tasks to facilitate with this:
Thanks,
David Massad