safaacar / rubycas-server

Automatically exported from code.google.com/p/rubycas-server
GNU Lesser General Public License v2.1
0 stars 0 forks source link

Running without SSL #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
For demo purposes and to introduce Rubycas-Server to our organization, I
have tried to setup Rubycas-server on Windows. After successfully demoing
the Java cas.war implementation on Windows without SSL, I wanted to switch
to Rubycas-server.

The first step is to enable it to run without SSL just for demos. I updated
config.yml and commented out ssl_cert. The updated postambles.rb is
attached to support the non-ssl runtime.

Additionally, I added a "default" authenticator default.rb that matches the
out of the box behavior of the Java cas server. I.e. If the userid and
password are the same it returns true.

I must be missing something in disabling SSL, because every time the
validation is being performed, it is returning:
BAD RESPONSE FROM CAS SERVER:

XML DOC:
<UNDEFINED/>

What steps will reproduce the problem?
1. Update the files as above to allow non-ssl
2. Access the application
3. Login to the Ruby-cas server with userid: test and password: test
4. Application fails on validate step

What version of RubyCAS-Server are you using? How is it installed (rubygem,
manual install)? How are you running it (webrick, mongrel, cgi, etc.)? 
V0.3.0 via ruby gems install

If relevant, please paste your RubyCAS-Server config.yml file here.
attached

Please provide any additional information below.
Running on Windows with Ruby 1.8.6

Output from rubycas-server:
localhost - - [05/Jun/2007:15:53:49 Eastern Daylight Time] "GET
/themes/urbacon/logo.png HTTP/1.1" 500 382
http://127.0.0.1:3010/login?service=http%3A%2F%2F127.0.0.1%3A3000%2Fadmin%3Facti
on%3Dindex%26controller%3Dadmin -> /themes/urbacon/logo.png
Username:'test' Password:'test'
localhost - - [05/Jun/2007:15:53:55 Eastern Daylight Time] "POST /login
HTTP/1.1" 302 0
http://127.0.0.1:3010/login?service=http%3A%2F%2F127.0.0.1%3A3000%2Fadmin%3Facti
on%3Dindex%26controller%3Dadmin -> /login
localhost - - [05/Jun/2007:15:53:55 Eastern Daylight Time] "GET
/proxyValidate?s
ervice=http%3A%2F%2F127.0.0.1%3A3000%2Fadmin%3Faction%3Dindex%26controller%3Dadm
in&ticket=ST-1181073235r4DD618095FEEA20C81996EACE5B HTTP/1.1" 200 0
- ->
/proxyValidate?service=http%3A%2F%2F127.0.0.1%3A3000%2Fadmin%3Faction%3Dind
ex%26controller%3Dadmin&ticket=ST-1181073235r4DD618095FEEA20C81996EACE5B

Original issue reported on code.google.com by ruby...@gmail.com on 5 Jun 2007 at 7:55

Attachments:

GoogleCodeExporter commented 9 years ago
I think you might have an easier time just using a self-signed SSL certificate 
than
trying to completely disable SSL. CAS is designed to work with SSL, and trying 
to get
around this probably won't get you far.

Even if you disable SSL on the server-side, your CAS client will probably still 
try
to connect via secure HTTP. For example, the RubyCAS-Client will always try to 
use
SSL, regardless of whether you use an http or https address.

In short, either use a self-signed certificate, or get a free one from a CA. 
These
instructions should get you started on creating a self-signed certificate:
http://sial.org/howto/openssl/self-signed/. Alternatively,
http://www.rapidssl.com/ssl-certificate-products/free-ssl/freessl.htm will get 
you a
fully-functioning 30 day certificate that you should be able to use with 
RubyCAS-Server.

Let me know if this still doesn't help.... if you really insist on not using 
SSL, in
addition to the changes you made in the server, you could try disabling 
encryption in
RubyCAS-Client by editing lib/cas.rb and changing "https.use_ssl = true" to
"https.use_ssl = false" (should be around line 64) -- although I can't 
guarantee that
this will work.

Original comment by matt.zuk...@gmail.com on 5 Jun 2007 at 9:06

GoogleCodeExporter commented 9 years ago
I've attached a self-signed SSL certificate that you should be able to use with
RubyCAS-Server for demo purposes. This .pem contains the key and the cert, so 
just
use the ssl_cert option in  your config.yml.

Original comment by matt.zuk...@gmail.com on 5 Jun 2007 at 9:25

Attachments:

GoogleCodeExporter commented 9 years ago
Thank you for the cert, it allowed me to confirm that both SSL and Non-SSL are
working correctly.

After much pain and suffering (debugging camping framework) it turns out that 
the
problem above is due to bugs in the camping framework. The latest camping gem
(october last year! ) has syntax errors and other bugs in it.

Only after grabbing the latest camping source code from SVN were we able to get
rubycas-server to work against a dummy Authorization module. See default.rb 
above

Have you considered making rubycas-server available on Ruby on Rails?

This will also allow us to move our existing RoR login screens onto 
rubycas-server.
We want to introduce rubycas-server into our existing customer facing RoR web
applications without any obvious changes.

Original comment by ruby...@gmail.com on 19 Jun 2007 at 5:24

GoogleCodeExporter commented 9 years ago
Ah yes you're right, RubyCAS-Server requires Camping 1.5.180, which is only 
available
via SVN. I totally forgot to mention this in installation docs (I guess maybe I
assumed the new version would be released by now).

I'll add the note to the installation wiki.

Regarding moving RubyCAS-Server from Camping to Rails -- the main problem is 
that
Rails handles requests synchronously. Why this is a problem is a bit difficult 
to
explain without getting into the details of how the CAS protocol works, but 
basically
it means that Rails is not a suitable platform for a CAS server. Anyway, Rails 
is
meant for CRUD-based, UI-heavy apps, not back-end servers like RubyCAS-Server.

Original comment by matt.zuk...@gmail.com on 19 Jun 2007 at 6:14

GoogleCodeExporter commented 9 years ago

Original comment by matt.zuk...@gmail.com on 19 Jun 2007 at 9:57

GoogleCodeExporter commented 9 years ago
I should add to this that RubyCAS-Server should work just fine with Camping 1.5 
as
long as you're not using Mongrel. For Mongrel, you'll need 1.5.180 (and
RubyCAS-Server already checks to make sure that you have this if you try to run 
using
Mongrel).

Original comment by matt.zuk...@gmail.com on 19 Jun 2007 at 10:02