Comments (4)
The jasig CAS (the mainline implementation) send the logout request in a POST parameter called logoutRequest.
You can also see that phpCAS use this POST parameter to see if the request is a logout request https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php#L1696.
Idem for rubycas-client-rails https://github.com/rubycas/rubycas-client-rails/blob/master/lib/rubycas-client-rails.rb#L290 or the omniauth-cas client https://docs.omniref.com/ruby/gems/eriko-omniauth-cas/1.0.5/symbols/OmniAuth::Strategies::CAS::LogoutRequest#line=34
I think it could be easier to have mama-cas to send the POST parameter than to modify all CAS clients.
We should not be checking for logout request if CAS_VERSION < 3 as it is only suported by CAS_VERSION == 3 and SAML 1.1.
I personally do not use django-mama-cas because I found its policy about who can get a ProxyGrantingTicket way too permissive. The mainline jasig CAS server require each registered application in the registry to be explicitly configured to allow for proxy authentication.
For your information (I do not know if you are familiar with the CAS protocol) once something get a ProxyGrantingTicket for a user, it can connect pretty much to every apps using the CAS as this user. At the current time, every services allowed to authenticate against the CAS (ie inside MAMA_CAS_VALID_SERVICES) are de-facto allowed to retrieve a PGT jbittel/django-mama-cas#26
from django-cas-ng.
Hi,
Yes, I see your point. Let me ask django-mama-cas project about that.
Thanks for the prompt reply!
from django-cas-ng.
I am planning to rework how services are validated in django-mama-cas to allow for per-service configuration, including allowing/disallowing proxy authentication. Thanks for the reminder!
from django-cas-ng.
Hi, this has been fixed in django-mama-cas, thank you!
from django-cas-ng.
Related Issues (20)
- CAS_CHECK_NEXT no longer supports callable? HOT 1
- DataError at /accounts/login/ value too long for type character varying(255)
- Exception Value: mismatched tag: line 50, column 75
- Invalid next URLs in login causes a server error HOT 2
- Not an issue , but a doubt , so the user attributes from django mama cas are contained in the st ticket and they get loaded into user table ? HOT 1
- Failed when `python manage.py migrate` HOT 3
- Django >= 3.2.7 requires new migration script HOT 2
- Single Logout ignores `CAS_ROOT_PROXIED_AS` setting
- Please make a release HOT 2
- ParseError: not well-formed (invalid token): line 1, column 854 HOT 1
- Can't request XML content using by requests HOT 1
- CAS Affiliation support HOT 2
- django.db.utils.OperationalError: (1071, 'Specified key was too long; max key length is 3072 bytes') HOT 5
- Redirect url error when passing absolute rute to next param on logout view
- CAS_APPLY_ATTRIBUTES_TO_USER does not appear to add any attributes to user HOT 2
- doc: `CAS_ADMIN_REDIRECT` is not documented HOT 1
- Live Demo on https://djangocas.dev is not working
- Documentation changelog not updated
- [solved][nobug] CAS_USERNAME_ATTRIBUTE
- Internal Server Error: /accounts/login/ (duplicate key constraint)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-cas-ng.