The mailing list for listmasters using Sympa

[Maja Wolniewicz <address@concealed>]

David Verdin pisze:
> Hi, Maja
>
> Maja Wolniewicz a écrit :
> > I have had two problems in Sympa 5.4.1 configured with CAS-based 
> > authentication.
> > The first was: after successful login some operations - actually POST 
> > operations - fail.
> > According to the log, each operation causes a CAS redirect.
> > I've compared Sympa with CAS and Sympa with standard authentication and
> > found out that after successful login the field email_session in the 
> > table session_table is set to nobody while using CAS.
> > After adding in wwsympa.fcg, line 913
> > $session->{'email'} = $param->{'user'}{'email'};
> > CAS login and POST operations work without any problem.
> > Is it a bug?
> Is was. As Serge wrote, it is now fixed.
Yes, I can confirm that version 5.4.2 fixes it.
> > The second problem - CAS logout didn't work.
> > It seems that here the CGI::Cookie package is the culprit.
> > The cookie cas_server is set in the subroutine set_cas_server from 
> > cookielib.pm
> >   my $cookie = new CGI::Cookie (-name    => 'cas_server',
> >                                 -value   => $value,
> >                                  -domain  => $domain,
> >                                  -expires => $expires,
> >                                  -path    => '/'
> >                                  );
> >
> >    ## Send cookie to the client
> >    printf "Set-Cookie:  %s\n", $cookie->as_string;
> > When auth.conf has only one CAS authentication definition, $value is 0
> > The result is the cookie with empty value (value zero converted to "").
> > During logout in the do_logout subroutine the cookie cas_served is 
> > checked:
> > my $cas_id = &cookielib::get_cas_server($ENV{'HTTP_COOKIE'});
> > and the value "" instead of 0 causes the problem.
> > I've modified set_cas_server and get_cas_server subroutines. In 
> > set_cas_server I've added
> > $value++;
> > before calling new CGI::Cookie.
> > In get_cas_server I have now
> >   my $http_cookie = shift;
> >    #return &generic_get_cookie($http_cookie, 'cas_server');
> >    my $value = &generic_get_cookie($http_cookie, 'cas_server');
> >    $value--;
> >    return $value;
> >
> > and CAS logout works.
> Didn't the patch we provided fix this problem?
No, I have had the same problem with CAS logout in 5.4.2, but after 
upgrading CGI::Cookie to v. 3.35 cas_server cookie is set to 0 and CAS 
logout works.
> We had the same problem - with only one CAS server, too - and we can now 
> log out normally.
> > By the way, I've implemented CAS Single Sign Out in our sympa, which 
> > can be used with CAS v. 3.1.x. Anyone interested in my modifications?
> Sure we are!
> For now, we only implemented CAS v2. We originally produced a perl 
> module implementing CAS. We finally diverged from it but are willing to 
> reintroduce its usage.
> So if you submit your work, we would modify this module according to it, 
> and restart using it in Sympa.
> If it is OK with you, we would be happy to include your work in Sympa.
My CAS SSOut changes, which I've sent you yesterday work in version 5.4.2.

Maja
> Cheers,
> > Greetings
> > Maja


--
Maja Gorecka-Wolniewicz          address@concealed
             http://www.umk.pl/~mgw
             PGP key: http://www.umk.pl/~mgw/pgp_pub_key.asc
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574