The mailing list for listmasters using Sympa

[David Verdin <address@concealed>]

Hi Maja,

Sorry for the late reply.

Maja Wolniewicz a écrit :
> David Verdin pisze:
> > Hi, Maja
> >
> > Maja Wolniewicz a écrit :
> > > I have had two problems in Sympa 5.4.1 configured with CAS-based 
> > > authentication.
> > > The first was: after successful login some operations - actually 
> > > POST operations - fail.
> > > According to the log, each operation causes a CAS redirect.
> > > I've compared Sympa with CAS and Sympa with standard authentication and
> > > found out that after successful login the field email_session in the 
> > > table session_table is set to nobody while using CAS.
> > > After adding in wwsympa.fcg, line 913
> > > $session->{'email'} = $param->{'user'}{'email'};
> > > CAS login and POST operations work without any problem.
> > > Is it a bug?
> > Is was. As Serge wrote, it is now fixed.
> Yes, I can confirm that version 5.4.2 fixes it.
Great!
> > > The second problem - CAS logout didn't work.
> > > It seems that here the CGI::Cookie package is the culprit.
> > > The cookie cas_server is set in the subroutine set_cas_server from 
> > > cookielib.pm
> > >   my $cookie = new CGI::Cookie (-name    => 'cas_server',
> > >                                 -value   => $value,
> > >                                  -domain  => $domain,
> > >                                  -expires => $expires,
> > >                                  -path    => '/'
> > >                                  );
> > >
> > >    ## Send cookie to the client
> > >    printf "Set-Cookie:  %s\n", $cookie->as_string;
> > > When auth.conf has only one CAS authentication definition, $value is 0
> > > The result is the cookie with empty value (value zero converted to "").
> > > During logout in the do_logout subroutine the cookie cas_served is 
> > > checked:
> > > my $cas_id = &cookielib::get_cas_server($ENV{'HTTP_COOKIE'});
> > > and the value "" instead of 0 causes the problem.
> > > I've modified set_cas_server and get_cas_server subroutines. In 
> > > set_cas_server I've added
> > > $value++;
> > > before calling new CGI::Cookie.
> > > In get_cas_server I have now
> > >   my $http_cookie = shift;
> > >    #return &generic_get_cookie($http_cookie, 'cas_server');
> > >    my $value = &generic_get_cookie($http_cookie, 'cas_server');
> > >    $value--;
> > >    return $value;
> > >
> > > and CAS logout works.
> > Didn't the patch we provided fix this problem?
> No, I have had the same problem with CAS logout in 5.4.2, but after 
> upgrading CGI::Cookie to v. 3.35 cas_server cookie is set to 0 and CAS 
> logout works.
OK, so if I increase the Sympa requirements to the version 3.35 of the 
CGI module, it should fix your problem without any change in the code?
> > We had the same problem - with only one CAS server, too - and we can 
> > now log out normally.
> > > By the way, I've implemented CAS Single Sign Out in our sympa, which 
> > > can be used with CAS v. 3.1.x. Anyone interested in my modifications?
> > Sure we are!
> > For now, we only implemented CAS v2. We originally produced a perl 
> > module implementing CAS. We finally diverged from it but are willing 
> > to reintroduce its usage.
> > So if you submit your work, we would modify this module according to 
> > it, and restart using it in Sympa.
> > If it is OK with you, we would be happy to include your work in Sympa.
> My CAS SSOut changes, which I've sent you yesterday work in version 
> 5.4.2.
Good.
A remark from one of my colleagues:
"I don't see which event triggers the logout from the CAS server's 
initiative".

Cheers,
> Maja
> > Cheers,
> > > Greetings
> > > Maja

--
David Verdin
Comité réseau des universités