Hi, Thanks for the feedback.
@Misagh: do you have any plan on this? Best regards, Jérôme Le lun. 7 juin 2021 à 17:41, Daniel Ellentuck <[email protected]> a écrit : > Hi Jerome, et. al., > > I agree, and that would be a nice first step. I wound up adding code in > which a given registered service is only authorized for use with a specific > list of protocols, and an attempt to access the registered service (e.g., > by findServiceBy(Service)) for an unauthorized protocol returns null. > > Dan > > Dan Ellentuck > Columbia University I.T. > > > On Mon, Jun 7, 2021 at 4:07 AM Jérôme LELEU <[email protected]> wrote: > >> Hi, >> >> I have this SAML SP definition in CAS: >> >> { >> "@class" : "org.apereo.cas.support.saml.services.SamlRegisteredService", >> "serviceId" : "http://localhost:8081.*"; >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8081.-2A-2522&d=DwQFaQ&c=009klHSCxuh5AI1vNQzSO0KGjl4nbi2Q0M1QLJX9BeE&r=-mB15dnBKNLdHrR8X3_Clw&m=MMq2PDYGP2WsYd3mmC_2FG6n4utfcneLwsfVeGJAKVw&s=KQ8qDkmI7UpPoBJqooKSXoX1ZED8H9UHUgtNp-NBjmo&e=>, >> "name" : "SAMLService", >> "id" : 1, >> "evaluationOrder" : 1, >> "metadataLocation" : >> "/Users/jleleu/sources/spring-webmvc-pac4j-boot-demo/sp-metadata.xml" >> } >> >> >> And I have realized that I can log in using the CAS protocol with the >> same service definition : >> >> >> http://localhost:8080/cas/login?service=http%3A%2F%2Flocalhost%3A8081%2Fcallback%3Fclient_name%3DCasClient >> <https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost-3A8080_cas_login-3Fservice-3Dhttp-253A-252F-252Flocalhost-253A8081-252Fcallback-253Fclient-5Fname-253DCasClient&d=DwMFaQ&c=009klHSCxuh5AI1vNQzSO0KGjl4nbi2Q0M1QLJX9BeE&r=-mB15dnBKNLdHrR8X3_Clw&m=MMq2PDYGP2WsYd3mmC_2FG6n4utfcneLwsfVeGJAKVw&s=mapZS2wG2rZ3Hf2l_3QsYCKkRBtQisWhAMRhowYTwds&e=> >> >> I would have expected the SAML definition not to work for the CAS >> protocol. >> >> More generally, I have the feeling that protocols are not sufficiently >> differentiated in CAS. >> I'm thinking about the SamlIdPSingleLogoutServiceMessageHandler and the >> DefaultSingleLogoutServiceMessageHandler components although there might >> be better examples. >> >> We have built the SAML, OAuth and OIDC protocols on top of the CAS >> protocol while CAS should be somehow alongside the other protocols. >> >> In terms of design, as a first step, I would make RegexRegisteredService an >> abstract class and create a *CasRegisteredService* (inheriting from it) >> like we have a SamlRegisteredService, a OAuthRegisteredService... >> >> This may be a huge change better targeted at v6.5 or even v7. >> >> Does it make sense? >> >> Thanks. >> Best regards, >> Jérôme >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Developer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CAP279LzNmaCyk1f_ugJRcQbTappYN8zkKZnw6YAfYdyJZpK7HA%40mail.gmail.com >> <https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_a_apereo.org_d_msgid_cas-2Ddev_CAP279LzNmaCyk1f-5FugJRcQbTappYN8zkKZnw6YAfYdyJZpK7HA-2540mail.gmail.com-3Futm-5Fmedium-3Demail-26utm-5Fsource-3Dfooter&d=DwMFaQ&c=009klHSCxuh5AI1vNQzSO0KGjl4nbi2Q0M1QLJX9BeE&r=-mB15dnBKNLdHrR8X3_Clw&m=MMq2PDYGP2WsYd3mmC_2FG6n4utfcneLwsfVeGJAKVw&s=P-KbBR7VRxjIr5e8vpi_BrdkJyjXcA-mDvmdXdFcaYs&e=> >> . >> > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CAP279LwwkU8Y9%2BJ_JbJQMAt%2Be5VoPnXxUkH%2B_e1rzs%2BbEj8Adw%40mail.gmail.com.
