Hi Ray, Thanks for the explanation, it's clear and fair enough.
Regarding the existing phpCAS library we evaluated it already and we would like something simpler, fully tested and unopinionated, this is why I started PSR CAS. I don't say that phpCAS is bad, far from that, I just say that we would like something smaller, that just do what it's supposed to do, authentication without touching the session or handling the cache. PSR CAS only uses PSR Interfaces and can be used by any framework without too much effort. It's a huge work in progress and as I just succeeded to get a local instance of a CAS server running locally thanks to this tool <https://github.com/crpeck/cas-overlay-docker> (*with proxy authentication ! yeah!*) I will continue the development actively. On Tuesday, October 22, 2019 at 5:53:10 PM UTC+2, rbon wrote: > > Pol, > > Before you get too far into your library, have you seen, > https://github.com/apereo/phpCAS > > The proxy callback url should be used only for this purpose. CAS only > responds to the 200 returned, so maybe a simpler request could work. > However, if one had a home grown web server (or one built into the > application), only GET and POST would need to be implemented, thus > expanding the usefulness of CAS. > > Ray > > On Tue, 2019-10-22 at 03:21 -0700, Pol Dellaiera wrote: > > Hi all, > > > This is my first message here, hopefully not the last. I'm not a Java > developper, I'm mostly code in PHP (@drupol on Github > <https://github.com/drupol/>) > > Recently, I've been asked to develop a standard PHP library for CAS > authentication(work in progress) <https://github.com/drupol/psrcas/> and > in order to do it, I had to learn how the CAS protocol is working. > > When developing the proxy callback I noticed that the CAS server is doing > a * GET* request to check if the proxy callback URL is properly working. > > My question is the following > > Don't you think that it would be more appropriate to check the existence > of the proxy callback url using a request of type OPTIONS > <https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS> > instead of GET ? > > It would be easier to identify on the client side and ... why not use the > proper request type when it exist ? > It would also remove the discrepancy when it comes to what is supposed to > return the proxy callback url when it is called (*there is currently no > documentation about this yet*) > > Let me know what you think. > > Regards. > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] <javascript:> > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e35eaa16-52e4-4b75-a4cb-e06dabec1672%40apereo.org.
