Hi Jason et. al. - We are in fact very interested in attracting a wider user base and shared maintenance for CAS ClearPass. While it is, as you point out elsewhere, a less secure method than pure CAS, we do feel it is a safer, more robust alternative than others we've seen for doing single sign-on to "CAS-averse" applications. :-) On that basis we would like to promote it and grow a larger community of support around it.
It sounds like your patch would be most appreciated. The CAS Steering Committee will formalize the acceptance of contributions for ClearPass in the near future. I've cc'ed the uportal list to let more people know about ClearPass. Thanks, Jonathan -- Jonathan Markow Executive Director 2009/6/25 Jason Shao (CampusEAI Consortium) <[email protected]> > Hi Everyone, > > Is anyone else using (or interested in using?) the CAS Clearpass work with > was contributed by Sacramento State and Unicon? > > We've adopted it and integrated it into our build, and recently encountered > and fixed an issue related to the fact that the current JSPs don't properly > encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way > c:out does) and so the password passback was non-functional in clients that > tried to XML parse the response (as opposed to doing string parsing like > the > provided uPortal security context) > > I could put together a patch, but I know that code is currently in the > Sandbox, and doesn't look to have a JIRA or any other infrastructure, so > thought I'd ask here first -- is there interest in maintaining and perhaps > incubating/sandboxing this code? I know it is somewhat unclean in terms of > the CAS protocol and architecture, but there are a number of portal > use-cases especially that are difficult to implement without access to user > credentials. > > Jason > > -- > Jason Shao > Director of Product Development > CampusEAI Consortium > 1940 East 6th Street, 11th Floor > Cleveland, OH 44114 > Tel: 216.589.9626x249 > Fax: 216.589.9639 > > > Your input is important to improve upon our continuous efforts to service > you better. Please e-mail my manager at [email protected] with any > feedback. > > CONFIDENTIALITY NOTICE: > This e-mail together with any attachments is proprietary and confidential; > intended for only the recipient(s) named above and may contain information > that is privileged. You should not retain, copy or use this e-mail or any > attachments for any purpose, or disclose all or any part of the contents to > any person. Any views or opinions expressed in this e-mail are those of the > author and do not represent those of CampusEAI Consortium or the Open > Student Television Network. If you have received this e-mail in error, or > are not the named recipient(s), you are hereby notified that any review, > dissemination, distribution or copying of this communication is prohibited > by the sender and to do so might constitute a violation of the Electronic > Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately > notify the sender and delete this e-mail and any attachments from your > computer. Warning: Although precautions have been taken to make sure no > viruses are present in this e-mail, the companies cannot accept > responsibility for any loss or damage that arise from the use of this e-mail > or attachments. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
