The root problem: A lot of confused phpCAS programmers over the last years.
Cheers, Joachim Am 24.06.2010 22:28, schrieb Scott Battaglia:
The protocol isn't the issue. One should not be determining whether to use proxy validate or service validate based on the prefix of the ticket id. Supporting service or proxy validation is a configuration call (i.e. see the Java client). The deployer should be choosing what type of validation they wish to support rather than the ticket passed in determining. Cheers, Scott On Thu, Jun 24, 2010 at 4:22 PM, Joachim Fritschi <[email protected] <mailto:[email protected]>> wrote: Hi Franco, i was confused by the same thing: https://issues.jasig.org/browse/PHPCAS-44 http://jasig.275507.n4.nabble.com/CAS-returning-proxy-tickets-that-begin-with-ST-rather-than-PT-td1595324.html#a1595324 The reason for this confusing code is that the setST leads to a validateST (CAS 1.0 validation) and setPT leads to a validatePT call (CAS 2.0) validation. The CAS 2.0 validation accepts PTs and STs and doesn't care about the ticket prefix. The root "problem" it that all CAS Servers since 3.0 will return any proxy or service ticket with a ST prefix. The cas protocol is a bit confusing in this regard i guess. I'm planing to refactor all the methods within phpCAS to fix the confusion for the 1.2 release and have tried to add some comments in the meantime for the confusing functions. Cheers, Joachim Am 24.06.2010 17:01, schrieb Franco: I see that in file client.php at line 703 it checks whether there a ST or PT ticket. Then, if this is the case, it call $this->setPT($ticket), even thought an ST ticket is present (I expected $this->setST($ticket) instead). Can not understand the reason for that. Thaks for your nice help. Franco -- You are currently subscribed to [email protected] <mailto:[email protected]> as: [email protected] <mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- Joachim Fritschi Hochschulrechenzentrum (HRZ) L1|01 Raum 248 Petersenstr. 30 64287 Darmstadt Tel. +49 6151 16-5638 Fax. +49 6151 16-3050 E-Mail: [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
