[GitHub] [guacamole-client] siacali commented on a change in pull request #454: GUACAMOLE-793: CAS Provider returns Group - like LDAP Provider

Fri, 27 Dec 2019 08:29:34 -0800 

siacali commented on a change in pull request #454: GUACAMOLE-793: CAS Provider 
returns Group - like LDAP Provider
URL: https://github.com/apache/guacamole-client/pull/454#discussion_r361699508
 
 

 ##########
 File path: 
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
 ##########
 @@ -88,7 +92,7 @@
      *     If the ID ticket is not valid or guacamole.properties could
      *     not be parsed.
      */
-    public Map<String, String> validateTicket(String ticket,
+    public TokensAndGroups  validateTicket(String ticket,
 
 Review comment:
   Ok, the problem with your suggestion is that the `Map<String, String>` 
**_presently_** returned by `validateTicket()` doesn't contain valid 
information for me to derive groups.  In particular, it returns capitalized 
keys with a string prepended (CAS-FOOBAR), and groups is case sensitive (So, 
CAS-FOOBAR, would not be enough for me to differentiate groups such as FooBar 
from fooBar - I had mentioned this before).  So, to do the processing within 
`authenticateUser()`, I would need to:
   
   - Refactor the previous author's code to return what I need ("raw" SAML 
attributes released by CAS)
   - Move/restructure their code to create tokens from SAML attributes to 
`authenticateUser()`
   - Derive both tokens and groups in `authenticateUser()`
   
   Certainly possible, but refactoring/restructuring someone elses code (and 
then having to QA it) does seem like a different task and a bit more risk than 
adding a feature to existing code.   
   
   Also, does that really fit into the philosophy of "one jira ticket, one 
change?" or is it "ok" to "fix" someone elses non-broken code as part of adding 
a feature?  I'm not even a Java programmer and I can see a lot of things I'd 
like to "fix" given a license like that...  :-)
   
   I'll do it (given the time to do so), if that's what you'd like to see.  

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to