jpommier ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=70121%3A0cfd9a07-b685-46f8-9b1f-c94075312067 ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10342?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) GEOS-10342 ( https://osgeo-org.atlassian.net/browse/GEOS-10342?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) [CAS extension] /logout should support service parameter ( https://osgeo-org.atlassian.net/browse/GEOS-10342?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) Issue Type: Bug Affects Versions: 2.20.1 Assignee: Unassigned Components: CAS Created: 22/Dec/21 1:35 PM Priority: Medium Reporter: jpommier ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=70121%3A0cfd9a07-b685-46f8-9b1f-c94075312067 ) Hi, Currently, /logout uses the url parameter, for the return URL (defined in GeoServerCasConstants. LOGOUT_URL_PARAM ( https://github.com/geoserver/geoserver/blob/main/src/extension/security/cas/src/main/java/org/geoserver/security/cas/GeoServerCasConstants.java#L26 ) ). According to recent CAS documentation ( https://apereo.github.io/cas/6.4.x/protocol/CAS-Protocol-Specification.html#231-parameters ) , it should be service , rather than url , at least on most recent versions of CAS. I suppose at some point url was the proper parameter, so the best fix would probably be to allow to configure it in the UI ? BTW, there is a hardcoded URL here ( https://github.com/geoserver/geoserver/blob/main/src/extension/security/cas/src/main/java/org/geoserver/security/cas/GeoServerCasAuthenticationFilter.java#L111-L112 ) in the code of the extension. I’m pretty much certain it should not be there (and I don’t see what the returnURL param is there for) Thanks ( https://osgeo-org.atlassian.net/browse/GEOS-10342#add-comment?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10342#add-comment?atlOrigin=eyJpIjoiZjNmNzJmMDM0Yzg3NDE1NWEyNDM5YjY3ZTlhZGEwOTciLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100187- sha1:76abc0a )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
