CAS 2.0 support #2

merged 40 commits into from Sep 28, 2016


None yet

6 participants


Okay, I think I'm finally done. Hoping to see this packaged into npm if all goes well.

The module should be backwards compatible. All the new functions can be ignored if you only need to use validate() manually. It will still use the CAS 1.0 protocol by default unless 2.0 is specified. The only issue is I used jsdom to parse the XML. And that has one dependency (contextify) that is tricky to get working on Windows.

joshchan added some commits Jan 18, 2012
@joshchan joshchan New function to enable auto redirect. CAS logout. Added support for b…
…asic CAS 2.0 protocol. CAS attributes.
@joshchan joshchan + retrieve PGTIOU during validate()
+ retrieve proxy chain during validate()
+ local callback server to accept PGT from CAS server
+ use PGT to fetch PT from CAS server
+ proxy request function that attaches PT To outgoing requests
+ optional proxy server for external services to make proxies requests
@joshchan joshchan Various misc fixes. Mostly related to passing in options to http.requ…
…est(). Proxying should actually work now.
@joshchan joshchan Fixed: Stopped the '#text' nodes from appearing as CAS attributes. 3af9cde
@joshchan joshchan Updated Readme and History. 4b6b76c
@joshchan joshchan FIXED: The redirect URL would be incorrectly formatted if the `servic…
…e` contained exactly one query string parameter.
@joshchan joshchan UPDATE: Announce the proxy server ports in the console during startup. 0a1abc6
@joshchan joshchan NEW: Can specify an external proxy URL during init. Then use proxiedR…
…equest() to transparently request services via the external proxy. I.e. proxiedRequest() should now work for both internal and external CAS proxies.
@joshchan joshchan Protect against overly long server responses. 6076c65
@joshchan joshchan Experimental support for proxying non-GET requests. e7594f0
@joshchan joshchan Handle single sign out requests from the CAS server, when using Expre…
@joshchan joshchan Can specify a list of server IP addresses that are allowed to send si…
…ngle sign out requests.
@joshchan joshchan Documentation update. 7c0e825
@joshchan joshchan Added garbage collection for the local PGT store, when running the in…
…ternal proxy server.

Some minor documentation tweaks.

Whoa! I was about to start doing a bunch of this myself. I'm glad at looked at the fork list before starting.


Hey Josh. I was looking for you email to message you but couldn't find it. It seems like the guy who originally wrote this has dropped of the face of the earth. I like the work your doing on this and would be interested in helping out. Would you want some help?


Thanks, Matt. And yes your help is very welcome.

joshchan and others added some commits Aug 21, 2012
@joshchan joshchan Documentation fixes. 8e2f4d9
@joshchan joshchan Changed getProxyTicket() to take PGTIOU as a parameter instead of PGT…
…. Now it should be easier to obtain a proxy ticket for manually making proxied requests, if you don't want to use the provided proxiedRequest() method.
@joshchan joshchan Can now retrieve a user's PGT from an external callback/proxy server.…
… This allows getProxyTicket() to work for all cases.
@joshchan joshchan Syntax highlighting, linked to the wiki. f9097f0
@wdouglascampbell wdouglascampbell Added ability to specify a CA or bundle of CAs. 6aaa118
@joshchan joshchan Merge pull request #1 from wdouglascampbell/addServerCAParameter
Added ability to specify a CA or bundle of CAs.
@joshchan joshchan Fixed logout path bug 9770d0b
@joshAppDev joshAppDev Not compatible with new jsdom version 83ab9b2
@joshAppDev joshAppDev Fixed typo f0e2a2d
@joshAppDev joshAppDev Functionality unchanged, but terminology has been revised for correct…
…ness and clarity.

* Disambiguate 'PGT callback server' from 'proxy server'
* Disambiguate 'CAS proxy' from 'HTTP proxy'
- HTTP proxy functionality unchanged but is now deprecated

Some options have been renamed (old names are deprecated but still work):
* old: 'proxy_server' => new: 'pgt_server'
* old: 'proxy_callback_host' => new: 'pgt_host'
* old: 'proxy_callback_port' => new: 'pgt_port'
* old: 'proxy_server_key' => new: 'ssl_key'
* old: 'proxy_server_cert' => new: 'ssl_cert'
* old: 'proxy_server_ca' => new: 'ssl_ca'

These options are deprecated (but work the same as before):
- 'proxy_server_port'
- 'external_proxy_url'

These methods are also deprecated (but work the same as before):
- proxiedRequest()
- proxiedRequestExternal()
@joshAppDev joshAppDev Readme text updated to reflect terminology and option name changes 668c10a
@joshAppDev joshAppDev Package version updated to 0.0.5.
"engines" specification removed.
@joshAppDev joshAppDev History changelog updated 43459ff
@joshAppDev joshAppDev + Additional error handling when making https connections 66329b9
@joshAppDev joshAppDev + SSL options can now be used for `external_pgt_url` in addition to `…
@joshAppDev joshAppDev * ssl_ca option is now applied when connecting to both the CAS server…
… as well as the PGT callback server

* better error handling
@joshAppDev joshAppDev * Fixed bug where not specifying any CA could cause valid certs to be…
… untrusted
Pong Add JSDOM unit tests 0b52396
Pong Add more JSDOM unit tests 2a85eb9
Pong Add comments to unit tests. 79ec6b2
Pong Add more unit tests d0899fc
Pong Use cheerio instead of jsdom a50d547
Pong Clean unused files 41e303d
@joshchan joshchan Merge pull request #2 from wongpratan/master
Use cheerio instead of jsdom
@corecache corecache BugFix: CAS version comparision fails due to wrong 'this' reference 4ae9f7a
@joshchan joshchan Merge pull request #3 from corecache/master
BugFix: CAS version comparision fails due to wrong 'this' reference

Thanks for all the contributions on this, to everyone involved. 👍

@kcbanner kcbanner merged commit fcd27da into kcbanner:master Sep 28, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment