You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am currently using and testing NetXMS with CAS authentication and while setting it up, I came across the following two issues, both of which are related to the file src/server/core/cas_validator.cpp.
The first one is related to the Character buffer char netid[14] in line 161, which is used as target buffer when extracting the username from the <cas:user> XML field of the service ticket validation response. With an array length of 14, it allows for an effective username length of 13 characters. As my CAS server uses the e-mail address as the principal ID/username, this length is insufficient.
Is there a specific reason, why the array length has been set to 14 or could it be increased?
The second issue is related to the validation of CAS Proxy Tickets and the string array char *m_proxies[] in line 56. During proxy ticket validation, it is checked, whether the value of the XML field cas:proxy or cas:proxies is present in the *m_proxies array. This corresponds to line 258 in cas_validator.cpp. However, the value of the array is initialized with { NULL } and I did not find any location in the code, where additional values are added to it, causing the proxy ticket validation to always fail and return the error CAS: bad proxy (...). To solve this issue you could introduce a new server configuration parameter (e.g. CASAllowedProxies) to be used in the method void CASReadSettings (line 62), which then extracts a string array of URLs that are to be used as allowed proxies.
Hopefully, this can help you get rid of these problems.
Kind regards,
fbuehrmann
(Using NetXMS version 3.0-2357, sourcecode was checked both in stable-3.1 as well as master branch)
The text was updated successfully, but these errors were encountered:
Dear developer team,
I am currently using and testing NetXMS with CAS authentication and while setting it up, I came across the following two issues, both of which are related to the file
src/server/core/cas_validator.cpp
.The first one is related to the Character buffer
char netid[14]
in line 161, which is used as target buffer when extracting the username from the<cas:user>
XML field of the service ticket validation response. With an array length of 14, it allows for an effective username length of 13 characters. As my CAS server uses the e-mail address as the principal ID/username, this length is insufficient.Is there a specific reason, why the array length has been set to 14 or could it be increased?
The second issue is related to the validation of CAS Proxy Tickets and the string array
char *m_proxies[]
in line 56. During proxy ticket validation, it is checked, whether the value of the XML fieldcas:proxy
orcas:proxies
is present in the*m_proxies
array. This corresponds to line 258 incas_validator.cpp
. However, the value of the array is initialized with{ NULL }
and I did not find any location in the code, where additional values are added to it, causing the proxy ticket validation to always fail and return the error CAS: bad proxy (...). To solve this issue you could introduce a new server configuration parameter (e.g. CASAllowedProxies) to be used in the methodvoid CASReadSettings
(line 62), which then extracts a string array of URLs that are to be used as allowed proxies.Hopefully, this can help you get rid of these problems.
Kind regards,
fbuehrmann
(Using NetXMS version 3.0-2357, sourcecode was checked both in stable-3.1 as well as master branch)
The text was updated successfully, but these errors were encountered: