Skip to content

Not working when CAS configured with JWT service tickets #179

@ghost

Description

Hi every one,

We got a problem with our CAS 5.3.x, configured to deliver JWT service tickets (eg : ticket=deyJhbGciOiJIUzUxMiJ9.ZXlKNmFYQWlPa...).

The validateCasTicketFormat() (also involved in / could also fix 134 and 145) does not handle those jwt tickets. We bypassed it with :

apr_byte_t validCASTicketFormat(const char *ticket)
{
   /* NOTE(ARKEA) : Always returning true, because of various tickets encoding (JWT, ST-, ... ) 
       Also a question on the need of validating cas Ticket Format ?
 */
   return TRUE;
}

The environement where the vhost is deployed is secured, we so did not see any security risk.. But any feedback is welcome ;)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions