-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prioritize HTTP-HOST header over SERVER-NAME when getting clientUrl (?) #234
Comments
Server_Name ist configured server side and host_name is client defined... This is one of the most important reasons for this priority. Since all webservers and proxies handle these variables a bit different it's hard to have one automatic solution for everyone. You can always override the automatic url detection with your own code. Any such automatic configuration will only work in 95% of the setups out there. I suggest that you override the url generation with the available setter function. Please have a look at the code docs: https://developer.jasig.org/cas-clients/php/current/docs/api/index.html |
Yes, the host_name is defined client side, and shouldn't the client url be the one entered by the user in the browser? From https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#211-parameters:
The URL the CAS server directs to (the service parameter) should be the same as the original one the user tried to enter before being redirected to the CAS server, am I right? |
It's not as simple as that. Yes it should be, but only in a very basic setup. The service is a parameter is part of the authentication and is validated as the CAS server. So you have to be sure it "predictable" in the sense that only URLs that are configured in the CAS server as service are used. Another reason is security: We try to use server side variable as much as possible. This is simply a precaution. We know that our automagic configuration is not the best in all situations but it works in many cases. If not you can simply define it yourself: |
Hi!
I've tried setting up phpCAS to a Docker container with the romeoz/docker-nginx-php image hosting and serving the service. When trying the simple example from /docs, the redirect URL created by the CAS_Client class is faulty, causing me to be redirected to a 404 when I'd entered my credentials to the CAS server.
I should have been redirected to the HTTP-HOST,
http://192.168.99.100:8080/docs/examples/example_simple.php?ticket=XXX
(for me it is this as I run docker-machine and set up the docker container to port 8080), but the URL becamehttp://app/docs/examples/example_simple.php?ticket=XXX
.After "debugging" I found out that the
_getClientUrl
-function gave me the wrong url. The client url is determined by this snippet (source/CAS/Client.php:3594
):Here the server name is prioritzed over the http host, but this resulted in the problem stated above. In my application the http host should be used instead, every time. Is there a reason for this logic or is this a simple mistake?
The text was updated successfully, but these errors were encountered: