[cas-dev] Services in CAS 3.1 (was CAS-430)
John Thiltges
jthiltges2 at unl.edu
Wed Nov 15 19:34:32 EST 2006
Moving the conversation from
<http://www.ja-sig.org/issues/browse/CAS-430> to the development list...
Scott Battaglia wrote:
> I'm actually currently working on a more robust Services
> implementation for the CAS 3.1 release. It will include an
> administration screen and backing data store (rather than a file). Can
> you post your requirements/use case for the services stuff so I make
> sure the new implementation covers your needs. I'm not sure if the new
> version will support wildcards as part of the reasoning for its
> creation is to support SAML 2 which requires explicit urls I believe
> (though I need to re-read the specification).
Regarding wildcard matching in service URLs, it was my impression that
with some CAS clients, it is not possible to guarantee a fixed service URL.
For example, with phpCAS, if the URL has any GET variables, they get
included in the service URL. It can be worked around with
phpCAS::setFixedServiceURL, but that seems clumsy.
Another example, use AuthCAS or mod_cas to protect a download directory.
When you request a protected file, doesn't it use the file URL as the
service URL? (I haven't tested it, but was under that impression.)
For the service registry, I implemented a JDBC backed
ServiceRegistryReloader and have been very happy with it so far. It's
basically a slight modification of the Spring context reloader: On
startup, the CAS server loads the service registry from a database.
Periodically, the CAS server runs a query to check if the registry has
been updated.
I like the JDBC reloader approach for three reasons:
1. It's very convenient with a CAS cluster
2. It doesn't depend on a database always being available
3. It's easy to make a web form for application providers to request
access (insert a row in a table and you're done)
I'd be interested in learning more about the service registry in the new
revision of CAS. I saw that there were some files in CVS, but I haven't
had time to study them further.
Thanks,
John
More information about the cas-dev
mailing list