mod_auth_cas-1.0.7 release
Phil Ames
modauthcas at gmail.com
Wed Feb 27 15:03:29 EST 2008
Hello all,
I mod_auth_cas-1.0.7 is now available at
https://www.ja-sig.org/svn/cas-clients/mod_auth_cas/tags/mod_auth_cas-1.0.7
NEW FEATURES AND FUNCTIONS IN THIS RELEASE
* Improved Apache version detection based on the contents of
ap_release.h
* Cookies are now stored in an XML format, making the data
stored more easily extensible for possible future attribute
delivery.
* (broken and disabled) support for CAS 3.1 server's single sign out via SAML
logoutRequest
* CASCookieDomain directive
* CASHttpOnly directive
* Autoconf by Matt
BUG FIXES
* When setting a VHOST-wide variable in both the global Apache
config and then setting a variable inside a VirtualHost,
configuration settings were reset to default inside the VHost.
This is now fixed.
KNOWN BUGS
* CAS Proxy Validation is not implemented in this version.
* CAS Ticket Validation can only be performed over an SSL connection.
The CAS protocol does not explicitly require this, but to not do so
leaves this system open to a man-in-the-middle attack.
* CAS single sign out is currently not functional and disabled. It
is only safe to use in the case where all requests are GET and not
POST (the module inadvertently 'eats' some content of the POST
request while determining if it should process it as a SAML logout
request). Enabling it is left as an exercise for the bold (hint: -DBROKEN)
Enjoy, and please submit any bugs or feature requests as JIRA issues.
Thanks,
-Phil
More information about the cas
mailing list