Setting verify_ssl_cert was not taking effect / Proxy Support

[djmassad]

I found that setting the configuration option, verify_ssl_cert, to false was not having any effect. This was due to the method, verify_ssl_cert?, returning true since verify_ssl_cert was neither nil nor an empty array. I added a condition to check if the setting is false and that seems to work.

[djmassad]

Also in this pull request is proxy support.

Setup

To set up proxy support, generate and run the migration:

rails g proxy_granting_ticket_ious_migration
rake db:migrate

Next, set up your callback. Assuming your callback URL is https://myapp.dev/pgtCallback, you would add the following line to your config/application.rb or config/environment/*.rb file:

config.rack_cas.pgt_callback_url = 'https://app.dev/pgtCallback'

...and add to your config/routes.rb file:

get '/pgtCallback', to: Rails.application.config.rack_cas

NOTE: You may define your own callback path instead of /pgtCallback. However, the path used in both the configuration file and routes file must be the same.

Use

If everything is set up correctly, your session should have the Proxy Granting Ticket when you are logged in:

session['cas']['pgt']       #=> "PGT-1234567890"

To generate a proxy ticket for your other app (https://my-other-app.dev/):

require 'rack-cas/proxy_ticket_generator'

pgt = session['cas']['pgt']                                                        #=> "PGT-1234567890"
my_other_service_url = 'https://my-other-app.dev/'
proxy_ticket = RackCAS::ProxyTicketGenerator.generate(my_other_service_url, pgt)   #=> "PT-12121212"

# This is the URL you will use to access your other service:
my_other_service_url += "?ticket=#{proxy_ticket}"                                  #=> "https://my-other-app.dev/?ticket=PT-12121212"

[adamcrown]

Thanks for all of the work on this. Sorry it's taken me so long to get back to you about it. I've been busy with other projects for a while.

I haven't ever had the need to use proxy tickets with any of my applications so this is not a part of CAS that I'm not very familiar with. But I'll try to set up a test environment so I can properly review this soon.

I may want you to split this pull request up into three separate PRs, one for each commit, but I'll let you know.

[djmassad]

You're very welcome. It wasn't too terribly difficult to implement since the existing code is very well structured and easy to follow.

Also, I've added one more commit which corrects one of the tests.

[icapurro]

I'm very interested in this feature

[adamcrown]

I apologize that it's been so long for me to get to this. I'm really busy through the end of the month. But I'm going to do my best to test this out and review the code in early May.

[adamcrown]

Sorry again it's been so long that I've left this feature unmerged. I've gone ahead and added the fixes for verify_ssl_cert = false not working. 1d2a7de

I'd like to get a couple apps setup to actually test the proxy ticket functionality. I'll let you know when I have that done or if somebody else would like to push a couple example apps up to github that would be awesome. I don't have a lot of free time now but I'll fit this in where I can.