Bug #13524

CAS authentication service string (service URL) is not configurable

Added by Hector Akamine 4 months ago. Updated 12 days ago.

Status:VerifiedStart date:06/09/2021
Priority:MediumDue date:
Assignee:-% Done:

100%

Category:Access Control
Target version:Release 2.7.0
Google Code Legacy ID: Tested version:2.6
Sponsored:Yes Requires documentation:

Description

When using CAS authentication in AtoM, there seems to be an issue when the hostname does not match the host part of the AtoM instance URL, with AtoM generating an incorrect service string (service URL). Ideally we should be able to configure AtoM to set the correct service URL, however this is not currently possible.

History

#1 Updated by Hector Akamine 4 months ago

When using CAS authentication in AtoM, there seems to be an issue when the hostname does not match the host part of the AtoM instance URL.
For example, in a host where the FQDN is hostname.somesub.somedomain.org, but the running AtoM instance URL is https://atom.othersub.somedomain.org (with a DNS CNAME record mapping atom.othersub.somedomain.org to hostname.somesub.somedomain.org), when we access the AtoM instance CAS authentication URL (https://atom.othersub.somedomain.org/cas/login), we would expect that AtoM generates a redirect to the CAS server with a service string that uses the hostname in the URL, i.e., https://cas.somedomain.org/cas/login?service=https%3A%2F%2Fatom.othersub.somedomain.org%2Fcas%2Flogin
However, AtoM's generated redirect seems to use the host FQDN instead, i.e., https://cas.somedomain.org/cas/login?service=https%3A%2F%2Fhostname.somesub.somedomain.org%2Fcas%2Flogin . This breaks the authentication mechanism.
Ideally we should be able to configure AtoM to set the correct service URL, however this is not currently possible

#3 Updated by Dan Gillean 4 months ago

  • Category set to Access Control
  • Status changed from New to Code Review
  • Assignee set to Tessa Walsh
  • Target version set to Release 2.7.0
  • Sponsored changed from No to Yes
  • Requires documentation set to Yes
  • Tested version 2.6 added

#4 Updated by Dan Gillean 12 days ago

  • Status changed from Code Review to Verified
  • Assignee deleted (Tessa Walsh)
  • % Done changed from 0 to 100
  • Requires documentation deleted (Yes)

Also available in: Atom PDF