All geek questions in one place

RubyCAS with a permanent single ticket and Sinatra

Ok, I'm a huge RubyCAS noob, and it drives me crazy.

I installed the rubycas-client gem and followed along with the official setup of Sinatra on this repo . How this setting is done, every time I request a page, I get a one-time ticket, which is added to the URL as a request, for example:

http://localhost:9393/?ticket=ST-1373928850 ... etc.

If I refresh the page, I get a Sinatra error stating that the ticket has already been exhausted!

I have two questions.

  • Is the standard behavior of a ticket for a reload?
  • How to save my CAS input for a session and save a single exit?

What I've done:

  • I went and tried to implement :sessions in Sinatra, but this leads to a crash in single access.
  • I went and did my best to follow the steps in the rubycas-client GitHub Repo (replacing the ActiveRecord session store with the Sinatra :session assistant).

The RubyCAS documentation for Sinatra is pretty poor, so I'm looking for a definitive answer to this question.

+4
source share
2 answers

This is done correctly when you try to reload a page with the same ticket. This ticket has already been confirmed. When you receive a verification response, you need to set your own application cookie or other session option.

I usually add a method that will add a session attribute to the user's cookie, for example:

 session["cas"]["username"] = <user from cas validation response>

Then, in future queries, the Sinatra application can protect any routes you want with a helper method, for example:

 cas = RestClient::Resource.new "#{cas_url}/login", :timeout => 5 checked = cas.get return true if checked.code == 200

In my configuration block for Sinatra, I do this:

  use Rack::Session::Cookie, :key => "example.com",:secret => "veryrandomhex"

Hope this helps if you have any questions let me know.

UPDATE BELOW

When discussing this issue, we found that RubyCas says that it does not use a regular cookie session for your ruby ​​application during production when using CAS. What you want to do is:

a. Make sure your cookie expires at the same time or earlier than the CAS cookie

and / or

C. Verify that your cookie is in a browser session, and then re-validate the CAS user in the next browser session.

For a Rack cookie, you must specify this additional configuration when the cookie expires :expire_after => 1440, (where 1440 in minutes)

+1
source

In the case of ruby ​​CAS, there are two types of sessions:

(1). Application session.

(2). Single Sign on Session (SSO).

you can use the sinatra-session gem to control the application session and just use session_end! helper method to destroy the application session. To destroy an SSO session, disable the session parameter [: cas_ticket] in the logout route.

Example:

In the case of Sinatra:

 get '/logout' do session_end! # provided by sinatra-session gem session[:cas_ticket] = nil # session variable set by CAS server end

here we explicitly set the [: cas_ticket] session to zero, however you can use session.clear in the exit route to destroy the current session data.

0
source

Source: https://habr.com/ru/post/1491539/

More articles:


All Articles