CAS: multiple proxies is not correctly implemented
Concerned version
Version: 2.0.13
Summary
- Login to CAS service http://casapp.com/
- Get a PGT for http://casapp.com/proxy
- Using this PGT get a proxy ticket for http://service.com/srv
- On service.com, using this PT, get a PGT for http://service.com/proxy
- Using this new PGT, get a proxy ticket for http://service2.com/srv
- Validate PT on http://service2.com/srv
Logs
Expected result:
# <cas:proxies>
# <cas:proxy>http://service.com/proxy</cas:proxy>
# <cas:proxy>http://casapp.com/proxy</cas:proxy>
# </cas:proxies>
Actual result:
# <cas:proxies>
# <cas:proxy>http://casapp.com/proxy; http://service.com/proxy</cas:proxy>
# </cas:proxies>
Lucky for us, noone uses this feature :)