CAS Clearpass XML Encoding Issue
|
|
Jason Shao (CampusEAI Consortium)
|
Hi Everyone,
Is anyone else using (or interested in using?) the CAS Clearpass work with was contributed by Sacramento State and Unicon? We've adopted it and integrated it into our build, and recently encountered and fixed an issue related to the fact that the current JSPs don't properly encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way c:out does) and so the password passback was non-functional in clients that tried to XML parse the response (as opposed to doing string parsing like the provided uPortal security context) I could put together a patch, but I know that code is currently in the Sandbox, and doesn't look to have a JIRA or any other infrastructure, so thought I'd ask here first -- is there interest in maintaining and perhaps incubating/sandboxing this code? I know it is somewhat unclean in terms of the CAS protocol and architecture, but there are a number of portal use-cases especially that are difficult to implement without access to user credentials. Jason -- Jason Shao Director of Product Development CampusEAI Consortium 1940 East 6th Street, 11th Floor Cleveland, OH 44114 Tel: 216.589.9626x249 Fax: 216.589.9639 Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
Jonathan Markow
|
Hi Jason et. al. -
We are in fact very interested in attracting a wider user base and shared maintenance for CAS ClearPass. While it is, as you point out elsewhere, a less secure method than pure CAS, we do feel it is a safer, more robust alternative than others we've seen for doing single sign-on to "CAS-averse" applications. :-) On that basis we would like to promote it and grow a larger community of support around it. It sounds like your patch would be most appreciated. The CAS Steering Committee will formalize the acceptance of contributions for ClearPass in the near future. I've cc'ed the uportal list to let more people know about ClearPass. Thanks, Jonathan -- Jonathan Markow Executive Director 2009/6/25 Jason Shao (CampusEAI Consortium) <[hidden email]> Hi Everyone, -- |
||||||||||||||||
Biondi, Dan
|
In reply to this post
by Jason Shao (CampusEAI Consortium)
Jason:
There is a resounding "YES!" from our campus to open a JIRA for ClearPass. This wasn't done in the past due to our unfamiliarity with the process and is probably long overdue. Thanks. Dan Biondi Web Portal Coordinator Sacramento State v:916-278-7616 -----Original Message----- From: Jason Shao (CampusEAI Consortium) [mailto:[hidden email]] Sent: Thursday, June 25, 2009 6:31 PM To: [hidden email] Subject: [cas-user] CAS Clearpass XML Encoding Issue Hi Everyone, Is anyone else using (or interested in using?) the CAS Clearpass work with was contributed by Sacramento State and Unicon? We've adopted it and integrated it into our build, and recently encountered and fixed an issue related to the fact that the current JSPs don't properly encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way c:out does) and so the password passback was non-functional in clients that tried to XML parse the response (as opposed to doing string parsing like the provided uPortal security context) I could put together a patch, but I know that code is currently in the Sandbox, and doesn't look to have a JIRA or any other infrastructure, so thought I'd ask here first -- is there interest in maintaining and perhaps incubating/sandboxing this code? I know it is somewhat unclean in terms of the CAS protocol and architecture, but there are a number of portal use-cases especially that are difficult to implement without access to user credentials. Jason -- Jason Shao Director of Product Development CampusEAI Consortium 1940 East 6th Street, 11th Floor Cleveland, OH 44114 Tel: 216.589.9626x249 Fax: 216.589.9639 Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
|
Jason Shao (CampusEAI Consortium)
|
Some javascript/style in this post has been disabled (why?)
(Jonathan also chimed in some convo on cas-dev) Would you be interested on working on perhaps incubating or sub-moduling or somewhat Clearpass? In addition to the below mentioned XML encoding patches, we actually have some other patches that use AOP to mesh the clearpass extensions into CAS, instead of rewiring the XML config that people might find interesting. Jason On 7/1/09 2:37 PM, "Biondi, Dan" <biondid@...> wrote: Jason: -- Jason Shao Director of Product Development CampusEAI Consortium 1940 East 6th Street, 11th Floor Cleveland, OH 44114 Tel: 216.589.9626x249 Fax: 216.589.9639 Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- |
||||||||||||||||
Scott Battaglia-2
|
This project has already been proposed as an incubating project as part of our RFC process, as per the last two community calls. Unfortunately, our requirement is that there be a maintainer of the project. At the moment, no one has been able to step up with resources to be the maintainer.
Therefore, while the steering committee is interested in the project, we can't approve a project without it being supportable for the foreseeable future. Cheers, Scott
On Thu, Jul 2, 2009 at 11:41 PM, Jason Shao (CampusEAI Consortium) <[hidden email]> wrote:
-- |
||||||||||||||||
|
Jason Shao (CampusEAI Consortium)
|
Apologies for cross-posting:
On 7/3/09 10:51 AM, "Scott Battaglia" <[hidden email]> wrote: > This project has already been proposed as an incubating project as part of our > RFC process, as per the last two community calls. Unfortunately, our > requirement is that there be a maintainer of the project. At the moment, no > one has been able to step up with resources to be the maintainer. Apologies, I missed those initial notes (admittedly did more list-serv searching than wiki grepping, and didn't see any links posted to the list) Depending on the direction of discussion I may be in a position to commit some staff to maintenance (and all that entails). How does one subscibe/list interest in an RFC? I see in the wiki: http://www.ja-sig.org/wiki/display/CAS/RFC+Process has some RFC# pages off of it, but that doesn't seem to match the list off: http://www.ja-sig.org/wiki/display/CASST/RFCs Seems to have a bit of a different list. Is one of those pages a remnant? On the above page would anyone mind an "interested" column? Also, http://www.ja-sig.org/wiki/display/CAS/June+2009+Conference+Call has under action items: "4. Scott, Andrew, Dan: Discussing approaches for supporting ClearPass" did that conversation occur, or is it yet to happen? If not, would that be a good item to schedule, or spot to continue this discussion? Jason -- Jason Shao Director of Product Development CampusEAI Consortium 1940 East 6th Street, 11th Floor Cleveland, OH 44114 Tel: 216.589.9626x249 Fax: 216.589.9639 Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
|
Biondi, Dan
|
Jason:
It would be great if you have some resources available to support ClearPass. Let me know when and where this discussion needs to continue, if elsewhere, and I'll provide what I can. Thanks. -Dan -----Original Message----- From: Jason Shao (CampusEAI Consortium) [mailto:[hidden email]] Sent: Friday, July 03, 2009 9:40 AM To: [hidden email] Cc: [hidden email]; Eugene Rachitskiy (CampusEAI Consortium); Ken MacPherson (CampusEAI Consortium) Subject: Re: [cas-user] CAS Clearpass XML Encoding Issue Apologies for cross-posting: On 7/3/09 10:51 AM, "Scott Battaglia" <[hidden email]> wrote: > This project has already been proposed as an incubating project as part of our > RFC process, as per the last two community calls. Unfortunately, our > requirement is that there be a maintainer of the project. At the moment, no > one has been able to step up with resources to be the maintainer. Apologies, I missed those initial notes (admittedly did more list-serv searching than wiki grepping, and didn't see any links posted to the list) Depending on the direction of discussion I may be in a position to commit some staff to maintenance (and all that entails). How does one subscibe/list interest in an RFC? I see in the wiki: http://www.ja-sig.org/wiki/display/CAS/RFC+Process has some RFC# pages off of it, but that doesn't seem to match the list off: http://www.ja-sig.org/wiki/display/CASST/RFCs Seems to have a bit of a different list. Is one of those pages a remnant? On the above page would anyone mind an "interested" column? Also, http://www.ja-sig.org/wiki/display/CAS/June+2009+Conference+Call has under action items: "4. Scott, Andrew, Dan: Discussing approaches for supporting ClearPass" did that conversation occur, or is it yet to happen? If not, would that be a good item to schedule, or spot to continue this discussion? Jason -- Jason Shao Director of Product Development CampusEAI Consortium 1940 East 6th Street, 11th Floor Cleveland, OH 44114 Tel: 216.589.9626x249 Fax: 216.589.9639 Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [hidden email] as: [hidden email] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user |
||||||||||||||||
| Free Embeddable Forum Powered by Nabble | Help |
