Jasig › Jasig CAS › CAS Developers

Re:[cas-user] CAS Clearpass XML Encoding Issue

3 messages Options
Embed this post
Permalink
Jonathan Markow

Re:[cas-user] CAS Clearpass XML Encoding Issue

Reply Threaded More More options
Print post
Permalink
Hi Jason et. al. -

We are in fact very interested in attracting a wider user base and shared maintenance for CAS ClearPass.  While it is, as you point out elsewhere, a less secure method than pure CAS, we do feel it is a safer, more robust alternative than others we've seen for doing single sign-on to "CAS-averse" applications. :-)  On that basis we would like to promote it and grow a larger community of support around it.

It sounds like your patch would be most appreciated.  The CAS Steering Committee will formalize the acceptance of contributions for ClearPass in the near future.

I've cc'ed the uportal list to let more people know about ClearPass.

Thanks,
Jonathan

--
Jonathan Markow
Executive Director


2009/6/25 Jason Shao (CampusEAI Consortium) <[hidden email]>
Hi Everyone,

Is anyone else using (or interested in using?) the CAS Clearpass work with
was contributed by Sacramento State and Unicon?

We've adopted it and integrated it into our build, and recently encountered
and fixed an issue related to the fact that the current JSPs don't properly
encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way
c:out does) and so the password passback was non-functional in clients that
tried to XML parse the response (as opposed to doing string parsing like the
provided uPortal security context)

I could put together a patch, but I know that code is currently in the
Sandbox, and doesn't look to have a JIRA or any other infrastructure, so
thought I'd ask here first -- is there interest in maintaining and perhaps
incubating/sandboxing this code? I know it is somewhat unclean in terms of
the CAS protocol and architecture, but there are a number of portal
use-cases especially that are difficult to implement without access to user
credentials.

Jason

--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cleveland, OH 44114
Tel: 216.589.9626x249
Fax: 216.589.9639


Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback.

CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments.

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
Jason Shao (CampusEAI Consortium)

Re: [cas-user] CAS Clearpass XML Encoding Issue

Reply Threaded More More options
Print post
Permalink
Some javascript/style in this post has been disabled (why?)
Re: [cas-dev] [cas-user] CAS Clearpass XML Encoding Issue In the interim is there a module/JIRA/SVN space we’d like to track this in? Or does it perhaps make sense to look at incubating clearpass? I’d be willing to put in a proposal if others are interested.

Jason

On 6/26/09 10:18 AM, "Jonathan Markow" <jjmarkow@...> wrote:
Hi Jason et. al. -

We are in fact very interested in attracting a wider user base and shared maintenance for CAS ClearPass.  While it is, as you point out elsewhere, a less secure method than pure CAS, we do feel it is a safer, more robust alternative than others we've seen for doing single sign-on to "CAS-averse" applications. :-)  On that basis we would like to promote it and grow a larger community of support around it.

It sounds like your patch would be most appreciated.  The CAS Steering Committee will formalize the acceptance of contributions for ClearPass in the near future.

I've cc'ed the uportal list to let more people know about ClearPass.

Thanks,
Jonathan

--
Jonathan Markow
Executive Director


2009/6/25 Jason Shao (CampusEAI Consortium) <jason_shao@...>
Hi Everyone,

Is anyone else using (or interested in using?) the CAS Clearpass work with
was contributed by Sacramento State and Unicon?

We've adopted it and integrated it into our build, and recently encountered
and fixed an issue related to the fact that the current JSPs don't properly
encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way
c:out does) and so the password passback was non-functional in clients that
tried to XML parse the response (as opposed to doing string parsing like the
provided uPortal security context)

I could put together a patch, but I know that code is currently in the
Sandbox, and doesn't look to have a JIRA or any other infrastructure, so
thought I'd ask here first -- is there interest in maintaining and perhaps
incubating/sandboxing this code? I know it is somewhat unclean in terms of
the CAS protocol and architecture, but there are a number of portal
use-cases especially that are difficult to implement without access to user
credentials.

Jason

--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cleveland, OH 44114
Tel: 216.589.9626x249
Fax: 216.589.9639


Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at anjli_jain@... with any feedback.

CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments.

--
You are currently subscribed to cas-user@... as: jjmarkow@...
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cleveland, OH 44114
Tel: 216.589.9626x249
Fax: 216.589.9639

Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback.

CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments.
 
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
Jason Shao (CampusEAI Consortium)

Re:[cas-user] CAS Clearpass XML Encoding Issue

Reply Threaded More More options
Print post
Permalink
In reply to this post by Jonathan Markow
Apologies for cross-posting:

On 7/3/09 10:51 AM, "Scott Battaglia" <[hidden email]> wrote:

> This project has already been proposed as an incubating project as part of our
> RFC process, as per the last two community calls.  Unfortunately, our
> requirement is that there be a maintainer of the project.  At the moment, no
> one has been able  to step up with resources to be the maintainer.

Apologies, I missed those initial notes (admittedly did more list-serv
searching than wiki grepping, and didn't see any links posted to the list)

Depending on the direction of discussion I may be in a position to commit
some staff to maintenance (and all that entails).

How does one subscibe/list interest in an RFC? I see in the wiki:

http://www.ja-sig.org/wiki/display/CAS/RFC+Process

has some RFC# pages off of it, but that doesn't seem to match the list off:

http://www.ja-sig.org/wiki/display/CASST/RFCs

Seems to have a bit of a different list. Is one of those pages a remnant? On
the above page would anyone mind an "interested" column?

Also, http://www.ja-sig.org/wiki/display/CAS/June+2009+Conference+Call has
under action items: "4. Scott, Andrew, Dan: Discussing approaches for
supporting ClearPass" did that conversation occur, or is it yet to happen?
If not, would that be a good item to schedule, or spot to continue this
discussion?

Jason

--
Jason Shao
Director of Product Development
CampusEAI Consortium
1940 East 6th Street, 11th Floor
Cleveland, OH 44114
Tel: 216.589.9626x249
Fax: 216.589.9639


Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [hidden email] with any feedback.

CONFIDENTIALITY NOTICE:
This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments.

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
Free Embeddable Forum Powered by Nabble Help