I tried to deploy rubycas-server with phusion passenger on apache 2.2
An got next in apache error.log

Exception PhusionPassenger::UnknownError in PhusionPassenger::Rack::ApplicationSpawner (no such file to load -- pg (MissingSourceFile)) 
and
Exception PhusionPassenger::UnknownError in PhusionPassenger::Rack::ApplicationSpawner (no such file to load -- bcrypt (MissingSourceFile))

I fix it with next lines in rubycas-server.gemspec

s.add_development_dependency("pg")
s.add_development_dependency("bcrypt-ruby")

but I don't think it's right way to fix such problem.

see:
http://github.com/godfat/rubycas-server/commit/32c33b5f04dc35b23c64406f5d24a058c67dd4c9

After getting latest updates (24th jan 2010) we now see "Powered by Gemini SBS" and various other text and links relating to SBS on the login page.

see:
http://github.com/godfat/rubycas-server/commit/fa8baa348884edac20de47c8c846a0d01ddceb47

I was seeing this error:
godfat ~/p/g/rubycas-server> rackup -s thin
config.ru:14:in block in <top (required)>': undefined methodexpand_path' for Rack::File:Class (NoMethodError)

I parallelize a query to multiple sources authorization.
We use multiple AD domains and a lot of users out them.
We can not wait for serial execution of authentication handlers. And we use parallels queries.
If you have the same problem you can use my solution.

https://github.com/leonko/rubycas-server

Working from the head release at github, on Mac OS X, I did the following:

1. Uninstalled all rubycas-server gems
2. Run rubycas-server/bin/rubycas-server
3. Set the config.yml file it generated to use the CASServer::Authenticators::Test
4. Run rubycas-server again
5. Attempt to login using username = test, password = testpassword

Expected: Login to work
Actual: Received the following exception -

NoMethodError: undefined method `merge' for nil:NilClass
    /Users/myusername/projects/rubycas-server/lib/casserver/controllers.rb:136:in 'post'
    /Users/myusername/projects/rubycas-server/lib/casserver/controllers.rb:133:in 'each'
    /Users/myusername/projects/rubycas-server/lib/casserver/controllers.rb:133:in `post'

Looking at the code it appears as though this may be related to the changes that make Authenciators configure on every request. The same config.yml file works fine with the last known gem (gunark-rubycas-server-0.8.0.20090812) which predates the Authentication changes I believe.

For reference, here is the entire config.yml file.

server: webrick
port: 443
ssl_cert: /Users/myusername/projects/rubycas-server/demo.pem

database:
  adapter: mysql
  database: casserver
  username: root
  password: 
  host: localhost

authenticator:
  class: CASServer::Authenticators::Test

theme: simple
organization: CAS
infoline: 
default_locale: en

log:
  file: /var/log/casserver.log
  level: INFO

Please see the following log:

http://pastebin.com/Uz5J7xKP

The problems:

ERROR: Error installing rubycas-server:
activemodel requires builder (~> 2.1.2, runtime)

However re-running the gem install finished without error but:

Loading "rubycas-server" code from "/var/lib/gems/1.8/gems/rubycas-server-0.7.999999.20100202"...
/var/lib/gems/1.8/gems/picnic-0.8.1.20100201/lib/picnic/conf.rb:17:in `initialize': uninitialized constant Picnic::Conf::HashWithIndifferentAccess (NameError)

It is a new install on a OpenVZ container so I can re-run the install every time on a fresh system. Please advise.

When I logout, I got an error saying:

Errno::ENOENT - No such file or directory - /var/www/rubycas-server/lib/casserver/views/logout.rhtml

I created that file and it works now. Is that the expected behavior, or should it redirect me to the destination or url parameter in this URL?

https://sso.foo.com/logout?destination=http%3A%2F%2Flocalhost%3A3000%2F&url=http%3A%2F%2Flocalhost%3A3000%2F

See https://groups.google.com/forum/?hl=en_US#!topic/rubycas-server/HS2wofG-U6Y

I did some work in order to get this working on heroku. It would be great to have this merged in with the main branch.

https://github.com/metasoarous/read_only_rubycas_server

Cheers

Chris Small

Is it possible that the Gemfile.lock didn't get updated with the last checkin? I keep getting this error that I can't seem to resolve and it doesn't occur when I use the repo at https://github.com/seven1240/rubycas-server:

→ git push heroku master
Counting objects: 3563, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (1031/1031), done.
Writing objects: 100% (3563/3563), 686.53 KiB, done.
Total 3563 (delta 2451), reused 3530 (delta 2421)

-----> Heroku receiving push
-----> Ruby/Rack app detected
-----> Gemfile detected, running Bundler version 1.0.7
   Unresolved dependencies detected; Installing...
   Using --without development:test
   fatal: Not a git repository (or any of the parent directories): .git
   You have modified your Gemfile in development but did not check
   the resulting snapshot (Gemfile.lock) into version control

   You have added to the Gemfile:
   * source: source at /disk1/tmp/build_rvvr3nznrs8r
   * activerecord (~> 2.3.12)
   * activesupport (~> 2.3.12)
   * sinatra (~> 1.0)
   * gettext (~> 2.1.0)
   * crypt-isaac (~> 0.9.1)

   You have deleted from the Gemfile:
   * source: source at .

   You have changed in the Gemfile:
   * rubycas-server from `source at /disk1/tmp/build_rvvr3nznrs8r` to `no specified source`
   FAILED: http://devcenter.heroku.com/articles/bundler
 !     Heroku push rejected, failed to install gems via Bundler

The commands I ran are:
git clone git://github.com/gunark/rubycas-server.git
cd rubycas-server/
bundle
heroku create
git push heroku master

If url parameter is present on logout url, for example, using follow_url from: https://github.com/rubycas/rubycas-client/blob/master/lib/casclient/client.rb, it will crash if the following sinatra error:

Errno::ENOENT at /logout
No such file or directory - .../lib/casserver/views/logout.erb
file: template.rb location: binread line: 67

.../lib/casserver/server.rb in compile_template
  super engine, data, options, @custom_views || views
.../lib/casserver/server.rb in block in <class:Server>
    render @template_engine, :logout
.../.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/webrick/httpserver.rb in service
  si.service(req, res)
.../.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/webrick/httpserver.rb in run
      server.service(req, res)
.../.rvm/rubies/ruby-1.9.3-p0/lib/ruby/1.9.1/webrick/server.rb in block in start_thread
      block ? block.call(sock) : run(sock)

See http://groups.google.com/group/rubycas-server/browse_thread/thread/707d81a7fe002024?hl=en

Ex:
http://example.com?foo=1
and
http://example.com?foo=2
both refer to the same service, yet ServiceTicket.matches_service? would incorreclty identify them as different services.

Need to modify ServiceTicket.matches_service? (lib/casserver/models.rb:65) so that URL parameters are stripped off both URLs being compared.

I was reading the documentation on JaSIG implementation, and saw that they enabled service registration to control what service (websites) are allowed to authenticate with their CAS server.

This is a major security concern if you pass any personal information as an extra attribute, for example. This would let any other website use your own cas server to authenticate there and steel sensitive information.

For reference, this is the documentation: https://wiki.jasig.org/display/CASUM/Adding+a+New+Service

So i propose to create a new configuration option on config.yml to list allowed services, like the example bellow:

trusted_services_only: true # enable this feature
trusted_services:

• http://mywebsite.com/*
• https://mysecurewebsite.com/subsite/*
  ...

The idea is to accept some sort of wildmark or instead use standard ruby regexp patterns:

trusted_services_only: true # enable this feature
trusted_services:

• http://(www).mywebsite.com/.*
• https://mysecurewebsite.com/subsite/.*

Actually, SQLAuthenticator has the code in validate method. However, unfortunately, it has been missing in validate method in SQLEncryptedAuthenticator.

backtrace as follows, sounds that connection does not reconnect

ActiveRecord::StatementInvalid - Mysql::Error: MySQL server has gone away: SELECT `admin_users`.* FROM `admin_users` WHERE (username = 'username' AND password = '******'):
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/connection_adapters/abstract_adapter.rb:202:in `log'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/connection_adapters/mysql_adapter.rb:289:in `execute'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/connection_adapters/mysql_adapter.rb:619:in `select'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/connection_adapters/abstract/database_statements.rb:7:in `select_all'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/connection_adapters/abstract/query_cache.rb:56:in `select_all'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/base.rb:467:in `find_by_sql'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/relation.rb:64:in `to_a'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/relation/finder_methods.rb:143:in `all'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/relation/finder_methods.rb:105:in `send'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/relation/finder_methods.rb:105:in `find'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/relation/finder_methods.rb:101:in `find'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/base.rb:439:in `__send__'
 /usr/local/lib/ruby/gems/1.8/gems/activerecord-3.0.3/lib/active_record/base.rb:439:in `find'
 ./lib/casserver/authenticators/sql.rb:88:in `validate'
 /home/everbox/webapps/cas.everbox.com/releases/20101212123445/lib/casserver/server.rb:346:in `POST /login'
 /home/everbox/webapps/cas.everbox.com/releases/20101212123445/lib/casserver/server.rb:338:in `each'
 /home/everbox/webapps/cas.everbox.com/releases/20101212123445/lib/casserver/server.rb:338:in `POST /login'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:1032:in `call'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:1032:in `compile!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:620:in `instance_eval'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:620:in `route_eval'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:604:in `route!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:656:in `process_route'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:653:in `catch'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:653:in `process_route'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:603:in `route!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:602:in `each'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:602:in `route!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:741:in `dispatch!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:530:in `call!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:706:in `instance_eval'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:706:in `invoke'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:706:in `catch'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:706:in `invoke'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:530:in `call!'
 /usr/local/lib/ruby/gems/1.8/gems/sinatra-1.1.0/lib/sinatra/base.rb:516:in `call'
 /usr/local/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/commonlogger.rb:18:in `call'
 /usr/local/lib/ruby/gems/1.8/gems/rack-1.2.1/lib/rack/runtime.rb:17:in `call'

This is undocumented in its usage, so I could be using it wrong!

undefined local variable or method `encryption_salt' for #CASServer::Authenticators::SQLRestAuth::CASUser_0:0xb766edf8

NameError: undefined local variable or method encryption_salt' for #<CASServer::Authenticators::SQLRestAuth::CASUser_0:0xb766edf8> /var/lib/gems/1.8/gems/activerecord-2.3.5/lib/active_record/attribute_methods.rb:260:inmethod_missing'
/media/work/cas/trunk/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb:39:in generate_encryption_salt' /media/work/cas/trunk/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb:29:inencrypt'
/media/work/cas/trunk/rubycas-server/lib/casserver/authenticators/sql_rest_auth.rb:38:in validate' /media/work/cas/trunk/rubycas-server/lib/casserver/controllers.rb:141:inpost'
/media/work/cas/trunk/rubycas-server/lib/casserver/controllers.rb:133:in each' /media/work/cas/trunk/rubycas-server/lib/casserver/controllers.rb:133:inpost'
(eval):32:in send' (eval):32:inservice'
(eval):32:in catch' (eval):32:inservice'
/media/work/cas/trunk/rubycas-server/lib/casserver.rb:35:in service' (eval):47:incall'
/home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/../vendor/zuk-camping-2.0.20090429/lib/camping/reloader.rb:51:in send' /home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/../vendor/zuk-camping-2.0.20090429/lib/camping/reloader.rb:51:inmethod_missing'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/static.rb:33:in call' /var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:47:incall'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:41:in each' /var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:41:incall'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/content_length.rb:13:in call' /var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/lint.rb:47:in_call'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/lint.rb:35:in call' /home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/../vendor/zuk-camping-2.0.20090429/lib/camping/server.rb:149:incall'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/showexceptions.rb:24:in call' /home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/../vendor/zuk-camping-2.0.20090429/lib/camping/server.rb:106:incall'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/content_length.rb:13:in call' /var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/handler/webrick.rb:48:inservice'
/usr/lib/ruby/1.8/webrick/httpserver.rb:104:in service' /usr/lib/ruby/1.8/webrick/httpserver.rb:65:inrun'
/usr/lib/ruby/1.8/webrick/server.rb:173:in start_thread' /usr/lib/ruby/1.8/webrick/server.rb:162:instart'
/usr/lib/ruby/1.8/webrick/server.rb:162:in start_thread' /usr/lib/ruby/1.8/webrick/server.rb:95:instart'
/usr/lib/ruby/1.8/webrick/server.rb:92:in each' /usr/lib/ruby/1.8/webrick/server.rb:92:instart'
/usr/lib/ruby/1.8/webrick/server.rb:23:in start' /usr/lib/ruby/1.8/webrick/server.rb:82:instart'
/var/lib/gems/1.8/gems/rack-1.1.0/lib/rack/handler/webrick.rb:14:in run' /home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/picnic/server.rb:22:instart'
/home/james/.gem/ruby/1.8/gems/picnic-0.8.1.1/lib/picnic/cli.rb:162:in `handle_cli_input'
./rubycas-server:13

See http://github.com/gunark/rubycas-server/commit/5f5c6993734cf980c928a5a1c306845b43ae84e7#commitcomment-84492

That patch resulted in code that would not instantiate "user" if options[:extra_attributes] is blank, thus all auth requests would result in a server crash.

Hello,

It seems I found a bug in the setting of the public_dir:

[2011-10-06 11:56:23] INFO WEBrick::HTTPServer#start: pid=30595 port=443
NoMethodError - undefined method public_dir' for CASServer::Server:Class: /usr/local/rubycas-server/lib/casserver/server.rb:41:instatic!'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:884:in dispatch!' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:706:inblock in call!'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:in block in invoke' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:incatch'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:in invoke' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:706:incall!'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:692:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/xss_header.rb:22:incall'
/usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/path_traversal.rb:16:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/json_csrf.rb:17:incall'
/usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/base.rb:47:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/xss_header.rb:22:incall'
/usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/nulllogger.rb:9:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/head.rb:9:incall'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/showexceptions.rb:21:in call' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1334:inblock in call'
/usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1403:in synchronize' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1334:incall'
/usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/handler/webrick.rb:59:in service' /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:111:inservice'
/usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:70:in run' /usr/local/lib/ruby/1.9.1/webrick/server.rb:183:inblock in start_thread'
localhost - - [06/Oct/2011:11:56:26 BST] "GET / HTTP/1.1" 500 74413

• -> /
  NoMethodError - undefined method public_dir' for CASServer::Server:Class: /usr/local/rubycas-server/lib/casserver/server.rb:41:instatic!'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:884:in dispatch!' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:706:inblock in call!'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:in block in invoke' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:incatch'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:871:in invoke' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:706:incall!'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:692:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/xss_header.rb:22:incall'
  /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/path_traversal.rb:16:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/json_csrf.rb:17:incall'
  /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/base.rb:47:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-protection-1.1.4/lib/rack/protection/xss_header.rb:22:incall'
  /usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/nulllogger.rb:9:in call' /usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/head.rb:9:incall'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/showexceptions.rb:21:in call' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1334:inblock in call'
  /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1403:in synchronize' /usr/local/lib/ruby/gems/1.9.1/gems/sinatra-1.3.1/lib/sinatra/base.rb:1334:incall'
  /usr/local/lib/ruby/gems/1.9.1/gems/rack-1.3.4/lib/rack/handler/webrick.rb:59:in service' /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:111:inservice'
  /usr/local/lib/ruby/1.9.1/webrick/httpserver.rb:70:in run' /usr/local/lib/ruby/1.9.1/webrick/server.rb:183:inblock in start_thread'
  localhost - - [06/Oct/2011:11:56:26 BST] "GET /sinatra/500.png HTTP/1.1" 500 74516
  https://localhost/ -> /sinatra/500.png

To make it work I had to comment line 41 on server.rb

and hard code the path:

def static!
  # return if (public_dir = settings.public_dir).nil?
  public_dir='/usr/local/rubycas-server/public'

I have a mongrel + apache2 +rails setup with SSL certificates.

The login works fine but in single sign on the logout messages to the other services are not sent.

I get the error:

• Failed to send logout notification to service "https://myapp.com" due to wrong status line: ""

For solution to this problem in the web you see that in NET::HTTPS requests you should enable use_ssl feature.
In commit #6df23521, I think this problem is tried to be resolved. However instead of removing the comment on the use_ssl line, a different approach was preferred.

When I revert that commit and enable use_ssl feature my code works. Even if you do not disable the protect_forgery stuff.

However, if you enable use_ssl like this and do not provide a certificate you get a warning:
warning: peer certificate won't be verified in this SSL session

yet its in the lockfile?

I'm not sure if it's the new net-ldap introducing this issue, but extra_attributes with array values are not being returned correctly...

<cas:serviceResponse xmlns:cas="http://www.yale.edu/tp/cas">
  <cas:authenticationSuccess>
    <cas:user>brent.faulkner</cas:user>
    <cn>
      <![CDATA[--- 
- !str:Net::BER::BerIdentifiedString 
  str: Faulkner, Brent
  "@ber_identifier": 4
]]>
    </cn>
    <mail>
      <![CDATA[--- 
- !str:Net::BER::BerIdentifiedString 
  str: [email protected]
  "@ber_identifier": 4
]]>
    </mail>
    <memberof>
      <![CDATA[--- 
- !str:Net::BER::BerIdentifiedString 
  str: CN=First Group,OU=Global Groups,DC=example,DC=com
  "@ber_identifier": 4
- !str:Net::BER::BerIdentifiedString 
  str: CN=Next Group,OU=Global Groups,DC=example,DC=com
  "@ber_identifier": 4
- !str:Net::BER::BerIdentifiedString 
  str: CN=Another Group,OU=Global Groups,DC=example,DC=com
  "@ber_identifier": 4
]]>
    </memberof>
  </cas:authenticationSuccess>
</cas:serviceResponse>

It looks like to_s is being used on non-array attributes, but not on array values...

Hi,

It will be good to have config.yml inside config server directories like that:
config/config.yml

instead of /etc/ruby-server/config.yml or in main directory.

What do You think about that ?

Is there a reason the why the default config file location is /etc/rubycas-server/ instead of just the root of the application (i.e. same level as config.ru). I think most would prefer the latter.

After pulling the latest version on my working (test) server I get an error.

line 57 in sql_encrypted.rb is causing a failure, which is the following:

$LOG.debug "#{self.class}: [#{user_model}] " + "Connection pool size: #{user_model.connection_pool.instance_variable_get(:@checked_out).count}/#{user_model.connection_pool.instance_variable_get(:@connections).count}"

removing this line fixes the problem.

Stacktrace:

pid=2816 file=ext/apache2/Hooks.cpp:684 time=2010-02-04 20:18:43.981 ]:
The backend application (process 2836) did not send a valid HTTP response; instead, it sent nothing at all. It is possible that it has crashed; please check whether there are crashing bugs in this application.
*** Exception NoMethodError in PhusionPassenger::Rack::ApplicationSpawner (undefined method count' for []:Array) (process 2836): from /var/www/CAS/rubycas-server/lib/casserver/authenticators/sql_encrypted.rb:57:invalidate'
from /var/www/CAS/rubycas-server/lib/casserver/controllers.rb:141:in post' from /var/www/CAS/rubycas-server/lib/casserver/controllers.rb:133:ineach'
from /var/www/CAS/rubycas-server/lib/casserver/controllers.rb:133:in post' from (eval):32:insend'
from (eval):32:in service' from (eval):32:incatch'
from (eval):32:in service' from /var/www/CAS/rubycas-server/lib/casserver.rb:35:inservice'
from (eval):47:in call' from config.ru:31 from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/static.rb:33:incall'
from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/static.rb:33:in call' from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:47:incall'
from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:41:in each' from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/rack-1.1.0/lib/rack/urlmap.rb:41:incall'
from /opt/ruby-enterprise/lib/ruby/gems/1.8/gems/passenger-2.2.9/lib/phusion_passenger/rack/request_handler.rb:92:in `process_request'

I have configured rubycas-server to use the Authlogic authenticator. I found that in config.yml, if I don't specify any encryptor_options in the authenticator section, then CASServer::Authenticators::SQLAuthlogic#validate errors out with the following:

NoMethodError - undefined method `each' for nil:NilClass:
/home/bitaxis/.rvm/gems/ruby-1.9.2-p290/gems/rubycas-server-1.0.1/lib/casserver/authenticators/sql_authlogic.rb:69:in `validate'
/home/bitaxis/.rvm/gems/ruby-1.9.2-p290/gems/rubycas-server-1.0.1/lib/casserver/server.rb:444:in `block (2 levels) in <class:Server>'
/home/bitaxis/.rvm/gems/ruby-1.9.2-p290/gems/rubycas-server-1.0.1/lib/casserver/server.rb:436:in `each'
/home/bitaxis/.rvm/gems/ruby-1.9.2-p290/gems/rubycas-server-1.0.1/lib/casserver/server.rb:436:in `block in <class:Server>'

The reason is simple, as @options[:encryptor_options] evaluates to nil when no encryptor_options are specified.

One fix is modifying line 69 to be as follows:

(@options[:encryptor_options] || []).each do |name, value|   

I've tested this fix locally, and it works fine.

I've started making some progress on a Devise authenticator. Is this something you would be interested in merging in when it's finished?

jmazzi@c066f02

Hi,
i had enabled enable_single_sign_out: true.

I have two application, one in Rails, other in Django,

I want that when i login to one application, i would just go an refresh my other application and i would signed in automatically.

Sam way, if i singout from one application, and refresh other application i would sign out from it also.

How to implement this scenario with rubycas-server

Just a heads up... it looks like running rubycas-server-ctl stop doesn't shut down the server as expected. I don't have time to look into this right now, so some help would be appreciated. The problem likely lies in Picnic rather than in RubyCAS-Server.

The way config file is loaded has changed but there is still a reference to the old style at
sql_rest_auth.rb:62

REST_AUTH_DIGEST_STRETCHES = $CONF.rest_auth_digest_streches
REST_AUTH_SITE_KEY = $CONF.rest_auth_site_key

Assuming I am correct, it would be good to scan any other untested code for $CONF.

cheers,
Jim.

I hope this is the correct one.
http://github.com/godfat/rubycas-server/commit/b16bc7ef4b67914887a50c9232646c7fc62de637

I don't know why but Firefox send HTTP header Accept-Language
with zh-tw instead of zh-TW, and en-us instead of en-US.
I am not sure if this should be case-sensitive or case-insensitive.
FWIW, here's the patch to make it work.
http://github.com/godfat/rubycas-server/commit/eb3108a8b9ca2ce46959669411e44437bd028c5e

I copied the related code in sql.rb to sql_encrypted.rb, and solved the problerm.

Hi,

I thought clean_service_url' should remove the&' before ticket' in the url, since the current behavior would make a redirect loop whenservice' url contains other query string, e.g. page=2&ticket=LT-123.
Here's my patch.
http://github.com/godfat/rubycas-server/commit/1dfd749710185ec56dc4529ec4b6a146b9b0b256

Many thanks!

see:
http://github.com/godfat/rubycas-server/commit/addb581e6c8c9161dc55df452c551e1fdfd9241d

Since $CONF.authenticator is always read as an array:
http://github.com/gunark/rubycas-server/blob/01238483a9691dcf0deb0468ca8b41a7603e7071/lib/casserver/controllers.rb#L136

With multiple simultenous users logging in, the database pool size is getting exhausted. For a example a test using the default pool size settings with 3 concurrent users easily ends with:

ActiveRecord::ConnectionTimeoutError: could not obtain a database connection within 5 seconds. The max pool size is currently 5; consider increasing it.
/usr/lib/ruby/gems/1.8/gems/activerecord-2.3.3/lib/active_record/connection_adapters/abstract/connection_pool.rb:198:in checkout' /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:inloop'
/usr/lib/ruby/gems/1.8/gems/activerecord-2.3.3/lib/active_record/connection_adapters/abstract/connection_pool.rb:184:in checkout' ... /usr/lib/ruby/gems/1.8/gems/activerecord-2.3.3/lib/active_record/base.rb:613:infind'
/usr/lib/ruby/gems/1.8/gems/activerecord-2.3.3/lib/active_record/base.rb:1900:in find_by_ticket' /home/URBACON/mzukowski/eclipse-workspace/rubycas-server/lib/casserver/cas.rb:166:invalidate_service_ticket'

Most likely this is an issue with Camping or Picnic, but there may be something going wrong in the RubyCAS-Server codebase.

Here's my patch:
http://github.com/godfat/rubycas-server/commit/f4e0baf22924994b24d402ece2f8847277546eaf
I hope this could be considered. :)
Thanks!

I've translated from English to Tradition Chinese,
which is spoken here in Taiwan.
http://github.com/godfat/rubycas-server/blob/master/po/zh_TW/rubycas-server.po
This is based on my master fork, so line numbers would be
a bit different, and there's an additional:
msgid "Remeber me on this computer"

Hi, I'm having issues with login ticket in login form.

I'm running the server with passenger and bundler, latest version, installed manually with custom authenticator, modified config.ru to use Bundler as a dependency provider.

It seems like instance variable @lt from login controller is never transfered to the view. I did some
debugging, @lt is ok in the controller, and I can see @lt in the view, when I self.inspect, but it's
wrapped inside @_helper, and the view cannot access it, thereafter, nobody can log in, because
it's failing with:

Invalid login ticket ''

gems:

• activerecord (2.3.8)
• activesupport (2.3.8)
• builder (2.1.2)
• gettext (2.1.0)
• hoe (2.6.1)
• json_pure (1.4.3)
• locale (2.0.5)
• markaby (0.6.7)
• picnic (0.8.1.20100201)
• rack (1.1.0)
• rake (0.8.7)
• rubyforge (2.0.4)

The log does not appear to be set when instantiating a CASClient::Client. Here's an example from my code (I'm trying to log use login_to_service to log a user in from a custom form):

def create
credentials = { :username => params[:email], :password =>
params[:password]}

client = CASClient::Client.new({
:cas_base_url => "https://login.casserver.site"
})

@resp = client.login_to_service(credentials, account_users_url)

if @resp.is_failure?
flash.now[:error] = "That username or password was not
recognized. Please try again."
@user = User.new
render :action => 'new'
else
return redirect_to(@resp.service_redirect_url)
end

end

This results in the following error and stack trace:

undefined local variable or method `log' for

CASClient::LoginResponse:0x2457354

/Users/william_berg/RubyDev/cas_server_test/vendor/plugins/rubycas-
client/lib/casclient/responses.rb:164:in parse_http_response' /Users/william_berg/RubyDev/cas_server_test/vendor/plugins/rubycas- client/lib/casclient/responses.rb:145:ininitialize'
/Users/william_berg/RubyDev/cas_server_test/vendor/plugins/rubycas-
client/lib/casclient/client.rb:134:in new' /Users/william_berg/RubyDev/cas_server_test/vendor/plugins/rubycas- client/lib/casclient/client.rb:134:inlogin_to_service'
/Users/william_berg/RubyDev/cas_server_test/app/controllers/
user_sessions_controller.rb:18:in `create'

If I comment out line 164 of reponses.rb the code works fine. Line
164 of responses.rb is:
log.info("Login was successful for ticket: #{@ticket.inspect}.")

For some reason the log does not seem to seem to get set when I
instantiate a CASClient on my own. I tried setting :log => logger in
the config, but that didn't help.

In master lib/casserver/server.rb:250
The '+' should be a '_'
ActiveRecord::Base.logger.level = Logger.const_get(config[:db+log][:level]) if config[:db_log][:level]
should be
ActiveRecord::Base.logger.level = Logger.const_get(config[:db_log][:level]) if config[:db_log][:level]

The problem is related to a change in the API: mutoh/gettext#11. Needs to find a workaround.

As per https://wiki.jasig.org/display/CASUM/RESTful+API

See http://groups.google.com/group/rubycas-server/browse_thread/thread/79f8201dc0e08a4e?hl=en

It seems kind of odd that the documentation remains on Google Code while source and issues are dealt with here. Is there a reason other than "we haven't done it yet" for this?

If you enable the wiki, I'll do the move.

The google auth plugin MUST support captcha as logins fail if google (randomly) decides it needs one.

I have my rails app working w/ rubycas-server just fine. I created a clone of this app on a vagrant VM. When I try to login, I get the following error in my application (and don't see any errors in the rubycas-server logs or any further info in my application logs). Any ideas what could be causing this?

Started GET "/accounts/service?ticket=ST-1330102377r8FA7C57CA66F687E9D" for 10.0.2.2 at 2012-02-24
08:52:55 -0800
Processing by Devise::CasSessionsController#service as HTML
Parameters: {"ticket"=>"ST-1330102377r8FA7C57CA66F687E9D"}
Completed 500 Internal Server Error in 592ms

RuntimeError (The CAS authentication server at https://ssodev.foo.com/proxyValidate?service=http%3A%2F%2Flocalhost%3A3000%2Faccounts%2Fservice&ticket=ST-1330102377r8FA7C57CA66F687E9D responded with an error (#<Net::HTTPSeeOther 303 See Other readbody=true>)!):

Currently there's only one session lifetime, i.e.

#maximum_session_lifetime: 172800

in the config file, and cookies['tgt']'s "expires"
is set according to this value, and there's no
expired time saved in database.

This make doing "Remember me on this computer" hard,
since we need to track at least two different session lifetime.
The easy way is just adding another config option, e.g.

#remember_me_session_lifetime: 864000

and setup cookies['tgt']'s "expires" according to whether user
checked the checkbox of "Remember me on this computer".

I would go to this approach due to my limited time,
working on my fork. Feel free to cherry-pick or apply
on your own with other editing and/or refactoring.

On the other hand, I am thinking of the possibility of adding
expired_at in database, then we could omit this config,
simply adding more time to "expires", enforcing session
expires time at server side for more security, customizing
more expiration policy, etc, etc.

Many thanks for your listening.

I have a web application that authenticates with a remote rubycas-server, and it works beautifully. My problem is the interaction between remote clients. When my web application tries to interact with another remote web application, that authenticates using the same remote rubycas-server, the authenticity is not recognized.

Is there a way I can have two remote rubycas-clients recognize the fact that they are both authenticated?