Dependency Graph

View IssueRelationship GraphHorizontalShow Summary
Dependency Graph
related to related to child of child of duplicate of duplicate of

View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001016SOGoWeb Generalpublic2010-11-26 22:362011-02-15 21:31
Reporterpaubry Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionno change required 
Product Version1.3.4 
Summary0001016: Custom CAS proxy URL
Description

During our SOGo tests at the University of Rennes 1, we added a parameter that allows each of our SOGo servers to have its own CAS proxy callback URL.
Explanation: our SOGo servers are all behind a frontal Apache load-balancer. Adding a shared memcached server appeared to us as another weakness in our architecture, so we decided that each SOGo server would use its own memcached daemon and respond itself to its PGT callback requests from the CAS server (we use this deployment scheme for years with uPortal).

The new parameter is named SOGoCASProxyCallbackURL:

  • If not set, the callback URL is built 'normally' (based on the request host and path).
  • If set (e.g. https://sogo3.domain.com/SOGo/casProxy), it is passed as-is to the CAS server on ticket validation.

Patch attached.
Best,
PA

TagsNo tags attached.

Activities

2010-11-26 22:36

 

patch-CASProxyCallbackURL.txt (2,132 bytes)    
diff -Nbaur --exclude=config.make --exclude=configure --exclude='LDAPSource.*' SOGo-1.3.4-dist/SoObjects/SOGo/SOGoCASSession.m SOGo-1.3.4/SoObjects/SOGo/SOGoCASSession.m
--- SOGo-1.3.4-dist/SoObjects/SOGo/SOGoCASSession.m  2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/SOGoCASSession.m  2010-11-26 14:21:58.000000000 +0100
@@ -365,11 +365,20 @@
   WOApplication *application;
   NSString *pgtURL;
   WORequest *request;
+  SOGoSystemDefaults *sd;
+  NSString *CASProxyCallbackURL;

+  sd = [SOGoSystemDefaults sharedSystemDefaults];
+  CASProxyCallbackURL = [sd CASProxyCallbackURL];
+  if ([CASProxyCallbackURL length])
+    pgtURL = CASProxyCallbackURL;
+  else
+    {
   application = [WOApplication application];
   request = [[application context] request];
   pgtURL = [NSString stringWithFormat: @"https://%@/%@/casProxy",
                      [soURL host], [request applicationName]];
+    }

   return pgtURL;
 }
diff -Nbaur --exclude=config.make --exclude=configure --exclude='LDAPSource.*' SOGo-1.3.4-dist/SoObjects/SOGo/SOGoSystemDefaults.h SOGo-1.3.4/SoObjects/SOGo/SOGoSystemDefaults.h
--- SOGo-1.3.4-dist/SoObjects/SOGo/SOGoSystemDefaults.h 2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/SOGoSystemDefaults.h   2010-11-26 13:53:39.000000000 +0100
@@ -67,6 +67,7 @@

 - (NSString *) CASServiceURL;
 - (BOOL) CASLogoutEnabled;
+- (NSString *) CASProxyCallbackURL;

 - (BOOL) enablePublicAccess;

diff -Nbaur --exclude=config.make --exclude=configure --exclude='LDAPSource.*' SOGo-1.3.4-dist/SoObjects/SOGo/SOGoSystemDefaults.m SOGo-1.3.4/SoObjects/SOGo/SOGoSystemDefaults.m
--- SOGo-1.3.4-dist/SoObjects/SOGo/SOGoSystemDefaults.m 2010-11-17 17:30:03.000000000 +0100
+++ SOGo-1.3.4/SoObjects/SOGo/SOGoSystemDefaults.m   2010-11-26 13:53:59.000000000 +0100
@@ -311,6 +311,11 @@
   return [self boolForKey: @"SOGoCASLogoutEnabled"];
 }

+- (NSString *) CASProxyCallbackURL
+{
+  return [self stringForKey: @"SOGoCASProxyCallbackURL"];
+}
+
 - (BOOL) enablePublicAccess
 {
   return [self boolForKey: @"SOGoEnablePublicAccess"];
patch-CASProxyCallbackURL.txt (2,132 bytes)   
ludovic

ludovic

2010-12-24 01:45

administrator   ~0001965

What about using membase (with replication, no persistence) ?

This would let you have a memcached server on each instance but share the cache across servers.

repcached could also be an option (there's an updated patch for memcached 1.4) too.
paubry

paubry

2010-12-24 11:55

reporter   ~0001968

Sharing anything between the servers is not needed, and it adds a non necessary weakness to the architecture. Fully independent servers is obviously the best garanty for robustness.
ludovic

ludovic

2010-12-24 12:27

administrator   ~0001969

Unless the server goes down and it loses all sessions.

What "unnecessary weakness" does it add? membase will REPLICATE memcached caches across SOGo servers, which EACH runs a single instance.

It can't be more simple, efficient and fully independent than that - it has an horizontal growth path.
ludovic

ludovic

2010-12-28 18:59

administrator   ~0001973

I've toyed around membase and it does NOT support replication when using the memcached engine. Since persistence doesn't really matter to us, i think it would be better to reuse the code we now have in SOGoSession (coming from bug 0000698) and we could store the CAS ticket in the database.
paubry

paubry

2011-01-03 07:08

reporter   ~0001989

Storing PGT/Iou in the database is a working possibility but I still believe that credentials should not be persisted in databases.
paubry

paubry

2011-02-03 17:35

reporter   ~0002079

1.3.5a perfectly works without this patch, issue can be closed.

Issue History

Date Modified Username Field Change
2010-11-26 22:36 paubry New Issue
2010-11-26 22:36 paubry File Added: patch-CASProxyCallbackURL.txt
2010-11-29 20:20 ludovic Target Version => 1.3.5
2010-12-24 01:45 ludovic Note Added: 0001965
2010-12-24 01:46 ludovic Status new => feedback
2010-12-24 11:55 paubry Note Added: 0001968
2010-12-24 12:27 ludovic Note Added: 0001969
2010-12-28 18:59 ludovic Note Added: 0001973
2011-01-03 07:08 paubry Note Added: 0001989
2011-01-05 20:30 ludovic Target Version 1.3.5 =>
2011-02-03 17:35 paubry Note Added: 0002079
2011-02-15 21:31 ludovic Status feedback => closed
2011-02-15 21:31 ludovic Resolution open => no change required