Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-45981

CAS Auth Config needs way to specify that curl should use SSLv3.

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      In order to execute this test, you should have a working CAS Server. The perfect scenario would be test using cURL SSL v2 and v3, but I don't think it's necessary. Just make sure CAS still works as expect seems good to me.

      There's a CAS VM on server to test this.

      Also, to establish connection between your moodle instance and the CAS server, you should change the _getServerBaseURL function on CAS/Client.php. The main reason is because CAS plugin by the default verify the host SSL and unless you have a HTTPS in your local machine, you should change this line.

      1. Replace the https to http on line 301, the line should be exactly like this:

      $this->_server['base_url'] = 'http://' . $this->_getServerHostname();
      

      2. Log as admin and Go to Plugins > Authentication > Manage authentication.
      3. Enable CAS server (SSO) and go to Settings. The config should be like this.

      Hostname: Your VM IP address 
      Base URI: cas-server-webapp-3.5.2/
      Port: 8080
      CAS logout option: Yes
      Multi-authentication: Yes
      

      • Make sure the cURL SSL version display the cURL SSL versions supported by your php server
        In my server, for example I have support for: SSLv3, SSLv2, TLSv1.x

      4. Create a user moodle or cas1 and set the authentication method to: CAS server (SSO)
      5. Logout and click on Log In.
      6. You will be prompted to choose the authentication method, choose CAS user.
      7. Enter your cas user and password and click LOGIN.
      8. You should be redirected to your moodle home.
      9. Click Log out.
      10. You should be redirect to your CAS server logout page.

      Show
      In order to execute this test, you should have a working CAS Server. The perfect scenario would be test using cURL SSL v2 and v3, but I don't think it's necessary. Just make sure CAS still works as expect seems good to me. There's a CAS VM on server to test this. Also, to establish connection between your moodle instance and the CAS server, you should change the _getServerBaseURL function on CAS/Client.php. The main reason is because CAS plugin by the default verify the host SSL and unless you have a HTTPS in your local machine, you should change this line. 1. Replace the https to http on line 301, the line should be exactly like this: $this->_server['base_url'] = 'http://' . $this->_getServerHostname(); 2. Log as admin and Go to Plugins > Authentication > Manage authentication. 3. Enable CAS server (SSO) and go to Settings. The config should be like this. Hostname: Your VM IP address Base URI: cas-server-webapp-3.5.2/ Port: 8080 CAS logout option: Yes Multi-authentication: Yes Make sure the cURL SSL version display the cURL SSL versions supported by your php server In my server, for example I have support for: SSLv3, SSLv2, TLSv1.x 4. Create a user moodle or cas1 and set the authentication method to: CAS server (SSO) 5. Logout and click on Log In. 6. You will be prompted to choose the authentication method, choose CAS user. 7. Enter your cas user and password and click LOGIN. 8. You should be redirected to your moodle home. 9. Click Log out. 10. You should be redirect to your CAS server logout page.
    • Affected Branches:
      MOODLE_27_STABLE, MOODLE_30_STABLE
    • Fixed Branches:
      MOODLE_30_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-45981-master

      Description

      PHPCAS uses cURL to make its back channel call to CAS Server. In some cases the SSL version needs to be explicitly defined as the default version chosen does not work. This issue was identified in https://moodle.org/mod/forum/discuss.php?d=176649, and we* independently ran into the same issue.

      We* are submitting a patch that adds an additional configuration element on the CAS Auth config form to allow the SSL version to be specified.

      * Unicon, Inc. was graciously permitted to provide this patch as part of our contracted work with the California College of Arts.

      Reference material related to the fix
      http://downloads.jasig.org/cas-clients/php/1.2.2/docs/api/classphpCAS.html#a26ba0156e03fede5cd0c6bacbae8e928
      http://www.php.net//manual/en/function.curl-setopt.php
      http://curl.haxx.se/docs/manpage.html

        Attachments

          Activity

            People

            • Votes:
              3 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Fix Release Date:
                16/Nov/15