diff --git a/lib/cas.js b/lib/cas.js index 3a49580..f4f2c8b 100644 --- a/lib/cas.js +++ b/lib/cas.js @@ -127,7 +127,7 @@ var CAS = module.exports = function CAS(options) // Setting this to false will allow cause bad SSL certificates to still // be accepted. Use only for testing. - this.secureSSL = true; + this.secureSSL = false; // Optional single sign out server list if (options.sso_servers) { @@ -369,7 +369,16 @@ CAS.prototype.validate = function(ticket, callback, service, renew) if (this.version < 2.0) { // CAS 1.0 validate_path = 'validate'; - } else { + } else if (this.version > 2.0){ + pgtURL = this.pgt_url; + if (ticket.indexOf('PT-') == 0) { + validate_path = 'p3/proxyValidate'; + } else { + validate_path = 'p3/serviceValidate'; + //validate_path = 'p3/proxyValidate'; + } + } + else { // CAS 2.0 pgtURL = this.pgt_url; if (ticket.indexOf('PT-') == 0) { @@ -441,12 +450,58 @@ CAS.prototype.validate = function(ticket, callback, service, renew) // Format was not correct, error callback(new Error('Bad response format.')); } - + // CAS 3.0 (XML response, and extended attributes) + else if (this.version > 2.0){ + // Use cheerio to parse the XML repsonse. + var $ = cheerio.load(response); + // Check for auth success + var elemSuccess = $('cas\\:authenticationSuccess').first(); + if (elemSuccess && elemSuccess.length > 0) { + var elemUser = elemSuccess.find('cas\\:user').first(); + if (!elemUser || elemUser.length < 1) { + // This should never happen + callback(new Error("No username?"), false); + return; + } + + // Got username + var username = elemUser.text(); + + + + // Look for optional proxy granting ticket + var pgtIOU; + var elemPGT = elemSuccess.find('cas\\:proxyGrantingTicket').first(); + if (elemPGT) { + pgtIOU = elemPGT.text(); + } + + // Look for optional proxies + var proxies = []; + var elemProxies = elemSuccess.find('cas\\:proxies'); + for (var i=0; i 0) {