kcbanner · hohice · Oct 10, 2018
diff --git a/lib/cas.js b/lib/cas.js
@@ -127,7 +127,7 @@ var CAS = module.exports = function CAS(options)
 
   // Setting this to false will allow cause bad SSL certificates to still
   // be accepted. Use only for testing.
-  this.secureSSL = true;
+  this.secureSSL = false;
 
   // Optional single sign out server list
   if (options.sso_servers) {
@@ -369,7 +369,16 @@ CAS.prototype.validate = function(ticket, callback, service, renew)
   if (this.version < 2.0) {
     // CAS 1.0
     validate_path = 'validate';
-  } else {
+  } else if (this.version > 2.0){
+    pgtURL = this.pgt_url;
+    if (ticket.indexOf('PT-') == 0) {
+      validate_path = 'p3/proxyValidate';
+    } else {
+      validate_path = 'p3/serviceValidate';
+      //validate_path = 'p3/proxyValidate';
+    }
+  }
+  else {
     // CAS 2.0
     pgtURL = this.pgt_url;
     if (ticket.indexOf('PT-') == 0) {
@@ -441,12 +450,58 @@ CAS.prototype.validate = function(ticket, callback, service, renew)
         // Format was not correct, error
         callback(new Error('Bad response format.'));
       } 
-
+      // CAS 3.0 (XML response, and extended attributes)
+      else if (this.version > 2.0){
+        // Use cheerio to parse the XML repsonse.
+        var $ = cheerio.load(response); 
+        // Check for auth success
+        var elemSuccess = $('cas\\:authenticationSuccess').first();
+        if (elemSuccess && elemSuccess.length > 0) {
+            var elemUser = elemSuccess.find('cas\\:user').first();
+            if (!elemUser || elemUser.length < 1) {
+                //  This should never happen
+                callback(new Error("No username?"), false);
+                return;
+            }
+
+            // Got username
+            var username = elemUser.text();
+
+
+
+            // Look for optional proxy granting ticket
+            var pgtIOU;
+            var elemPGT = elemSuccess.find('cas\\:proxyGrantingTicket').first();
+            if (elemPGT) {
+                pgtIOU = elemPGT.text();
+            }
+
+            // Look for optional proxies
+            var proxies = [];
+            var elemProxies = elemSuccess.find('cas\\:proxies');
+            for (var i=0; i<elemProxies.length; i++) {
+                var thisProxy = $(elemProxies[i]).text().trim();
+                proxies.push(thisProxy);
+            }
+
+            // Look for optional attributes
+            var attributes = parseAttributes(elemSuccess);
+
+
+            callback(undefined, true, username, {
+                'username': username,
+                'attributes': attributes,
+                'PGTIOU': pgtIOU,
+                'ticket': ticket,
+                'proxies': proxies
+            });
+        return;
+      }
+    }
       // CAS 2.0 (XML response, and extended attributes)
       else {
         // Use cheerio to parse the XML repsonse.
-        var $ = cheerio.load(response);
-
+        var $ = cheerio.load(response); 
         // Check for auth success
         var elemSuccess = $('cas\\:authenticationSuccess').first();
         if (elemSuccess && elemSuccess.length > 0) {