Added support for the CAS gateway feature.

[yvangg]

This is the CAS gateway feature.
This is a implementation based on the following discussion (PR): #40

I did some modifications in order to perform the CAS gateway redirection only if the CAS cookie is present on the client application request. Of course this will not fit in all situations (where CAS domain is different from client applications won't work), but for many of situations this is a pretty good approach.

Regards.

[pivotal-cla]

@yvangg Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

[pivotal-cla]

@yvangg Thank you for signing the Contributor License Agreement!

[yvangg]

Do we have any news about this? Why is not being merged?

[marcusdacoregio]

Hi @yvangg.

The CAS module has been removed in Spring Security 6.0. See #10441.

So, for now, we have to wait to see if the java-cas-client is going to support Jakarta EE 9.

[yvangg]

Hi, @marcusdacoregio I understand that you have removed that in Spring Security 6.0, but, Why don't you accept this request on the 5.5.x branch?

Our applications are using spring-security 5.5.x and we do not have in mind update to 6.0 soon.

It will be helpfull have support for the CAS gateway feature.

[marcusdacoregio]

Hi @yvangg. Unfortunately, we can't add new features to older branches, like 5.5.x.

We are gonna start planning features for the 5.7 release next month, so I'll add this PR to the next milestone and we can start working on this by that time.

[rwinch]

I've posted on here some changes. In general, I think the original PR was closer to what should be used. We just needed the Cookies to prevent making too many requests.

[rwinch]

This is not a failed authentication attempt, so a subclass of AuthenticationException should not be thrown here

[rwinch]

Among other tangles, this introduces a tangle between between org.springframework.security.cas.authentication and org.springframework.security.cas.web. In general, authentication package should not rely on web.

[marcusdacoregio]

@yvangg have you had the chance to see @rwinch review and apply the suggested changes? Thanks!

[marcusdacoregio]

I'll close this since we do not have more minor releases planned for 5.x and the CAS support has been removed in Spring Security 6. See #10441

[Emkas]

But there is also a ticket to re-add CAS... So why do not link to #11674.

This is an important feature and if I remember correctly original issue about it has probably +10 years.

[marcusdacoregio]

@Emkas, I've just linked this PR with #11674. When the support is re-added this can be reconsidered. Thanks for the reminder.

[Emkas]

Ok, I'll subscribe #11674.

[Emkas]

#11674 is closed and CAS is re-added. Please, consider opening this issue again.

[marcusdacoregio]

Hi @Emkas, I think creating a new PR targeting the main branch is the recommended approach here since it is a new feature. Also, the new PR should contain the changes requested by @rwinch. Is @yvangg still willing to work on this?

[yvangg]

Hi @marcusdacoregio, I am willing to work on this. But probably I will need to test again the changes in the current 6.1.x branch, In addition, I did not receive any answer from @rwinch about some of my comments. I will checkout the main branch and I will test it again, if everything works as I expect I will do a new PR.

[SandwichCZ]

Hi, are the are news regarding this issue? This would be a quite helpful feature to have and it seems like there is interest in implementing it. Perhaps re-opening the ticket should be considered.

[marcusdacoregio]

Hi @SandwichCZ, we haven't received any news from @yvangg yet and there is none from the team either.