SLO issue with hostname.local type url (version 5.1.0)
26 views
Skip to first unread message
Catalin Dobrea
May 31, 2017, 6:23:41 PM5/31/17
to CAS Community
Hi
I am using CAS 5.1.0-RC3 for some time, but I have seen now there's available the 5.1.0 version which should be more stable etc
So I've switched to 5.1.0. As a side effect SLO not working anymore.
First I have observed the following in the logs: 0 logout requests were processed (output from DefaultLogoutManager class)
Then I have set up some breakpoints and found out that I will never get a logout url since the validation of the logout url is failing
So in DefaultSingleLogoutServiceLogoutUrlBuilder#determineLogoutUrl there is this following line:
UrlValidator.getInstance().isValid(singleLogoutService.getOriginalUrl()) ? new URL(singleLogoutService.getOriginalUrl()) : null;
Unfortunately, this will not see the following url https://my-desktop.local/uber-service as valid, I guess ..the presence of the .local as being the toplevel domain
Is there a way to bypass this ? Explanation: I need .local because we need to test our web app specifically on iPad and I have installed Bonjour on my laptop (running windows) in order to be able to access my dev machine on iPad by DNS/hostname.
Btw the UrlValidator comes from org.apache commons-validator version 1.6 . Was the version of this jar touched or smth ?
Thanks in advance for any suggestions.
I am using CAS 5.1.0-RC3 for some time, but I have seen now there's available the 5.1.0 version which should be more stable etc
So I've switched to 5.1.0. As a side effect SLO not working anymore.
First I have observed the following in the logs: 0 logout requests were processed (output from DefaultLogoutManager class)
Then I have set up some breakpoints and found out that I will never get a logout url since the validation of the logout url is failing
So in DefaultSingleLogoutServiceLogoutUrlBuilder#determineLogoutUrl there is this following line:
UrlValidator.getInstance().isValid(singleLogoutService.getOriginalUrl()) ? new URL(singleLogoutService.getOriginalUrl()) : null;
Unfortunately, this will not see the following url https://my-desktop.local/uber-service as valid, I guess ..the presence of the .local as being the toplevel domain
Is there a way to bypass this ? Explanation: I need .local because we need to test our web app specifically on iPad and I have installed Bonjour on my laptop (running windows) in order to be able to access my dev machine on iPad by DNS/hostname.
Btw the UrlValidator comes from org.apache commons-validator version 1.6 . Was the version of this jar touched or smth ?
Thanks in advance for any suggestions.
Reply all
Reply to author
Forward
0 new messages