Path: History.txt
Last Update: Thu Nov 20 13:42:37 -0500 2008

RubyCAS-Client Changelog

== Version 2.1.0 :In Progress…
  • New functionality:
    • Added an adapter for the Merb framework. Thanks to Andrew O‘Brien and Antono Vasiljev.
    • Implemented single-sign-out functionality. The client will now intercept single-sign-out requests and deal with them appropriately if the :enable_single_sign_out config option is set to true. This is currently disabled by default. (Currently this is only implemented for the Rails adapter)
    • Added logout method to Rails adapter to simplify the logout process. The logout method resets the local Rails session and redirects to the CAS logout page.
    • Added login_url method to the Rails filter. This will return the login URL for the current controller; useful when you want to show a "Login" link in a gatewayed page for an unauthenticated user.
    • Added cas_server_is_up? method to the client, as requested in issue 5.
    • Extra user attributes are now automatically unserialized if the incoming data is in YAML format.
  • Changes to existing functionality:
    • The ‘service’ parameter in the logout method has been renamed to ‘destination’ to better match the behaviour of other CAS clients. So for example, when you call logout_url("foo.example"), the method will now return "cas.example?destination=https%3A%2F%2Ffoo.example" instead of the old "cas.example?service=https%3A%2F%2Ffoo.example". RubyCAS-Server has been modified to deal with this as of version 0.6.0.
    • We now accept HTTP responses from the CAS server with status code 422 since RubyCAS-Server 0.7.0+ generates these in response to requests that are processable but contain invalid CAS data (for example an invalid service ticket).
    • Some behind-the-scenes changes to the way previous authentication info is reused by the Rails filter in subsequent requests (see the note below in the 2.0.1 release). From the user‘s and integrator‘s point of view there shouldn‘t be any obvious difference from 2.0.1.
    • Redirection loop interception: The client now logs a warning message when it believes that it is stuck in a redirection loop with the CAS server. If more than three of these redirects occur within one second, the client will redirect back to the login page with renew=1, forcing the user to try authenticating again.
    • Somewhat better handling and logging of errors resulting from CAS server connection/response problems.
  • Bug Fixes:
    • Fixed bug where the the service/destination parameter in the logout url would sometimes retain the ‘ticket’ value. The ticket is now automatically stripped from the logout url.
    • The client will no longer attempt to retrieve a PGT for an IOU that had already been previously retrieved. [yipdw1]
  • Misc:
    • Added complete CAS client integration examples for Rails and Merb applications under /examples.
== Version 2.0.1 :2008-02-27
  • The Rails filter no longer by default redirects to the CAS server on every request. This restores the behaviour of RubyCAS-Client 1.x. In other words, if a session[:cas_user] value exists, the filter will assume that the user is authenticated without going through the CAS server. This behaviour can be disabled (so that a CAS re-check is done on every request) by setting the ‘authenticate_on_every_request’ option to true. See the "Re-authenticating on every request" section in the README.txt for details.
== Version 2.0.0 :2008-02-14
  • Core client has been abstracted out of the Rails adapter. It should now be possible to use the client in other frameworks (e.g. Camping).
  • Configuration syntax has completely changed. In other words, your old rubycas-client-1.x configuration will no longer work. See the README for details.
  • Added support for reading extra attributes from the CAS response (i.e. in addition to just the username). However currently this is somewhat useless since RubyCAS-Server does not yet provide a method for adding extra attributes to the responses it generates.