I found what seems to be a bug in the _isHttps() function
Amongs other things, it looks for $_SERVER[‘HTTPS’] != ‘off’, but on my php
server (zend server living on iseries) $_SERVER[‘HTTPS’] is set to ‘OFF’
instead. So the function returns true, even though https is set to OFF (then
phpcas generates service=https:// for cas to redirect to, and the redirect
doesn’t work)
To fix it, I use strtolower:
private function _isHttps()
{
var_dump($_SERVER);
if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
return ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https');
}
if ( isset($_SERVER['HTTPS'])
&& !empty($_SERVER['HTTPS'])
&& strtolower($_SERVER['HTTPS']) != 'off'
) {
return true;
} else {
return false;
}
}
Please let me know where to post this, if cas-user isn’t the right place
Thanks
Phil
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
