CASValidateServer functionality has been removed to retain compatibil…

…ity with mod_auth_cas 1.1. Users must either fix their SSL certificate configuration using the CASCertificatePath directive, or switch to communicating with the CAS server over standard HTTP.
djjudas21 · Aug 18, 2016 · 2d7cfcf · 2d7cfcf
1 parent 9e68dd1
commit 2d7cfcf
Show file tree

Hide file tree

Showing 3 changed files with 0 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -55,11 +55,6 @@ Enable debug messages from mod_auth_cas. For this to work, you also need
 to set `LogLevel Debug` in your global or vhost config. Optional,
 defaults to `Off`.
 
-### `validateserver`
-
-Validate the SSL certificate of your CAS server. It is not recommended
-to turn this off as it presents a security risk. Optional, defaults to `On`.
-
 ## Limitations
 
 This module was written for use with CentOS 6 and Apache 2.2 and has since

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -7,12 +7,10 @@
   $path = '/cas',
   $version = 1,
   $debug = 'Off',
-  $validateserver = 'On',
 ) inherits mod_auth_cas::params {
 
   # Validate parameters
   validate_re($debug, '^O(n|ff)$', '$debug must be On or Off')
-  validate_re($validateserver, '^O(n|ff)$', '$validateserver must be On or Off')
   validate_integer($version)
   validate_absolute_path($certificatepath)
   validate_absolute_path($path)

diff --git a/templates/auth_cas.conf.erb b/templates/auth_cas.conf.erb
@@ -16,4 +16,3 @@ CASProxyValidateURL <%= @proxyvalidateurl %>
 CASCookiePath <%= @path %>/cache/
 CASVersion <%= @version %>
 CASDebug <%= @debug %>
-CASValidateServer <%= @validateserver %>