From 0c4b09305e2bb89064d28e1927bfbcbb0f3669ea Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Thu, 15 Nov 2018 12:34:53 +0000 Subject: [PATCH 1/2] Proposal to rename m.login.cas to m.login.sso --- proposals/1721-rename-cas-to-sso.md | 37 +++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 proposals/1721-rename-cas-to-sso.md diff --git a/proposals/1721-rename-cas-to-sso.md b/proposals/1721-rename-cas-to-sso.md new file mode 100644 index 00000000..10902ce7 --- /dev/null +++ b/proposals/1721-rename-cas-to-sso.md @@ -0,0 +1,37 @@ +# MSC1721: Rename `m.login.cas` to `m.login.sso` + +The Matrix Client-Server spec includes a [section on client login using Central +Authentication Service +(CAS)](https://matrix.org/docs/spec/client_server/r0.4.0.html#cas-based-client-login). + +The spec currently fails to mention it, but this process is triggered when [`GET +/login`](https://matrix.org/docs/spec/client_server/r0.4.0.html#get-matrix-client-r0-login) +returns a flow type of `m.login.cas`. + +Nothing in this flow is specific to CAS - it is equally applicable for other +web-based single-sign-on processes, such as SAML. + +Accordingly, we should rename `cas` to `sso`. + +## Proposal + +1. `m.login.sso` should be defined as a valid login type for return from `GET + /login`. (We should probably mention `m.login.cas` in the spec while we are + there). + +2. When a client wishes to use the SSO login type, it should redirect to + `/_matrix/client/r0/login/sso/redirect` (instead of + `/_matrix/client/r0/login/cas/redirect`). + +3. Servers should treat `/_matrix/client/r0/login/sso/redirect` identically to + `/_matrix/client/r0/login/cas/redirect`: they should issue a redirect to + their configured single-sign-on system. + +4. Servers should probably rename the post-authentication callback endpoint + `/_matrix/client/r0/login/sso/ticket` instead of + `/_matrix/client/r0/login/cas/ticket`. Note, however, that this name is only + a suggestion: the full name of this endpoint is implementation-specific. + +5. Servers which support `m.login.sso` should make sure they update their [login + fallback page](https://matrix.org/docs/spec/client_server/r0.4.0.html#login-fallback) + to understand the new login type. From b5a82a5eb1f32ae29e9c576e03ba54c66afb6405 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Thu, 22 Nov 2018 23:04:43 +0000 Subject: [PATCH 2/2] no need to rename ticket endpoint --- proposals/1721-rename-cas-to-sso.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/proposals/1721-rename-cas-to-sso.md b/proposals/1721-rename-cas-to-sso.md index 10902ce7..5d4abcd8 100644 --- a/proposals/1721-rename-cas-to-sso.md +++ b/proposals/1721-rename-cas-to-sso.md @@ -17,7 +17,7 @@ Accordingly, we should rename `cas` to `sso`. 1. `m.login.sso` should be defined as a valid login type for return from `GET /login`. (We should probably mention `m.login.cas` in the spec while we are - there). + there.) 2. When a client wishes to use the SSO login type, it should redirect to `/_matrix/client/r0/login/sso/redirect` (instead of @@ -27,11 +27,6 @@ Accordingly, we should rename `cas` to `sso`. `/_matrix/client/r0/login/cas/redirect`: they should issue a redirect to their configured single-sign-on system. -4. Servers should probably rename the post-authentication callback endpoint - `/_matrix/client/r0/login/sso/ticket` instead of - `/_matrix/client/r0/login/cas/ticket`. Note, however, that this name is only - a suggestion: the full name of this endpoint is implementation-specific. - -5. Servers which support `m.login.sso` should make sure they update their [login +4. Servers which support `m.login.sso` should make sure they update their [login fallback page](https://matrix.org/docs/spec/client_server/r0.4.0.html#login-fallback) to understand the new login type.