Affects Version/s: 1.0.0, 1.0.1, 1.1.0, 1.1.1
Fix Version/s: 1.3.0
The whole ST / PT semantic should be reworked. There is a lot of confusion where a PT or ST is stored in client or proxy mode on the different protocols.
The ST storage is used for the CAS 1.0 protocol and PT storage is used for the CAS 2.0 protocol.
The proxy() allows for phpCAS to proxy other apps but has no effect on the being proxied which would be controlled by the validation calls.
The decision should be based on:
- client only (will only accept STs validate against (validate)
- client() (will only accept STs and validate them against serviceValdiate)
- proxy() (will only accept ST and validate them against serviceValdiate but is able to proxy other applications)
- some boolean allowToBeProxied (switches all serviceValidate against proxyValidate)
- client only ...