2 files changed, 22 insertions, 3 deletions

diff --git a/lib/classes/auth_plugins/StudipAuthCAS.class.php b/lib/classes/auth_plugins/StudipAuthCAS.class.php
index 29deb75..06f3180 100644
--- a/lib/classes/auth_plugins/StudipAuthCAS.class.php
+++ b/lib/classes/auth_plugins/StudipAuthCAS.class.php
@@ -8,6 +8,7 @@
  */
 
 require_once 'lib/classes/cas/CAS_PGTStorage_Cache.php';
+require_once 'lib/classes/cas/CAS_ServiceBaseUrl_Studip.php';
 
 class StudipAuthCAS extends StudipAuthSSO
 {
@@ -31,13 +32,15 @@ class StudipAuthCAS extends StudipAuthSSO
             $this->login_description = _('für Single Sign On mit CAS');
         }
         if (Request::get('sso') === $this->plugin_name) {
+            $base_url = new CAS_ServiceBaseUrl_Studip();
+
             if ($this->proxy) {
                 URLHelper::setBaseUrl($GLOBALS['ABSOLUTE_URI_STUDIP']);
-                phpCAS::proxy(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
+                phpCAS::proxy(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, $base_url, false);
                 phpCAS::setPGTStorage(new CAS_PGTStorage_Cache(phpCAS::getCasClient()));
                 phpCAS::setFixedCallbackURL(URLHelper::getURL('dispatch.php/cas/proxy'));
             } else {
-                phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
+                phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, $base_url, false);
             }
 
             if (isset($this->cacert)) {
@@ -83,7 +86,8 @@ class StudipAuthCAS extends StudipAuthSSO
     function logout()
     {
         // do a global cas logout
-        phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, false);
+        $base_url = new CAS_ServiceBaseUrl_Studip();
+        phpCAS::client(CAS_VERSION_2_0, $this->host, $this->port, $this->uri, $base_url, false);
         phpCAS::logout();
     }
 }
diff --git a/lib/classes/cas/CAS_ServiceBaseUrl_Studip.php b/lib/classes/cas/CAS_ServiceBaseUrl_Studip.php
new file mode 100644
index 0000000..0634e44
--- /dev/null
+++ b/lib/classes/cas/CAS_ServiceBaseUrl_Studip.php
@@ -0,0 +1,15 @@
+<?php
+
+class CAS_ServiceBaseUrl_Studip extends CAS_ServiceBaseUrl_AllowedListDiscovery
+{
+    public function __construct()
+    {
+        $protocol = $this->isHttps() ? 'https' : 'http';
+        $allow_list = array_map(function($host) use ($protocol) {
+            $host = preg_replace('/\/.*/', '', $host);
+            return $protocol . '://' . $host;
+        }, $GLOBALS['STUDIP_DOMAINS'] ?? []);
+
+        parent::__construct($allow_list);
+    }
+}