SSO CAS: updating parameters and requierement to comply with security update of phpCAS version 1.6 to fix high severity issue GHSA-8q72-6qq8-xv64 -refs BT#20407

app/config/auth.conf.dist.php

@@ -155,6 +155,10 @@ $langMainInfoDetail .= '<p>More information on OpenID is available at <a href="h
  * CAS
  */
 $cas = [
+    'service_base_url' => '', //The base url of your service required by phpCAS since compliance with 
+    //https://github.com/advisories/GHSA-8q72-6qq8-xv64 in version 1.6 
+    //with this https://github.com/apereo/phpCAS/commit/b759361d904a2cb2a3bcee9411fc348cfde5d163
+    //It should be the URL of you Chamilo or an array of all the URLs in case of a multiURL installation including https and / at the end
     'force_redirect' => false,
     'replace_login_form' => false,
     //'skip_force_redirect_in' => ['/main/webservices'],

composer.json

@@ -47,7 +47,7 @@
         "ext-zip": "*",
         "ext-zlib": "*",
         "angelfqc/vimeo-api": "2.0.6",
-        "apereo/phpcas": "^1.3",
+        "apereo/phpcas": "^1.6",
         "brumann/polyfill-unserialize": "^1.0",
         "chamilo/pclzip": "~2.8",
         "clue/graph": "~0.9.0",

main/auth/cas/cas_var.inc.php

@@ -41,8 +41,15 @@ if (api_is_cas_activated()) {
         }
         $uri = api_get_setting('cas_server_uri') ?: '';
         $hostname = api_get_setting('cas_server') ?: 'localhost';
+        $serviceBaseUrl = '';
 
-        phpCAS::client($version, $hostname, $port, $uri);
+        if (is_array($cas)) {
+            if (array_key_exists('service_base_url', $cas)) {
+                $serviceBaseUrl = $cas['service_base_url'];
+            }
+        }
+
+	phpCAS::client($version, $hostname, $port, $uri, $serviceBaseUrl);
 
         if (is_array($cas) && array_key_exists('noCasServerValidation', $cas) && $cas['noCasServerValidation']) {
             phpCAS::setNoCasServerValidation();