CAS tries to escape attribute names in CAS protocol response if they
contain ':' and '@' symbols.
In CAS 5.3 (I know it's unsupported) it uses HEX-encoding of such names.
When I am trying to release some SAML standard attributes (e. g.
urn:oid:1.3.6.1.4.1.5923.1.1.1.9) using CAS protocol I have the following
attributes map in the response:
<cas:attributes>
<! -- Skipped for clarity -->
<cas:75726e3a6f69643a312e332e362e312e342e312e353932332e312e312e312e39>[email protected]</cas:75726e3a6f69643a312e332e362e312e342e312e353932332e312e312e312e39>
<! -- Skipped for clarity -->
</cas:attributes>
75726e3a6f69643a312e332e362e312e342e312e353932332e312e312e312e39 is not a
valid XML tag name. XML tag name cannot start with a digit. Client
libraries cannot even parse this XML!
I can see that this behavior has changed for some reason in master branch.
Now it uses Base64 encoding for attribute names (same as for values). Which
does not solve this problem (Base64 encoded string still can start with a
digit) but makes it even worse (Base64 has / and = symbols which should not
be present in a tag name)
--
You received this message because you are subscribed to the Google Groups "CAS
Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-dev/d452004d-7142-4b8f-896f-22c6ccf412d2%40apereo.org.
