Had originally only posted this to cas-user, but in retrospect it seems useful to ask cas-dev as well - anyone else using/interested in maintaining/incubating the clearpass bundle?
Jason ------ Forwarded Message > From: Jason Shao <[email protected]> > Subject: [cas-user] CAS Clearpass XML Encoding Issue > > Hi Everyone, > > Is anyone else using (or interested in using?) the CAS Clearpass work with > was contributed by Sacramento State and Unicon? > > We've adopted it and integrated it into our build, and recently encountered > and fixed an issue related to the fact that the current JSPs don't properly > encode XML entities (since JSP EL in Tomcat doesn't XML escape the same way > c:out does) and so the password passback was non-functional in clients that > tried to XML parse the response (as opposed to doing string parsing like the > provided uPortal security context) > > I could put together a patch, but I know that code is currently in the > Sandbox, and doesn't look to have a JIRA or any other infrastructure, so > thought I'd ask here first -- is there interest in maintaining and perhaps > incubating/sandboxing this code? I know it is somewhat unclean in terms of > the CAS protocol and architecture, but there are a number of portal > use-cases especially that are difficult to implement without access to user > credentials. > > Jason > > -- > Jason Shao > Director of Product Development > CampusEAI Consortium > 1940 East 6th Street, 11th Floor > Cleveland, OH 44114 > Tel: 216.589.9626x249 > Fax: 216.589.9639 ------ End of Forwarded Message Your input is important to improve upon our continuous efforts to service you better. Please e-mail my manager at [email protected] with any feedback. CONFIDENTIALITY NOTICE: This e-mail together with any attachments is proprietary and confidential; intended for only the recipient(s) named above and may contain information that is privileged. You should not retain, copy or use this e-mail or any attachments for any purpose, or disclose all or any part of the contents to any person. Any views or opinions expressed in this e-mail are those of the author and do not represent those of CampusEAI Consortium or the Open Student Television Network. If you have received this e-mail in error, or are not the named recipient(s), you are hereby notified that any review, dissemination, distribution or copying of this communication is prohibited by the sender and to do so might constitute a violation of the Electronic Communications Privacy Act, 18 U.S.C. section 2510-2521. Please immediately notify the sender and delete this e-mail and any attachments from your computer. Warning: Although precautions have been taken to make sure no viruses are present in this e-mail, the companies cannot accept responsibility for any loss or damage that arise from the use of this e-mail or attachments. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
