I can see a class DotNetCasClient.Security.Assertion Jason, is that the one you're referring to? What does it mean to release an attribute?
Some more information about the issues we're seeing: We noticed that the php CAS client uses a query string parameter named session on the redirect to cas/login whereas the .NET CAS client uses one named TARGET. Can anyone explain this difference? As an experiment, we changed the name of this parameter (DotNetCasClient.Validation.TicketValidator.Saml11TicketValidator.SAML_SERVI CE_PARAM string constant value) from TARGET to session. This resulted in us seeing the 302 redirect. With it unchanged, a login attempt resulted in the CAS login page just being redisplayed to the user. Apologies for not including this information in my original post. From: Lehman, Jason [mailto:jleh...@usf.edu] Sent: 18 November 2013 17:02 To: cas-dev@lists.jasig.org Subject: RE: [cas-dev] .NET CAS Client - circular 302 redirect loop Anything that you would be able to get from phpCAS::getAttributes or in the .NET case sessionAssertion.Attributes.Keys. From: Richard Everett [mailto:rich...@codrie.com] Sent: Monday, November 18, 2013 11:52 AM To: cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> Subject: RE: [cas-dev] .NET CAS Client - circular 302 redirect loop Thanks Jason. I've tried changing ticketValidatorName to CAS20, but still get the redirect loop. Can you tell me what you mean by "releasing attributes". I'm afraid I don't understand. Another team set up our CAS server, and their view is that since the php CAS client works, we must be doing something incorrect with the .NET client. From: Lehman, Jason [mailto:jleh...@usf.edu] Sent: 18 November 2013 16:38 To: cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> Subject: RE: [cas-dev] .NET CAS Client - circular 302 redirect loop If you are using the .NET CAS Client and setting the ticketValidatorName="Saml11" and you are not releasing attributes you will get into a redirect loop. You would need to set ticketValidatorName="CAS20". Or at least that it was what worked for us. From: Richard Everett [mailto:rich...@codrie.com] Sent: Monday, November 18, 2013 11:31 AM To: cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> Subject: RE: [cas-dev] .NET CAS Client - circular 302 redirect loop Thanks for your reply. I don't really understand what you mean by "sending over attributes" I'm afraid. I have the php client working on the same development server, using IIS and the same self-signed certificate. Regards, Richard From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: 18 November 2013 16:24 To: cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> Subject: RE: [cas-dev] .NET CAS Client - circular 302 redirect loop Could you verify that this is in fact related to NETC-53, by perhaps sending over attributes? If not, the likely cause usually is ssl/cert issues. From: Richard Everett [mailto:rich...@codrie.com] Sent: Monday, November 18, 2013 8:52 AM To: cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> Cc: rich...@codrie.com <mailto:rich...@codrie.com> Subject: RE:[cas-dev] .NET CAS Client - circular 302 redirect loop Hi, We are using CAS for the first time, and have an instance of CAS 4.0 RC2 deployed. It has been set up to use LDAP for user authentication. It is also set up to use SAML. We have used the php CAS client successfully with it. However, we have so far been unable to get the .NET CAS client to work correctly with it. We have followed the instructions at https://wiki.jasig.org/display/CASC/.Net+Cas+Client and see the CAS login dialog as expected when navigating to a page that requires authentication. However, when we enter valid credentials we end up with a circular redirect happening between this page and the CAS login page. On each redirect we have observed that an additional ticket query string parameter gets added to the URL, until we end up with a URL like this (and the browser stops redirecting). https://everett/DotnetCasClientTest/Home/Secure?ticket=ST-254-EhsfXpaq5Lkxsk 4BdPKE-srv02-cas4.company.org&ticket=ST-255-LteZxs4iExiv9tmftJ7R-srv02-cas4. company.org&ticket=ST-256-g6Wsb7G2a4CvdiviOfka-srv02-cas4.company.org&ticket =ST-257-XgkaedfxlDHddWx7WQDX-srv02-cas4.company.org&ticket=ST-258-tt1Vs4VXEb r4a5D267hi-srv02-cas4.company.org&ticket=ST-259-9fQuh6673AO5EV63Op2O-srv02-c as4.company.org&ticket=ST-260-RLeIe37MkFRqnCahItnI-srv02-cas4.company.org&ti cket=ST-261-MMoKYJ00sNwTHPSKLCOq-srv02-cas4.company.org&ticket=ST-262-YcKgth ZecSHTADXgwFuY-srv02-cas4.company.org&ticket=ST-263-cQhlmP2RnkZER633IUoH-srv 02-cas4.company.org&ticket=ST-264-aO1ED...(extra parameters removed) We are wondering if the issue we're facing is this one: https://issues.jasig.org/browse/NETC-53 We have stepped through the CAS .NET client source code in an attempt to understand what is going on, but so far this has not helped us fix the problem. Can anyone supply any insight into the behaviour we are seeing? regards, Richard -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: mmoay...@unicon.net <mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: rich...@codrie.com <mailto:rich...@codrie.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: jleh...@usf.edu <mailto:jleh...@usf.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: rich...@codrie.com <mailto:rich...@codrie.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: jleh...@usf.edu <mailto:jleh...@usf.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org <mailto:cas-dev@lists.jasig.org> as: richard.ever...@affiliate.imd.org <mailto:richard.ever...@affiliate.imd.org> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
