I think we can safely ignore memberOf as that may turn out to be an attribute that the principal carries automatically. If it's available, it will automatically turn into a <cas:memberOf> tag. The others are calculated by the core system so they would require explicit support in the response. So we can leave that to be up to the interpretation of the attribute repository.
I noticed something else. The protocol includes a note that says: Note: As userAttributes can be extended by the CAS Server implementor (see <xs:any> schema definition), it is recommended to form custom attributes as <cas:attributes name="NAME">VALUE</cas:attributes>. Wouldn't we want to recommend that the format be changed to: <cas:attributes><cas:attributeName>VALUE</cas:attributeName></cas:attributes> What's recommended would work too, but I suppose it doesn't quite match the default syntax in the response. Misagh ----- Original Message ----- From: "Jérôme LELEU" <lel...@gmail.com> To: cas-dev@lists.jasig.org Sent: Friday, January 10, 2014 5:58:09 AM Subject: Re: [cas-dev] RememberMe attribute in validate response Thanks for reminding us about that. +1 to add the "remember-me" attributes in the /p3/serviceValidate response (I think I already proposed that). Though, I don't know what the memberOf property is... Best, Jérôme 2014/1/10 Robert Oschwald < robertoschw...@googlemail.com > opened CAS-1413 Am 10.01.2014 um 13:48 schrieb Robert Oschwald < robertoschw...@googlemail.com >: <blockquote> Currently, authenticationDate, memberOf, isFromNewLogin and longTermAuthenticationRequestTokenUsed attributes are defined as optional in the schema definition Appdx A. Maybe it would be better to mark those attributes as mandatory in the XSD schema, so we do not have conditional attribute requirements based on features enabled in CAS. Robert Am 10.01.2014 um 13:18 schrieb Misagh Moayyed < mmoay...@unicon.net >: <blockquote> I think so. Similarly, I noticed that validation responses do not implement support for attributes authenticationDate and memberOf. I'd think that these needs to be present in the final response when available to implement full protocol support for attributes per Appendix A. Misagh From: "Robert Oschwald" < robertoschw...@googlemail.com > To: cas-dev@lists.jasig.org Sent: Friday, January 10, 2014 1:07:11 AM Subject: [cas-dev] RememberMe attribute in validate response In SAML10SuccessResponseView, isFromNewLogin() is always evaluated. So when RememberMe is enabled, the longTermAuthenticationRequestTokenUsed attribute is set automatically on a Remembered login. Shouldn’t that also be added by default to the 3.0/casServiceValidationSuccess.jsp page? Otherwise, we need to document somewhere how to setup RememberMe in the view. As this is a security relevant attribute, I prefer to have the evaluation in by default. -- You are currently subscribed to cas-dev@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: robertoschw...@googlemail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev </blockquote> -- You are currently subscribed to cas-dev@lists.jasig.org as: lel...@gmail.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev </blockquote> -- You are currently subscribed to cas-dev@lists.jasig.org as: mmoay...@unicon.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
