Re: [cas-user] CAS 2.0 attribute return?

[Richard Frovarp]

On 10/14/2016 12:15 PM, Baron Fujimoto wrote:
On Wed, Oct 12, 2016 at 11:21:50AM -0500, Richard Frovarp wrote:
There was a sort of extension to the CAS 2.0 protocol that allowed for
attribute return. Is that even possible in the upcoming 5.x line? I can't see
anything in the docs for the 4.x line, so I'm guessing not. I think we have
some old services that were doing CAS 2.0 with attribute return. They
certainly were all external vendors.
Thanks,

Richard
The /cas/samlValidate endpoint has returned attributes via SAML for a
long time in CAS. It's still present in 5.x.

<https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#samlvalidate-cas-30>

I haven't tried it yet, but /p3/serviceValidate should also return
attributes via XML or JSON.

<https://apereo.github.io/cas/development/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30>

-baron

Yeah, most of our stuff does SAML 1.1. I know some vendors were 
specifically doing CAS 2.0, and expecting attribute return. You used to 
be able to hack something into the xslt to have it put the attributes 
there in an extension that some of the CAS clients understood.

I did see that CAS 3.0 supports attributes. It might just come down to 
pointing them at that validator. It also might come down to having them 
upgrade. The unfortunate part is that the list of vendors needing this 
has been lost to time. I should be able to look at the logs and see who 
is hitting the CAS validation endpoint over the SAML one, and go from 
there.

I'm guessing that since there is an officially supported version of the 
protocol that does attribute return, the "easy" hack of adding it in is 
no longer easy.

--
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/e8d9b0f4-1ea5-657a-965a-4a0b1f4beebb%40ndsu.edu.
For more options, visit https://groups.google.com/a/apereo.org/d/optout.