On 10/14/2016 12:15 PM, Baron Fujimoto wrote:
On Wed, Oct 12, 2016 at 11:21:50AM -0500, Richard Frovarp wrote:
There was a sort of extension to the CAS 2.0 protocol that allowed for
attribute return. Is that even possible in the upcoming 5.x line? I can't see
anything in the docs for the 4.x line, so I'm guessing not. I think we have
some old services that were doing CAS 2.0 with attribute return. They
certainly were all external vendors.
The /cas/samlValidate endpoint has returned attributes via SAML for a
long time in CAS. It's still present in 5.x.
I haven't tried it yet, but /p3/serviceValidate should also return
attributes via XML or JSON.
Yeah, most of our stuff does SAML 1.1. I know some vendors were
specifically doing CAS 2.0, and expecting attribute return. You used to
be able to hack something into the xslt to have it put the attributes
there in an extension that some of the CAS clients understood.
I did see that CAS 3.0 supports attributes. It might just come down to
pointing them at that validator. It also might come down to having them
upgrade. The unfortunate part is that the list of vendors needing this
has been lost to time. I should be able to look at the logs and see who
is hitting the CAS validation endpoint over the SAML one, and go from
I'm guessing that since there is an officially supported version of the
protocol that does attribute return, the "easy" hack of adding it in is
no longer easy.
CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit
For more options, visit https://groups.google.com/a/apereo.org/d/optout.