On 10/14/2016 12:15 PM, Baron Fujimoto wrote:
On Wed, Oct 12, 2016 at 11:21:50AM -0500, Richard Frovarp wrote:
There was a sort of extension to the CAS 2.0 protocol that allowed for
attribute return. Is that even possible in the upcoming 5.x line? I can't see
anything in the docs for the 4.x line, so I'm guessing not. I think we have
some old services that were doing CAS 2.0 with attribute return. They
certainly were all external vendors.


The /cas/samlValidate endpoint has returned attributes via SAML for a
long time in CAS. It's still present in 5.x.


I haven't tried it yet, but /p3/serviceValidate should also return
attributes via XML or JSON.



Yeah, most of our stuff does SAML 1.1. I know some vendors were specifically doing CAS 2.0, and expecting attribute return. You used to be able to hack something into the xslt to have it put the attributes there in an extension that some of the CAS clients understood.

I did see that CAS 3.0 supports attributes. It might just come down to pointing them at that validator. It also might come down to having them upgrade. The unfortunate part is that the list of vendors needing this has been lost to time. I should be able to look at the logs and see who is hitting the CAS validation endpoint over the SAML one, and go from there.

I'm guessing that since there is an officially supported version of the protocol that does attribute return, the "easy" hack of adding it in is no longer easy.

CAS gitter chatroom: https://gitter.im/apereo/cas
CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
CAS documentation website: https://apereo.github.io/cas
CAS project website: https://github.com/apereo/cas
--- You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To post to this group, send email to cas-user@apereo.org.
Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/a/apereo.org/d/optout.

Reply via email to