Hello Petr!
Thank you for the reply.
1 - The client which is doing the request is a Apache server doing proxy
and using mod_auth_cas. I set CASVersion 1 with /validate for validation.
And my server context path is /.
2 - No, I didn't. This is the first version ever going in production.
3 - Yes. If I write directly the "supportedProtocols" key in the service
definition, it correctly rejects the ticket due to wrong supported version
of protocol.
Best regards,
Thiago
Em quarta-feira, 26 de novembro de 2025 às 12:52:24 UTC-3, Petr Bodnár
escreveu:
> Hi Thiago,
>
> some additional questions:
>
> 1. So you are calling /cas/validate, right?
> 2. Have you tested with older versions of CAS?
> 3. When you *don't* use a template, you say the validation correctly
> fails?
>
> For prospective investigation, these are the interesting top-level lines
> in CAS *AbstractServiceValidateController* which, apparently by-design,
> firstly validate the ticket and only then check the used protocol (and
> return INVALID_TICKET when that check is not successful):
>
> val assertion = validateServiceTicket(service, serviceTicketId);
> if (!validateAssertion(request, serviceTicketId, assertion,
> service)) {
> val description =
> getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_TICKET,
>
> new Object[]{serviceTicketId}, request);
> return
> generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET,
> description, request, service);
> }
>
> Best regards
> Petr
> On Saturday, 22 November 2025 at 05:26:05 UTC+1 Thiago Castro wrote:
>
>> Greetings,
>>
>>
>> I'm using Apereo/CAS 7.3.1 in Podman and I have a problem with templates
>> of services + supportedProtocols. I defined a template in a file called
>> "desativaCASV1.json" with the following content:
>>
>> {
>> "@class" : "org.apereo.cas.services.CasRegisteredService",
>> "templateName" : "desativaCASV1",
>> "supportedProtocols": [ "java.util.HashSet", ["CAS20", "CAS30"] ]
>> }
>>
>> I'm using this template in a service without supportedProtocols object
>> and with templateName: "desativaCASV1". When I access the actuator of
>> registeredServices, the definition is there, but the service can still
>> validate a ticket through CAS V1.0.
>>
>>
>> Can anyone help me understand why it's allowing CAS V1.0?
>>
>> Beforehand, I'm assure you that I inserted the scripting dependency and
>> configured the directory of templates with
>> file:/path/to/directory/in/container. We can notice that since the
>> registeredServices actuator shows the definition correctly.
>>
>>
>> Respectfully,
>> Thiago
>>
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ead74cb9-d41f-469e-badc-6de688374768n%40apereo.org.
