Tiago,
Petr made a good point about other matching services.
If you have actuators enabled, you can see what cas has for services with:
https://local.uvic.ca/cas/actuator/registeredServices
Or with logger:
<!-- INFO Loaded [#] service(s) from [???ServiceRegistryDAO]
DEBUG Adding registered service [service URL] -->
<Logger name="org.apereo.cas.services.AbstractServicesManager"
level="warn" />
Ray
________________________________
From: [email protected] <[email protected]> on behalf of Thiago Castro
<[email protected]>
Sent: November 26, 2025 08:02
To: CAS Community <[email protected]>
Cc: Petr Bodnár <[email protected]>; Thiago Castro <[email protected]>
Subject: [cas-user] Re: Supported protocols in service definition
You don't often get email from [email protected]. Learn why this is
important<https://aka.ms/LearnAboutSenderIdentification>
Hello Petr!
Thank you for the reply.
1 - The client which is doing the request is a Apache server doing proxy and
using mod_auth_cas. I set CASVersion 1 with /validate for validation. And my
server context path is /.
2 - No, I didn't. This is the first version ever going in production.
3 - Yes. If I write directly the "supportedProtocols" key in the service
definition, it correctly rejects the ticket due to wrong supported version of
protocol.
Best regards,
Thiago
Em quarta-feira, 26 de novembro de 2025 às 12:52:24 UTC-3, Petr Bodnár escreveu:
Hi Thiago,
some additional questions:
1. So you are calling /cas/validate, right?
2. Have you tested with older versions of CAS?
3. When you don't use a template, you say the validation correctly fails?
For prospective investigation, these are the interesting top-level lines in CAS
AbstractServiceValidateController which, apparently by-design, firstly validate
the ticket and only then check the used protocol (and return INVALID_TICKET
when that check is not successful):
val assertion = validateServiceTicket(service, serviceTicketId);
if (!validateAssertion(request, serviceTicketId, assertion, service)) {
val description =
getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_TICKET,
new Object[]{serviceTicketId}, request);
return
generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, description,
request, service);
}
Best regards
Petr
On Saturday, 22 November 2025 at 05:26:05 UTC+1 Thiago Castro wrote:
Greetings,
I'm using Apereo/CAS 7.3.1 in Podman and I have a problem with templates of
services + supportedProtocols. I defined a template in a file called
"desativaCASV1.json" with the following content:
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"templateName" : "desativaCASV1",
"supportedProtocols": [ "java.util.HashSet", ["CAS20", "CAS30"] ]
}
I'm using this template in a service without supportedProtocols object and with
templateName: "desativaCASV1". When I access the actuator of
registeredServices, the definition is there, but the service can still validate
a ticket through CAS V1.0.
Can anyone help me understand why it's allowing CAS V1.0?
Beforehand, I'm assure you that I inserted the scripting dependency and
configured the directory of templates with
file:/path/to/directory/in/container. We can notice that since the
registeredServices actuator shows the definition correctly.
Respectfully,
Thiago
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected]<mailto:[email protected]>.
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ead74cb9-d41f-469e-badc-6de688374768n%40apereo.org<https://groups.google.com/a/apereo.org/d/msgid/cas-user/ead74cb9-d41f-469e-badc-6de688374768n%40apereo.org?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/YQBP288MB0081B4654D9C96ABBB310E18CEDBA%40YQBP288MB0081.CANP288.PROD.OUTLOOK.COM.
