SAML 1.1 should be using TARGET and CAS should be using SERVICE. That said, because of the way the server works, you can use SERVICE during login for both protocol types, but the validation should require the specific/correct one.
Cheers, Scott On Wed, Sep 19, 2012 at 2:09 AM, Michael Easthope < [email protected]> wrote: > Hi all > > I am using the CAS SAML validator to return attributes. > > I've run into some confusion over the proper parameter to use when calling > /login and /samlValidate when using SAML. > > The documentation and example code seems to be inconsistent. > > I've tried reading all the wiki documentation and searching this forum > without finding a definitive answer so I'm hoping someone can help. > > Is there a canonical answer to when I should use "service=" and when > should I use "TARGET=" ? > > The .NET client documentation ( > https://wiki.jasig.org/display/CASC/UrlUtil+Methods) indicates that you > should use service for both: > > /login?service=https%3a%2f%2fappserver%2fexample%2fdefault.aspx > > /samlValidate?service= > https%3a%2f%2fappserver%2fexample%2fdefault.aspx&ticket=SAMPLETICKET > > The php client on the other hand generates: > > /login?service=https%3a%2f%2fappserver%2fexample%2fdefault.aspx > and > > /samlValidate?TARGET= > https%3a%2f%2fappserver%2fexample%2fdefault.aspx&ticket=SAMPLETICKET > > The server seems to follow the same pattern as the phpCas code: > > /login?service=https%3a%2f%2fappserver%2fexample%2fdefault.aspx > and > > /samlValidate?TARGET= > https%3a%2f%2fappserver%2fexample%2fdefault.aspx&ticket=SAMPLETICKET > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
