The XML parsing in the SAML 1.1 attribute release support is not done using a proper XML parser. There are are probably a lot of equivalent documents that you could pass in that the parser would fail at; similarly, you can probably throw bad XML at it and still get a good response if you put in the right key strings. You can see for example here the hardcoding of the namespace prefix:
http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-cor e/3.5.1/org/jasig/cas/authentication/principal/SamlService.java#55 You can see the parsing routine here and you can see that it is not a proper XML parser. It is doing some basic string matching. http://grepcode.com/file/repo1.maven.org/maven2/org.jasig.cas/cas-server-cor e/3.5.1/org/jasig/cas/authentication/principal/SamlService.java#99 I can't speak to the other areas of SAML support which I think may use proper SAML libraries. David Ohsie Software Architect EMC Corporation From: Robert Ginsburg [mailto:[email protected]] Sent: Thursday, February 14, 2013 2:59 PM To: [email protected] Subject: [cas-user] samlp namespace question for the samlValidate url I have a suite of deserialization routines that I use a lot for SAML, they make sure all for the namespaces are included in the xml documents but don't necessarily keep a list of commonly used abbreviations. In the case of posting a soap request to the samlValidate url I can post using the samlp namespace abbreviation but if I provide any other abbreviation the post fails with a "precondition" not met. I am running CAS 3.51 on Tomcat 7 on Windows 2008 R2. Any insight would be appreciated. This works: <samlp:Request RequestID="c20d8b25823a44a189071f60ec9fe672" MajorVersion="1" MinorVersion="1" IssueInstant="2013-02-14T19:44:58.463802Z" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"> <samlp:AssertionArtifact>AAFSsPYAkNKN6Mb0Q6Li8D8gawrtLOStJWR33eagrCwtf0loiSv jpPTA</samlp:AssertionArtifact> </samlp:Request> This does not: <q1:Request RequestID="c20d8b25823a44a189071f60ec9fe672" MajorVersion="1" MinorVersion="1" IssueInstant="2013-02-14T19:44:58.463802Z" xmlns:q1="urn:oasis:names:tc:SAML:1.0:protocol"> <q1:AssertionArtifact>AAFSsPYAkNKN6Mb0Q6Li8D8gawrtLOStJWR33eagrCwtf0loiSvjpP TA</q1:AssertionArtifact> </q1:Request> Robert Ginsburg [email protected] (803) 467 - 3329 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
