Thanks, Marvin, that helps a lot. I suspect this might be what we are seeing since we have other clients using SAML validation without issues. I'll check with the vendor to see if they are using mod_auth_cas. Is there a certain version of mod_auth_cas that does work and certain that don't?
thanks, Adam On Tue, May 21, 2013 at 2:06 PM, Marvin S. Addison <[email protected] > wrote: > Are there any known issues with SAML validation in CAS 3.5.2? We >> recently upgraded and a client has started having issues after our >> upgrade that they did not see in previous versions. >> > > There is a known issue with respect to the XML namespace prefix used in > SAML responses with 3.5.2 caused by the upgrade to OpenSAML 2.x. Some > clients with loose XML parsing strategies, most notable mod_auth_cas, > cannot handle the new XML namespace prefix. In the strictest sense, it's a > client problem and should be addressed in that context. But we had to hack > a patch to mod_auth_cas to fix this for our Apache CAS clients. Other > clients may be affected by this, but I'm not aware of any. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/**display/JSG/cas-user<http://www.ja-sig.org/wiki/display/JSG/cas-user> > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
