flea1lt opened a new issue, #10975: URL: https://github.com/apache/apisix/issues/10975
### Description The CAS protocol specification define JSON format response from CAS server while the `cas-auth` plugin only support the xml format. For example, the CAS protocol specifies JSON format responses for successful ticket validation, as shown in the [/serviceValidate section](https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#252-response): ```json { "serviceResponse" : { "authenticationSuccess" : { "user" : "username", "proxyGrantingTicket" : "PGTIOU-84678-8a9d..." } } } ``` However, the cas-auth plugin currently only supports parsing XML-formatted responses that contain ```<cas:authenticationSuccess>```. The plugin attempts to find this element in the response body, as shown in the Lua code snippet: ```lua local function validate(conf, ctx, ticket) -- send a request to CAS to validate the ticket local httpc = http.new() local res, err = httpc:request_uri(conf.idp_uri .. "/serviceValidate", { query = { ticket = ticket, service = uri_without_ticket(conf, ctx) } }) if res and res.status == ngx.HTTP_OK and res.body ~= nil then if core.string.find(res.body, "<cas:authenticationSuccess>") then local m = ngx_re_match(res.body, "<cas:user>(.*?)</cas:user>", "jo"); if m then return m[1] end else core.log.info("CAS serviceValidate failed: ", res.body) end else core.log.error("validate ticket failed: status=", (res and res.status), ", has_body=", (res and res.body ~= nil or false), ", err=", err) end return nil end ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
