I am using 5.1.5 but I belive this is also 5.2. If the username has an & in it the & is put into the XML of CAS 3 ServiceValidation unescaped.
Here is an example of the returned XML. <cas:authenticationSuccess> <cas:user>mary&mike</cas:user> <cas:attributes> <cas:mail>[email protected]</cas:mail> <cas:userPrincipalName>mary&mike</cas:userPrincipalName> <cas:cn>Mike Smith</cas:cn> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> As you can see in <cas:user>mary&mike</cas:user> the & is unescaped. here is a snippit of casServiceValidationSuccess.html. <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> <cas:authenticationSuccess> <cas:user th:utext="${principal.id}"/> Shouldn't the last line be a th:text not a th:utext. I can make the change in my overlay with no problem. Am I right in the general case? In that case I can make the change and submit a pull request. Also is there a bug tracker for the CAS project? I can find the old JASIG on but not a recent one. Jeffrey Simpson | Senior Software Engineer Youth For Understanding USA (p) 202.774.5266 (f) 202.588.7571 -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/BN6PR10MB18123A2C2A40782E80EDE076B1380%40BN6PR10MB1812.namprd10.prod.outlook.com.
