We upgraded our CAS version from 6.0.x to 6.1.x and it works out of the box with the special characters.
On Friday, April 24, 2020 at 3:24:18 PM UTC-7, Jason E wrote: > > I am having the exact same problem and have opened a ticket with our > support vendor. I will let you know if it yields any results. -Jason > > On Thursday, September 12, 2019 at 10:14:42 AM UTC-7, Sean Gottschalk > wrote: >> >> Hello, >> >> I'm using CAS 6.0.4 and I'm trying to do a SAML SP integration with AWS >> but it seems that having an attribute with name " >> https://aws.amazon.com/SAML/Attributes/SessionDuration"; causes CAS to >> fail when redirecting to itself after the initial authentication. >> >> I've been digging into how CAS builds the SAML response and it appears >> that the issue is related to the DefaultCasProtocolAttributeEncoder >> <https://github.com/apereo/cas/blob/9da2aceba83bfbef57f7a856efa8656d7013a028/core/cas-server-core-services-authentication/src/main/java/org/apereo/cas/authentication/support/DefaultCasProtocolAttributeEncoder.java#L103> >> >> and how it hex encodes attribute names that contain the ":" or "@" >> character. When it encodes " >> https://aws.amazon.com/SAML/Attributes/SessionDuration"; the resulting >> value is >> "68747470733a2f2f6177732e616d617a6f6e2e636f6d2f53414d4c2f417474726962757465732f53657373696f6e4475726174696f6e", >> >> so the resulting casServiceValidationSuccess response is as follows: >> >> >> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> <cas:authenticationSuccess> >> <cas:user>T9HpcKRRSSigqWVCNdViTqijyvQ=</cas:user> >> <cas:attributes> >> >> <cas:68747470733a2f2f6177732e616d617a6f6e2e636f6d2f53414d4c2f417474726962757465732f53657373696f6e4475726174696f6e>43200</cas:68747470733a2f2f6177732e616d617a6f6e2e636f6d2f53414d4c2f417474726962757465732f53657373696f6e4475726174696f6e> >> </cas:attributes> >> </cas:authenticationSuccess> >> </cas:serviceResponse> >> >> However, >> cas:68747470733a2f2f6177732e616d617a6f6e2e636f6d2f53414d4c2f417474726962757465732f53657373696f6e4475726174696f6e >> >> is not valid xml as the namespace string can only start with a letter or >> '_'. This causes Cas20ServiceTicketValidator.extractCustomAttributes(xml) >> to fail when it delegates to the cas-client's >> XmlUtils.getTextForElement(response, >> "authenticationFailure") >> <https://github.com/apereo/java-cas-client/blob/master/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidator.java#L165> >> . >> >> I'm not sure how to fix this issue as it seems like the encoding and >> decoding of attribute names are quite decoupled. Is there something that >> I'm missing with my configuration? >> > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/05fd228a-9cfe-442f-b354-9e57071c9588%40apereo.org.
