missing attributes in output from idpv3 /cas/serviceValidate

Marvin Addison marvin.addison at gmail.com
Thu Apr 7 07:33:59 EDT 2016

On Wed, Apr 6, 2016 at 3:56 PM Paul B. Henson <henson at cpp.edu> wrote:

> Any other thoughts on this?

Yes. The most likely explanation is that you have the releaseAttributes
property of ValidateConfiguration set to false:

    <bean id="CAS.ValidateConfiguration.default"

That flag exists to preserve string CAS 2.0 protocol compliance, which does
not define attributes. We actually do this at Virginia Tech because we
found that some services break under (large amounts) of attributes with
that turned on. It defaults to on, but it's possible you have turned it off.

Well, at least it _used_ to default to on. In reviewing source for this
thread, it appears that r8178 effectively flipped the default to false. So
assuming that analysis is correct, there's another explanation: you're
running a very recent snapshot with that change and it's breaking you.

Please let me know if either of those explains the behavior you're seeing.

I should also note that the "resolveAttributes" flag is ignored for the
/samlValidate endpoint in keeping with the behavior of other SAML endpoints
in the IdP where attributes are always resolved.

M <users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20160407/7ef4861f/attachment.html>

More information about the users mailing list